#KatanaTalks Presents: How to Prepare for GDPR Compliance

"picture of coins stacked to signify data, particularly data siloes and privacy under GDPR"

Curious about GDPR and where to start with compliance? Tune into our Twitter Live presentation #KatanaTalks: GDPR at 11:00 am on May 2nd. Watch Executive Chairman Andreas Roell present his tangible strategies to successfully prepare marketers for when GDPR goes into effect.

GDPR is going into effect on May 25th—but only 6% of businesses are prepared. We’ve got the quick facts on GDPR is, who it affects, and how marketers can prepare for compliance.

What is GDPR?

GDPR, which stands for General Data Protection Regulation, is a regulation that requires companies to obtain user consent before collecting personal data from E.U. citizens. The purpose of the legislation is to give power back to users. After May 25th, online consumers will have the freedom decide what data they give marketers authorization to collect. Personal data includes Device IDs, addresses, or cookie settings. GDPR does not only apply to companies residing in Europe, it’s relevant to any global entity that does business in Europe or collects data from E.U. citizens. If businesses do not comply with this regulation, the fines are hefty, amounting to as high as 25 million euros, or 4% of a company’s global gross revenue.

How does it affect marketers?


Marketers will need to study the legal grounds by which they can process and collect data. They need to understand how to properly get consent from users, and how to determine whether processing data is in a company’s “legitimate interest.” Consent is obtained only through devices or websites that have direct interaction with consumers. Marketers are responsible for creating and managing all consent requests. If these requests are approved, marketers gain access to the “data treasure chest.” These requests will be the most important communication between brand marketers and their prospective target audience. Learning how to format, organize and optimize consent request forms are useful skills marketers will need in order to succeed under GDPR.

Legitimate Interest Test

The “legitimate interest” legal ground is defined by the “benefit that accrues to a company from the lawful processing of personal data.” In other words, does collecting this data have any value to your business? We advise agencies and businesses to develop a rigorous test that measures whether the rights of the online consumer outweigh the interests of your business. This test depends on the unique qualities and needs of your business. An important question to ask is: Is this set of data worth spending days, possibly weeks, optimizing consent requests to gain access to it?

Existing Data

Data that marketers have already collected can be kept—but only if it was collected in a manner that meets the new standards of GDPR. Realistically, most marketers will need to do a thorough audit of their existing data inventory and get renewed consent for consumer data that doesn’t meet GDPR compliance permissions. A company-wide data inventory requires assessing which data is most valuable and would thus require “re-consent” campaigns. Format, length and aesthetic of consent forms can influence a user’s motivation to give authorization—any difference in context or design can create a significant impact on consent rates.

How can marketers succeed under GDPR compliance?

To start, hiring IT experts can rush the company data inventory process. Exposing and cleaning your existing data is an extensive process that requires the support of individuals with a strong knowledge of data management platforms (DMP’s). It may be a good idea for marketers to utilize “consent management systems” to keep track of consent requests to stay organized and efficient.
Marketers will succeed under GDPR compliance by also changing their outlook on it; they should view GDPR as putting users first, not as a hindrance to business goals and revenue. Ultimately, the agencies and brands who adopt this attitude and use consumer data in an ethical and honest manner won’t only be in compliance, they will thrive under GDPR.

Also published on Medium.