While 63% of millennials and 58% of Gen X consumers are willing to provide personal data to companies in exchange for personalized offers and discounts, those companies still have to follow regulations governing that data. The General Data Protection Regulation (GDPR) that takes effect on May 25th is one example of such legislation.


The GDPR regulates how companies collect, store, transfer, or use data from individuals residing in the European Union (EU). That means marketers are under the microscope, especially considering the increasing number of ways brands can capture, unify, and activate data.


To prepare for the approaching GDPR deadline on May 25th, we teamed up with PwC, one of the world's largest professional services firm, to pinpoint four steps companies can take to ensure they’re on the right path to GDPR compliance.


1. Establish a GDPR Sponsor


Getting someone to devote the resources, funding, and effort it takes to get a company to the point of GDPR compliance usually starts at the executive level. However, this doesn’t just mean that a company needs to get passive buy-in from a Chief Privacy Officer, general counsel, or Chief Marketing Officer. The sponsor should be the active — and even hands-on — party responsible for overseeing the GDPR readiness program.


2. Create a GDPR Steering Committee


Even though a company may have an executive sponsor, it’s beneficial to have a team of people tackling different tasks on the path to GDPR compliance. The steering committee should consist of those with the resources to actually implement a GDPR readiness program.



GDPR doesn’t affect just one segment of a company, so when creating a committee, it’s beneficial to have involvement across marketing, sales, IT, legal, HR, and more.


3. Establish a Framework for Program Structure


Because there may be a large, cross-functional committee, there will be many moving parts. The next step, then, is to establish a comprehensive guide detailing roles and responsibilities of everyone on the steering committee, along with anyone who will need to be pulled in to help from different business units (for example, a subject matter expert from the web development team).


4. Identify Privacy Touchpoints


Consumer data may touch many parts of an organization, so setting up workstreams with the help of a project manager can keep the process of getting to GDPR compliance organized. Identifying the analysts, engineers, and other data stewards early in the compliance process sets the stage for long-term readiness when a company implements new software, wants to use data in a new way, or brings on a third-party that touches consumer and employee data.


Once a company’s GDPR compliance train starts rolling, it’s important to keep it on track because there are many ways the process can get derailed. Learn more about how to prepare for GDPR — and the roadblocks that may come with it — in our "First Four Steps to GDPR Readiness" video. Get more information and watch the video here.


This article was created in collaboration with Jocelyn Aqua, a Principal with PwC's Cybersecurity & Privacy practice.