Implementation of GDPR - practical workshop under Marketing Committee


On March 8, 2018, AmCham Marketing Committee organised a practical workshop on GDPR* implementation.

Structure of the workshop:

1. Briefing on legal requirements by Hana Gawlasová from Squire Patton Boggs

2. Lessons learnt from implementation process by project manager Zdeněk Maňák & online marketing manager David Vopelka from Česká Spořitelna

3. Case study - client vs. businessman - how to comunicate GDPR requirements in pro-business way? - participants played roles of clients and businessmen;  organised  by Emil Jimenez from Passions Communications & supervised by Hana Gawlasová

*GDPR = General Data Protection Regulation. Your business approach has to be compliant from May 25, 2018


Highlights from the workshop:

•    Hana Gawlasová from Squire Patton Boggs Prague:

  • Accountability is a leading principle of GDPR
  • Viewing GDPR as a risk based regulation
  • GDPR wants us to be aware in a real time about personal datas - where do we have them, how they are secured etc.
  • Recommendation: Use of "Double click" - ask your customers twice in a slightly different way
  • Summary:
        1. map the processes
        2. surround the processes with documentation
        3. train the staff

•    Zdeněk Maňák and David Vopelka from Česká Spořitelna:

  • One Data protection officer (DPO) for one country
  • ePrivacy as a next step in Personal data protection: probably even more "unknown" area for people in marketing

•    Emil Jimenez from Passion Communications:

3 easy steps to get your marketing GDPR compliant
The GDPR event that took place this past Thursday outlined some of the legal hurdles and IT challenges marketers face to become GDPR compliant. Although the challenges are complex, according to Emil Jimenez of Passion Communications, the solutions can be simplified if markets keep one word in mind, "transparency".

Step #1: What, Where, and Why
Business need to be transparent with customers as to what data they are using, where they are storing it, and why. As markets, we must make it clear for customers that the data is being stored in order to offer a better experience and better products.

Step #2: Control and Consent
The essence of data protection is that the customer has control of what data you can collect and they must give clear consent that you can use this data. Therefore, business must separate each reason for the data collection and allow customers to pick and choose what types of communication or services they are open to receive based on their personal data. We saw a good example of this from Twitter on the slide presentation by Hana Gawlasová from Squire Patton Boggs on the AmCham's GDPR event. You could clearly see that Twitter divided all of their services and gave the user control and the ability to consent what portions of data services they are open to receive.

Step #3 Have the technology in place
If you are an enterprise business such as Česká Spořitelna, the implementation of GDPR can be managed with in-house resources. However, SMBs must rely on third party CRM solutions to become GDPR compliant. Tools like Mailchimp, HubSpot, or Salesforce have existing features which help your business make this digital transition to GDPR compliance. Another tool which was pointed out in the UNYP example was the possibility of bringing your past and present customers over to a mobile application like PASSION1 and creating a mini LinkedIn community for your customers. By using an application for marketing and communication purposes you give control and consent to your customer every time they open the application and can offer more value through personalization.

In conclusion, there are many ways to solve this problem and business must understand what data you currently have on file and what resources you have available to make your digital transition to GDPR compliance.


About Amcham

country profile

Twitter feed