7 Essential Steps to GDPR Compliance

7 Essential Steps to GDPR Compliance


There’s no shortage of information and opinion out there about Europe’s new general data protection regulations (GDPR) and what they mean for the future of data-driven marketing. What is in short supply is clarity—because the regulations are complex and leave some room for interpretation.

That’s likely one reason many companies don’t realize the extent to which their business might be affected and haven’t done the necessary prep needed for uninterrupted operation after the May 25 deadline.

To help make sure you know what you need to do to be GDPR compliant, Sizmek researchers have pulled together seven key elements of GDPR compliance. You can get more details on these requirements in our white paper. Here’s a taste of what you’ll find out:

Step 1: Determine a legal basis for processing data

If you collect and process personal data from consumers, you need a “legal or lawful basis” for doing so—and you should document it in writing.

Step 2: Identify whether you are a data controller or data processor (or both)

A “data controller” determines the purpose and means by which personal data is processed, while a “data processor” is an entity that obtains, records, or subsequently uses that data to carry out operations at the instruction of the data controller. Each has distinct obligations under the law.

Step 3: Be prepared to respond to data subject rights requests

Under the GDPR, data subjects have the right to access, review, correct, and delete collected personal data and to easily revoke opt-in permission. Businesses must be able to comply quickly with these requests.

Find out the other four essential steps to help make sure you are fully GDPR compliant