GDPR Resources List

GDPR Resource List For B2B Technology Organizations

GDPR is about accountability for how organizations use personal data. It’s about being responsible and complying with EU regulations.  It’s also sensible, good business practice.  This article is a set of resources to help demystifying GDPR for B2B business leaders and marketers.


On May 25, 2018 the GDPR (General Data Protection Regulation) comes into force for organizations doing business in the European Union.  It applies to all  organizations based in the EU, and those who provide services, sales, communicate with or monitor the behaviour of people who reside in the EU.  Here’s the resource list to get you started. For each item there are four sections;

  1. what it’s good for to put the resource into context,
  2. the data source so you have a perspective on reliability, and
  3. a suggestion action to take (research information should alway drive action or change)
  4. with a time estimate of how long you’ll need.

An Introduction to GDPR

  • Good For: Getting started. This 11 page overview maps out a path to GDPR compliance and good behaviour.
  • Data Source: the official Irish Data Protection Commissioner. If you prefer your own country (or language) see the bottom of this page.
  • Summary: GDPR is about being transparent on how your organization is “using and safeguarding personal data, and … demonstrat[ing] accountability for data processing activities”.
    • An example of personal data is: an email address collected on your website or at a tradeshow.
    • An example of transparency is: informing website visitors how you use their information in data privacy notices such as via pop-up with  ‘click to accept’ notice on your website.
  • Take Action: Review The 12 Step Introduction Checklist of GDPR
  • How Long: ~10 Minutes

The Principles of GDPR

  • Good For: Getting a handle on the core ideas. Included in this McKinsey article is a tidy graphic outlining the key principles of GDPR. Larger organizations may also find the rest of the article informative (albeit written in a scary tone!). Process persona data:
    • in principles of lawfulness, fairness, and transparency;
    • for specified, explicit and legitimate purposes. i.e. “purpose limitation”;
    • with a view to data minimisation,;
    • with a view to ensuring it’s kept current and accurate;
    • such that data is kept for no longer than is necessary (storage limitation); and anonymisation / deletion is encouraged
    • in a manner that ensures appropriate security for integrity and confidentiality.
  • Data Source: McKinsey Consulting Quoting the EU Regulation, & FutureLearn.
  • Take Action: Review The GDPR Principles Table By McKinsey
  • How Long: ~2 Minutes

GDPR Key Terms

  • Good For: Getting grounded in the lingo.
    • Privacy by Design: “consider privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data.” In other words, the default approach is to assume the privacy of personal data.
    • Personal Data: “any information relating to an identified or identifiable natural person.” An example would be a photo or an someone’s email address.
    • Data Controller: the person or organisation who decides the purposes for which, and the means by which, personal data is processed. The ‘purpose’ of processing data involves ‘why’ the personal data is processed, and the ‘means’ involves ‘how’ the data is processed.
    • Data Processor: A person or legal organisation that processes personal data on the behalf of a data controller. Processing includes storing and transmitting data.
    • Data Subject: A data subject is the individual to whom the personal data relates.
  • Data Source: The Irish Data Protection Regulator
  • Take Action: Become Familar With Those 5 Terms.
  • How Long: Look at those 5 terms again, …then you’re done! 🙂

GDPR Action Plan Template

  • Good For: Getting started with an action plan tailored to SMEs. (See also the NGO source below which has a wonderful checklist within top 10 tips)
  • Data Source: The Irish Data Protection Regulator
  • Take Action: Download The Template For SMEs To Prepare For GDPR
  • How Long: ~1 Minute To Download, ~10 Minutes To Review
Exceprt From the Data Protection Commissioners GDPR Checklist for SMEs – Click For A Larger Version

GDPR and Online Software Data Services

    • Good For: Organizations that uses software as a service tools. The template and checklists guide to you considering where data is housed and processed.   For example here is MailChimp on GDPR,  SurveyMonkey on GDPR and Facebook on GDPR (used by JEM 9).  In many cases these well established organizations are your best partner.  For example MailChimp; keeps track of when someone subscribed or was added to the list, and also provide a mandatory easy unsubscribe option on every email you send.
    • Data Source: Various
    • Take Action: Check Who Houses Your Data & Review Their Data Policies (as part of your broader review)
    • How Long: ~It Depends
MailChimp – Choosing the link “Why Did I Get This?” provides the subscriber with information.

GDPR Comprehensive Overview

  • Good For: Understanding the underlying principles and plenty of excellent GDPR examples for all but the largest organizations. EXCELLENT ACCESSIBLE RESOURCE!!
  • Data Source: Suzanne Dribble, a data protection business law expert who learnt her trade at the world’s largest law firm.
  • Take Action: Watch GDPR On-demand Webinar
  • How Long: ~2 Hours

An alternative is the Online General GDPR Webinar and associated course by FutureLearn (designed by  Faculty of Law at the University of Groningen).

GDPR Through The Sales Cycle

  • Good For: Placing data protection (and principles) in the marketing communications and sales context.  This graphic enables you to quickly identify which teams, people and processes are likely impacted by GDPR.
  • Data Source: Hubspot Online Sales & Marketing Communications Software
  • Take Action: View the GDPR Marcom Flow Graphic
  • How Long: ~2 Minutes

GDPR For Non-profit Communications

  • Good For: Non-profits and anyone else trying to get a handle on GDPR this is a wonderful resource for communicating with stakeholders in all forms.  It’s an accessible document which includes a wonderfully sensible list of questions in tip 1 of their “top 10 tips”.
  • Data Source: The Wheel is a leading support and representative body connecting community, voluntary organisations and charities across Ireland.
  • Take Action: Read The Wheel’s Guide For Non-Profits
  • How Long: ~1 Hour

Getting GDPR Questions Answered

  • Good For: Answering GDPR questions of online and smaller businesses.
  • Data Source: the group is run by Suzanne Dribble, a data protection business law expert who learnt her trade at the world’s largest law firm. This group and Suzanne’s videos answer many questions; rated “hugely useful”!

To join the group you agree to the following (which is so clever and I just love!): “Please confirm that you will read the pinned post (that will give you a simple introduction to GDPR compliance) before you ask questions in the group.”

GDPR And “Legitimate Interest”

  • Good For: When your organization, via your product development and marketing communciations team for example, (i.e. you as the data controller), has an existing “relevant and appropriate relationship”  with clients or prospective clients (the data subject).  You may not need to reconfirm in order to communicate with data subjects.  It’s about “balancing  your interest and their interest”: be sensible.
    • An example might be; making clients aware of an upgrade or improvements to a product that the data subject previously purchased from you.
    • Another example might be: if someone signs up for a conference, you have a legitimate interest in providing information about that conference.
    • A related example might be: if someone purchases something from you and you want to send them updated shipping information. (Strictly speaking this fall under contract law but I find it a useful example from the point of view of demonstrating ‘balanced interest’.)
  • Data Source: Marketing Week  is a UK registered organization providing news and information for marketing, advertising and media professionals.
  • Take Action: Learn More About Legitimate Interest For Marcom Professionals.
  • How Long: ~1 Hour

GDPR & Fresh Consent: Do I Need To Ask Again?

  • Good For: Understanding how to approach your existing data. If the data was collected in a manner that complies with GDPR, there is no need to ask again; but the thing is you need to be sure that consent was explicit and is verifiable!  Typically this will include things like:
    • opt in (such as clicking on ‘I agree’ or ‘Sign Me Up’),
    • the ability to withdraw any time (such as an easy unsubscribe), and
    • data policies that explain how data is used (such as a privacy policy).  If you need to ask again, you must do so before May 28th.
  • Data Source: Various.
  • Take Action: Check How Personal Data Was Collected OR Get Fresh Consent.
  • How Long: It Depends.

GDPR For Independent Market Researchers

List Of European Union Data Protection Authorities

Disclaimer: these resources are provided to help get you started with GDPR. Please use official sources and informed legal advice for decision making.  N. B. the rules are very different for those with more than 250 employees and for sensitive personal data such as sexual orientation. So do the right thing by your customers and prospects by treating their data carefully, and use GDPR to ensure your data stays in order.


For independent expert advice on better understanding customers, contact Jane.


About Jane Morgan

With 20 years high-tech marketing & product development experience from Boston to Billund, Berlin to Bangalore, Jane has managed teams and tech products with millions of installs, and millions of revenue (annually). She's researched and developed market strategy for global markets, and established the blueprint for product management in many new teams. As an intrapreneur turned entrepreneur, she changed vowels in 2014 and founded JEM 9 Marketing Consultancy. Today she works with CEOs & business leaders to assist them in understanding and reaching customers. Speaker on market research, technology marketing and product management.