< return to blog

DMX Part 2 – GDPR is a four letter word 

The second instalment reviewing DMX Dublin - where we deep dive into GDPR and its implications for B2B Marketing ...

Threesixty hit the DMX Dublin event at the Aviva Stadium on Wed 14th March – with a view to gleaning a few insights and ideas on the future of Digital Marketing – particularly in relation to the B2B market. This post is the second instalment – you can read the first one here


The room was packed with eager attendees at Evelyn Wolf from Business Brew’s talk on ‘GDPR and why it won’t kill your marketing funnel”. There were many cameras in action, videoing the whole session. Evelyn untangled the jargon around the GDPR and outlined ways in which it will affect marketing day-to-day.


The GDPR (which stands for General Data Protection Regulation) came about in order to harmonise data protection rules across the EU, giving individuals control over their personal data and providing a framework for the emerging digital economy. Its aim is to put measures in place to protect personal data.


What is Personal Data?

GPDR defines it as “Any information relating to an identified or identifiable natural person”. This could mean an email address, a social security number, a bank account – any information which is linked to a person, and could identify that person. So for example, the email address ‘[email protected]’ would not be considered personal data, as there is no way to identify a person from it. However ‘[email protected]’ would be considered personal data.


The GDPR outlines clear rules for handling personal data. These are known as ‘processing principles’ and are as follows:

  • Processing has to be lawful, fair and transparent.
    • According to EU law, EU conventions of Human Rights
    • Transparent: Your intended audience should understand what you’re doing with this data.
  • Limit processing to the original purpose
  • Don’t collect more data than you need
  • Data should be accurate
  • Only keep data as long as you need (and explain this to your data subjects)
  • Make sure you keep the data secure
  • Accountability: responsibility and demonstrate compliance


Threesixty GDPR is a four letter word


So what do we need to do first?


Understand all your data processes. Create a process inventory.

  • Review all marketing and sales tactics that involve data
  • Understand clearly for each process:
    • The purpose of processing
    • How data is processed (security)
    • Who controls it and has access to it
    • What data you collect
    • Your usage intention
    • How long you hold it for
    • How risky the process
  • Develop a gap analysis and work on closing each gap.


One of the next steps could be to clean your database, and ensure your contact forms are updated (pre-ticked opt-in boxes are no longer allowed) . Manage your opt-ins for current and potential new contacts. Update your privacy policy on your website with opt-out and compliant information. Document this whole process.


Other points Evelyn made related to handling data:

  • Avoid exports from CRM systems
  • Don’t forward lists via email
  • Only share data if your contacts have consented to this beforehand
  • Don’t buy leads


Our Take Out: GPDR is approaching fast, (25th May!) so now is the time to work out your Data Processing Strategy. First up we would recommend a clean up of email marketing databases and ensuring all privacy policies, user agreements and terms of use are up to date – you can contact us for help with that. One thing that wasn’t covered in this session was how best to manage employee data … but that’s another blog post!


It was a great event, with a huge turnout. We left with some great insights and ideas and look forward to the next DMX Dublin.