A Recap: How to Prepare for GDPR Compliance

"image with an arrow on a target meant to signify refined strategies for GDPR compliance.

#KatanaTalks is a series where we discuss everything from Media Buying to Machine Learning. We sit down with digital marketing professionals to predict changes within the industry and discuss how to leverage these changes to orient marketers and brands for success.

On our new installment of #KatanaTalks, we covered GDPR or General Data Protection Regulation. Katana’s Executive Chairman, Andreas Roell presented his tips and strategies for how you as a marketer can successfully prepare for May 25th, when GDPR goes into effect. For a brief breakdown of what GDPR is, check out our last piece.  We also have a SlideShare of this presentation and have labeled slides throughout this piece for you to refer to if you need more in-depth information. If you want to watch the full webinar to hear Andreas’ full commentary on the presentation slides, check out the video below:



To start here’s some cultural background on GDPR: In the European Union, the right to privacy is a fundamental human right and is taken seriously, more so than in the United States. Since past regulation of data privacy, such as Data Protection Directive of 1995  and Data Protection Act of 1998 don’t reflect newer technologies and online platforms such as social media, GDPR is seen as a necessity to the rights of E.U. citizens. While this legislation concerns data collection of E.U. citizens, the UK will be included under GDPR, despite exiting the union.

So…Why Should We in the U.S. Care?

There is a likelihood that the United States may pass a regulation like this. Currently, this country is behind when it comes to data privacy protections, but will certainly look to the E.U. as a benchmark. KATANA expects that this type of regulation won’t be passed for another 1-2 years. However, you should still prepare your business for this type of legislation anytime soon.

Another reason why businesses in the US should care is that even if you don’t do business within the E.U., you can’t predict how your business might expand. You don’t want to limit yourself by ignoring GDPR.

Where Do You Fall?

When it comes to where you fall under GDPR compliance, there are three main buckets:

  1. You have customers in the EU
  2. You have a physical presence in the EU
  3. You have a CRM that collects leads or website visitors from the EU

For the third bucket, this is highly applicable to many US companies who believe they do not need to worry about GDPR. If you have a CRM system that collects data from sources such as lead forms, cookie data, customer purchasing data, email newsletter subscribers, and you take advantage of this data, you fall under GDPR Compliance!

What Are the Key Pillars of GDPR?

  1. Empowering individuals with data rights [Slide 14]
  2. Providing individuals with consent & transparency [Slide 15]
  3. Establish accountability to entities gathering data [Slide 16]
  4. Create a conscious approach to privacy to require design [Slide 17]
  5. Require mandatory breach notifications [Slide 18]

Two Important People In the GDPR Process:

Controller: The person or organization that determines what is done with personal data and how it is managed. This means that they are responsible for compliance and liable for any GDPR violation.

Processor: The person or platform that helps the controller process the personal data (under the direction of the controller). This includes data for activation, insights, warehousing, etc.

KATANA’s predictions:

There will be a significant amount of violations after GDPR goes into effect on May 25th. Courts will vigilantly enforce the regulation, mostly targeting big (high revenue)  companies and organizations with an active E.U. customer base.

KATANA’s recommendations:  

We recommend working with a GDPR consultant, especially if you have a physical presence in the EU. Please note that full compliance will take around 6-8 months to implement. If you do not directly do business in E.U., it would be beneficial to implement at least the basic elements of GDPR. We believe that this basic level of compliance will be a deterrent for EU regulators during the initial state of confusion following May 25th.

Basic level compliance entails the following:

  • Appoint a data protection officer [30]
  • Create explicit consent forms [31]
  • Ensure you have timestamps to manage your data warehouse [32]
  • Have a cookie consent manager i.e. Cookiebot or OneTrust [33]
  • Update your Terms & Conditions [34]
  • Create a data flow mapping diagram [35]
  • Check compliance with your processors [36]

As always, if you’re uncertain about any aspect of the GDPR compliance process, don’t hesitate to contact us at letstalk@katana.media.

For more digital marketing news, trends and ideas, follow us on Medium at Katana Media. Tweet us your thoughts on GDPR @katana_media

Also published on Medium.