Getting Ready for GDPR
May 25 is nearly here, at the time of writing we are just a few weeks away from the deadline for the introduction of the new General Data Protection Regulation. Like most business, Mention Me has been on a journey of preparation; first understanding and then implementing the changes we’ve needed to remain compliant.
Mention Me is a software-as-a-service referral marketing platform. We integrate with retail and other eCommerce businesses, using some of their customers personal data to execute our service. With over 750,000 referrals on our platform and supporting 250 clients, being slow to get ready was never going to be our approach. We also have a culture of high quality and service, and we knew GDPR gave us an opportunity to demonstrate that to our clients and prospects.
So how did we do it?
The first step was appointing an in-house Head of Legal. In 2017, when we first started planning for the introduction of GDPR it was our CEO along with our Product Manager who were leading the charge. Being a team of 35, bringing our Legal function in-house is a big step (normally these roles come later in the lifecycle of a business) but one that has been key to delivering our GDPR roadmap.
Jamie, our Legal Officer, took over ownership of preparing for GDPR and his next step was to do a thorough review of all our processes and technology. He identified all the parts of our business that would be impacted, from the inner workings of our platform, to the customer-facing web pages, and other processes like our own email marketing efforts being driven by our Sales and Marketing Teams.
Simultaneously we realised that we would have to have a very strong and proactive approach for communicating the decisions and changes we were making to our clients and prospective clients. We started a series of email updates in August 2017 setting out how we intended to approach GDPR and our timelines. We have now sent all of these updates: in August, December, February and April. Each one has built on the last, providing more information and details. In our final message we wrapped up and refreshed on the 6 key processes each of our clients may want to understand under GDPR.
In October 2017 we started work on updating our product and our processes, putting Jamie’s plan into place. We’ve taken a step by step approach and tried to complete each task sequentially. Some of the changes we’ve made include:
- A new Data Processing Agreement
- Changes to the emails that we send
- Changes to how we sign-up people
- Changes to our customer journey in order to introduce the required data processing statements - including tweaking over 300 live client layouts to accommodate the new copy
- Under-the-hood work to more tightly manage the data we hold and to allow us and our clients to comply promptly and fully with GDPR-related data requests from individuals
We’ve attended several GDPR briefings and also joined several clients’ GDPR deep dives, helping them learn the new processes they will need to adopt.
GDPR has been a big, team-wide project here at Mention Me, spanning many months. We’re really excited about May 25th, having put in all this preparation. Being on the front-foot throughout our preparations has been worth the effort and we know our clients have drawn confidence from how well-prepared we are.