In two months’ time the GDPR will introduce far more stringent data laws designed to bolster the security of individuals in the EU, while strengthening the integrity of business in the global digital economy.

Some bosses may have their heads buried in the sand, others may be utterly confused. While both these stances are understandable, ignorance is simply not an option.

Not every firm is going to be 100% GDPR compliant come May 25th, but the regulator needs to see that your organisational journey to adherence to the new standards is underway.

As front line data handlers, marketers have to get their game faces on, and this starts with awareness of how individual rights will change under the new legislative climate. Below is a brief summary of what you need to know.

The right to be informed

Data subjects will have to be demonstrably made aware of the full implications of supplying their data to an organisation.

This should be established through a data privacy notice, explaining the identity of the organisation processing the data (the data controller), why the information is needed for processing and any further details the circumstances demand so that data processing remains fair.

Access and amendment

Data subjects will also have the right to access the data held on them, without charge. Individuals should be able to get hold of their details electronically and in an efficient way. This carries into the right to amend personal data, should records be inaccurate or incomplete.

The right to be forgotten

This will be a fundamental aspect of the GDPR, obliging companies to have an efficient way to delete personal data safely and securely. This should occur if user consents expire or if that personal data is no longer needed. The data may also be erased upon legal request.

Restricted processing

Data subjects have the right to restrict the processing of their personal data, according the ICO, if the accuracy of that data is contested and needs to be verified. An individual might also oppose the deletion of their personal data, and instead request that it be restricted.

Third parties also involved in the data processing will also need to be informed about any ongoing restrictions.


Under the GDPR, data subjects will have the right to data portability, meaning personal data can be used through various services for the individual’s own purposes. This only applies to personal data that an individual has given to a data controller, and if said processing is automated.

Under this right, personal data can be seamlessly transferred through IT environments safely and securely. This must also be provided free of charge.

The right to object

After May 25th, data subjects will be able to opt out of direct marketing, and legitimate-interest data processing. Certain research and statistics-orientated processing will similarly be called to a halt if individuals request it.

Beyond having tools in place that allow data to be stored, handled and deleted efficiently, business owners have to educate their marketing teams and broader staff pools so that each individual within an organisation becomes a watchdog of data privacy.

Get on top of the debate

Marketing and the rights of the individual will be examined in detail at the GDPR Summit London, coming to 155 Bishopsgate on Monday, April 23rd.

Supported by the University of Reading’s Henley Business School, GDPR Summit London will see industry leaders unpack the GPDR across three keynote theatres: GDPR Roadmap, Roadmap for Sales and Marketing, and GDPR HR Briefing.

Delegates can expect a day full of insight, actionable insight and live debate on all the key issues of the forthcoming Regulation.

To book your ticket, or to see the agenda in full, click here.

By Michael Burne, Features Editor, GDPR Report

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus