Home » Operations » Best Practices & Benchmarking in Operations

Getting to grips with the GDPR

CTMfile previously wrote about how much General Data Protection Regulation could cost your company, see, up to £5 billion in fines for the FTSE 100. Here’s the essential guide: Getting to grips with GDPR: A B2B marketers guide from B2B Marketing which details corporates exactly what they need to do to be compliant the day after the law comes into force. In this guide they set out to provide,  “an overview of the regulation, and its potential implications, condensing the key areas B2B marketers need to be aware of, distilling the advice that is out there, and providing some practical action to consider in preparation – with the caveat that even with fewer than 12 months to go until it is enacted there is still much interpretation and advice to be provided by regulators.”

This guide defines personal data and lists the six principles which underpin GDPR, that personal data should be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
  2. Collected for specified, explicit and legitimate purposes and not processed beyond those.
  3. Adequate, relevant and limited to what’s necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data are processed.
  6. Processed in a manner that ensures appropriate security of the personal data.

Checklists and advice

The report focuses on the critical action areas: the basics, legal grounds, consent and individual rights.

There are  ‘what do now’ checklists:

  • General steps: 
    • Carry out an information audit
    • Raise awareness within your organisation
    • Review your privacy policies and statements
    • Assess your policies and procedures
    • Get in touch with your technology providers
    • Find out whether you will need to appoint a data protection officer
    • Look out for updated guidance
    • Be careful.
  • Legal Consent
  • Individual rights
  • Security and data breaches.


The report is ruthlessly detailed on “what you should have done by:"

  • September 2017
  • February 2018
  • 25 May 2018 they explain how corporates will need to have:
    • Put in place all systems and processes needed to become GDPR compliant.
    • Completed your initial database re-engagement activity, with a final push warning those who do not confirm their consent will not receive any further communication.

CTMfile take: Essential reading for all department heads in MNCs, even corporate treasury departments, if you want to avoid the huge fines.

This item appears in the following sections:
Best Practices & Benchmarking in Operations
Control & Compliance in Operations

Also see


No comment yet, why not be the first?

Add a comment