How marketing and IT departments can work together to comply with GDPR

The general data protection regulation (GDPR) is set to reshape how data is used and collected by businesses.

For marketers, this means completely changing the practices and procedures currently in place to comply with the legislation.

Here, Nigel Crockford, Business Development Manager at data security specialist eSpida, explains how marketing and IT departments can work together to prepare for the GDPR.

Giving greater rights to individuals across the European Union (EU), the GDPR states that, as of May 2018, businesses must obtain explicit consent from consumers to use and process their data.

How the data will be used, and for what purpose, must be clearly outlined to the consumer before signing up and must not be written into the terms and conditions as is currently common practice.

The ways in which the GDPR will affect how current operations are conducted will vary from business to business and marketing is just one department that needs to be aligned with the regulation.

To achieve compliance, businesses can streamline their processes by having departments work together simultaneously.

With the increased use of social media and other digital platforms, a lot of the marketing role involves working with online assets.

Businesses should therefore look to have marketing departments work collaboratively with their company’s IT department.

In fact, a survey from Econsultancy found that 78% of IT professionals believe they should work closely with marketing teams to meet business objectives.

We are already seeing this collaboration between marketers and IT staff begin to take shape. For example, an increasing number of marketers are producing downloadable assets that, with the help of IT departments, are locked behind subscription walls.

Marketers use this to capture contacts and add them to e-mail marketing lists — a practice that will need to change in light of GDPR.

Despite marketing and IT departments both playing pivotal roles in a business’s success, there is often a disconnect between the two. For example, if a marketing team is operating on an online platform without the IT department knowing and no security measures are in place, the company could encounter several cyber-threats.

If an IT security team knows what assets are being used by the company’s marketing team, then it can be vigilant and prepare against common and recorded attacks that have occurred in those areas.

Businesses can then consider taking additional steps to avoid the detrimental impact cyber breaches can have on reputation and customers.

Exploit prevention software, for example, is designed to protect applications and files that are prone to attacks. Instead of examining millions of known malware samples, the software focuses on a smaller collection of techniques that are used to spread malware.

As marketing departments conduct regular and systematic monitoring of individual data, companies will now also be required to employ a data protection officer (DPO).

The role of the DPO is to help businesses comply with the data protection law, by working with their data processing teams to eliminate many of the risks organisations face when managing data.

Marketers should also look to GDPR specialists to eliminate discrepancies and ensure compliance with the regulation.

This is particularly important as, unlike the current data privacy regulatory directive, the GDPR is legally binding and failure to comply can lead to fines of either up to €20 million or 4% of a business’s global turnover.

With such a broad selection of processes within marketing departments being subject to GDPR, businesses will undoubtedly encounter compliance challenges after May 25, 2018.

With harsh financial penalties at stake, businesses should look to bring all areas of their business together, including marketing and IT departments, to make their data processes as transparent as possible.