Get creative with GDPR

Get creative with GDPR

From a marketers perspective, GDPR compliance can be both complicated and a bit daunting. By putting yourself in your customers shoes and viewing this from their perspective and approaching this with some creativity may actually gain you a competitive advantage.

To give you a few ideas how you can use the channels that you own (your website and newsletters), here are some of the activities I would have done to future proof my marketing and in the same time make it easy for my customer.


Useful online resources for clarity on GDPR


Originally I wrote this piece on the topic of GDPR, however since the legislation is still unclear and I suspect more clarity will arise after the 25 May, I decided to break out the resource section from the post as it’s growing and it’s becoming a bit of hassle to update.

From now on I’ll keep adding my links here in this post, and I hope these will help you as well, to find either answers or the next path to investigate further for your own GDPR questions.

Date updated: 13/2/2018  

HubSpots GDPR checklist.

This is  great checklist which even covers which department you need to involve for which step – GDPR Compliance Checklist from Latham & Watkins

The Guardian breaks down GDPR in a very informative article from a UK perspective.

The image above is from Tieto, which I think has made a great infographic covering the basics of GDPR.

The EU’s own overview of key changes 

Wired’s article about GDPR and what you need to know

Recital 30 of the GDPR legislation in PDF format 


Articles of interest

GDPR in force, but do we need to be compliant already? 



GDPR and cookies 

GDPR and cookies by Preoday



Mailchimps guide to GDPR 

Mailchimps statement on GDPR + Mailchimp


Examples of Data Processing Addendum documentation

Mailchimps DPA sample 

Image copyright:

Two days of data


My work comes with some perks, one of them is being invited to attend events on topics that I think is very interesting and other might deem as a bit nerdy. I thrive when I get to leave my computer and get outside the office, meet new people and listen to seminars on topics that I’m interested in and get new perspectives and knowledge. This enriches my own work.

Last week I attended two events in Stockholm, where I first spend half a day with a company that I worked with that sells customer profiling data (Mosaic and Orvesto customer data). This type of data, as far as I’m both informed and know it’s not included in the new GDPR legislation as Orvesto (local Swedish survey tool) is based on probability and is voluntary to participate in. The mosaic customer profiling data, is using it’s own segmentation information based on specific parameters and is based on probability based on the area/address where the person lives. This can then be used in various ways. From programmatic buying to building segmentation models, making selections for truly data driven initiatives.

To move on to the event. The topic of the day was data driven communication and this is a topic that I personally find very interesting. As it combines rational and emotional elements to create for marketing.

My own key takeaways from the Insight Expo:

  • With the vast amounts of data that is generated everyday, as with everything a purpose and goal behind the accumulation of and use of data helps you both to focus and to reduce data.
  • How and when to utilise slow and fast data and where it can be useful to combine them.
  • Examples of how to go from data strategy to operational action, with several examples throughout the day, as the red thread.
  • The most valuable for me was to get out there and listen, join conversations that helps me get back into my work with a fresh perspective and mindset.

The second seminar that I attended was a seminar on GDPR. As I’ve worked with Stena Line and in a position where I was highly involved in the preparation work for this new updated legislation for the market. I want to stay updated on the topic as it’s a responsibility for me, being a digital consultant within marketing, using data for more effectiveness, to futureproof any work and take this responsibility seriously.

My own key takeaways from GDPR with this event:

  • I was relived to get this information in Swedish as all the other information I’ve received both at my former workplace and in my own research online is in English. Don’t get me wrong, I’m very comfortable using English, even more so. But I need to be able to transcend and translate this information to Swedish and how it fits different businesses. Legal terms in Swedish are complicated.
  • Arvato went through the basics, the 7 principles and the foundations of GDPR in a structured, easy to assimilate way. The seminar ended with actions and checklists, which offered the attendees a framework to use for their own organisations.

The two seminars I attended walks hand in hand. Data is the new oil and utilized properly it can move a business forward towards their goals, by being relevant and identifying customers who are ready to buy a product or service, or just by being useful at the right moment.

And GDPR is a way to bring more structure into the world of now free flowing personal information and data, to get the companies that handles personal data to take more responsibility and be more transparent of what the data is used for, why. And hopefully our Apple Terms and Conditions will be shorter and more user friendly after den 25th May 2018! 😉

What is GDPR and how it effects your business


The updated GDPR legislation from the EU is just around the corner, and it unites marketing, IT and legal departments across the EU.

Sine I myself work with data, marketing and communication, I’ve been keen to educate myself on tis topic and this is my guide to the very basics, need to know about GDPR and what you need to be aware of from the marketers perspective in regards to GDPR. Knowledge is as someone famous and clever said – is power as there are so many interpretations of this law, that there are people.

The law is a much bigger organisational question then how do I manage my newsletter subscribers and list. It’s about taking full responsibility for your customers data.

Date updated: 14/1/2018

(I will continue to update this post as I learn and discover more facts, opportunities and resources on the subject of GDPR)

What is it?
GDPR stands for General Data Protection Regulation. It’s a European law (from the European Parliament so this only effects countries within the European Union) which purpose is to protect data for all the citizens within the European Union.

When does it start to take effect?
The new updated legislation was passed in April 2016 and it has a two years transition period and will start to take effect in May 2018. Hence all the recent awareness about the new legislation. The data protection directive was however already established in 1995.

How does it effect your business?
If you conduct business within the European Union, you need to comply with this law. So let’s break it down into smaller chunks;



  • If you track IP-addresses and/or cookies – you need to comply with this law
  • Personal data – any data that has to do with people in any way, shape or form (from IP-addresses to mobile device identities)
  • People under the age of 18, you are not able to store data on (I’m unsure about this one, and I need more information)



  • Does this mean that this is everything you need to do and know when doing business/owning platforms within European Union? No, local data laws still complies, on top of this.


Marketing and communication

  • You need to ensure that your customer have made an active choice in hearing from you – that your customer/lead has actively given their consent for your company to use their data

At the moment of writing this, from a Swedish perspective, it seems like the regulation is unclear about weather the customers who have made an active choice before may 2018 to hear from your company – per say signed up for a newsletter, that you may keep that data after may 2018. Or if you actually need a renewed and updated consent from these customers.


  • Companies need to have a time stamp of the data and consent.
  • Your company are now required to document the life cycle of the data, your data processing process (for example profiling etc) and the namnes of people handling the data and ensure to keep updated contact details to reach them.

What actions do you need to take?

  • You need to look over all your policy and terms and conditions that are presented to customers and concerns both them and your communication with them.
  • Your company need to ensure that you store personal data in such a way that it’s encrypted, safe and that you have processes and protocols in place to protect personal data in a safe way.
  • You need to be able to ensure that your company can erase or transfer data, upon a individuals request.
  • Should your company handle large amounts of personal data your company now needs a Data Protection Officer.

What is the work-around?

  • If you have data that there is no way that you can identify and individual from. (NB – I need more background information on the particulars of this)


What happens if you do not comply to this or some of the points covered in the legislation?

  • Companies that does not comply with this regulation can get fined for this – the most severe fine is 4% of your company actual global turnover. Less serious breaches will only incuur 2% – of your company global turnover.


Useful GDPR resources:

HubSpots GDPR checklist.

This is  great checklist which even covers which department you need to involve for which step – GDPR Compliance Checklist from Latham & Watkins

The Guardian breaks down GDPR in a very informative article from a UK perspective.

The image above is from Tieto, which I think has made a great infographic covering the basics of GDPR.

The EU’s own overview of key changes 

Wired’s article about GDPR and what you need to know

GDPR and cookies 

Recital 30 of the GDPR legislation in PDF format 

GDPR and cookies by Preoday