GDPR is a business and marketing opportunity

Some good friends are lawyers. But I don’t ask them to run my business, why would they want to? As a business angel, and company director, I believe in getting appropriate legal help, but I don’t abdicate my role. With GDPR becoming law in 2018 we need legal and expert help. But this is not a an exclusive legal project. GDPR is a big commercial opportunity. And sure, as with and business situation there is a risk. But why the obsession with fines to the complete exclusion of the pportunity? GDPR is a business and marketing opportunity. 

GDPR The Commercial Opportunity

You may have to contact businesses, prospects, customers, competitors to renew your database. Use this to make offers. It will cost money if your data is not GDPR compliant, but you have no choice anyway. Invest to grow. Work out a series of campaigns. Work out who should receive what message. Clearly not all people are targets for the same message, but it can be an opportunity to spread an integrated, shared story across clients and companies. Let me be clear. In some instances it will not be appropriate to do this. But in others it will.  

The Marketing Opportunity


The commercial opportunity is part of the marketing opportunity. However more broadly, I’d say, stop and think for a moment. What we are talking about here is personal data, people. When any of us started a business we had people in mind as those we were trying to excite with our services and products. Surely that should be the starting point now. Engaging people, in a conversation. So here are my thoughts for a marketing approach to GDPR: 

·        Segmentation is always the starting point for me: divide the database into groups.

·        Is there old data, people who we do not want to engage with any longer? If so, then delete

·        Work out your key ideal customer personas i.e. profile targets.

·        What do we have online for example on the company website, if people visit during our contact process, to check out our credentials, does it match what we are saying? We need to be authentic.

·        Decide the contact process – see consent section below.

·        I believe it’s great news for marketing:

o   A chance to clear out old “rubbish” data.

o   An excuse (frankly) to clearly ask prospects and customers “do you want to stay connected?”. How often do we strain our minds for excuses to contact people!!

o   Marketing complain about not having budgets. Companies MUST resource this or face the consequences.

Mark Gracey our expert on GDPR delivers a CIM Dorset Practical Guidance presentation event on 8th November.



I am involved in a charity, commercial businesses and not-for-profit organisations. The requirements may vary. But in essence, marketers are more concerned than other people with getting consent from individuals. What strikes me in all the mass of online advice, is that it depends who is giving it. This alters the emphasis the expert gives to certain aspects of GDPR. For example whether it be a digital agency, cyber security company, a charity sector specialist and so on. I am not going into detail here, there’s more on our GDPR article. But the companies we work with adopt simple processes including the following steps: 

·        Who to contact

·        How to contact them: written, email, face to face or phone

·        What to get authorised, i.e. scope for example an email update and separately a newsletter

·        Ensuring they get consent for specific items

·        How to record it / the items

·        How long it will last before it needs to be renewed



Ongoing customer relationships and contracts together with consent form part of data processing.


Suppliers and Processors

You need to take responsibility for someone or organisations processing data.



This intrigues me. There is quite a lot in GDPR on automation. The danger for example that financial credit may be refused because of an automated procedure. This could cause a financial provider problems under GDPR. Equally marketing automation annoying customers. Anything which is thoughtless use of data. Again, I’d make the point: it takes someone with marketing experience to understand this; to know how clumsy marketing automation can be. Any tool is as good or bad as the user. Marketing automation is huge. So we need to be careful.


These are just some ideas, not exhaustive. Why do so many directors abdicate their responsibilities and not understand the “stuff” they need to?  I am all for working with experts. We work with the excellent Mark Gracey from Flavoury Digital GDPR expert. You can see Mark at the CIM Dorset Practical Guidance presentation event on 8th November. We also work with Leon Thompson, of Jigsaw Compliance Services Ltd an expert in the financial services compliance world – an old colleague from Abbey Life plc days when I was a director there. BUT…I make it my business to understand what to do for our business, so we have our own Data Protection Officer, Action Plans, and processes. Use experts and lawyers, but take control. And enjoy the commercial and marketing opportunity that is GDPR.

Peter Eales BA Hons Chartered Marketer FCIM FIDM
Founder Director Dorset Business Angels
MD o i solutions limited

Posted in Blog.