Why I’m becoming a Certified Information Privacy Professional before the GDPR deadline

Nikita Smits by Nikita Smits   27 Oct


 Untwisting GDPR Marketing problems.png

I’ve spent the last two days in a classroom with a very diverse group of people. There was an administrative employee of a hospital, an IT security manager from a large telecom provider, a manager from a large consultancy firm, someone from the city council Amsterdam, the legal counsel for a large webshop, someone who is working towards becoming a DPO and finally people who, I have missed the details, work with farmers and wanted to know if the unique identification number on cows should be regarded as personal information (The answer is yes, in case you were wondering the same.)

 As marketers, we cannot ignore GPDR like some of us may have done with existing privacy laws. Existing privacy laws you ask? As it turns out, lawyers call the GDPR ‘not all that exciting’. As I learned after spending about 6 hours about the history of privacy laws in Europe, a lot of what organisations are concerned about today has been in place for about 30 years. At least in the Netherlands where I followed my course. It’s pretty similar for countries around the world. 

#Untwistingknickers since 2013


And well, we’ve been #Untwistingknickers since 2013. Back when we both worked at HubSpot, Evelyn used the expression ‘Don’t get your knickers in a twist’ so often that someone printed it on t-shirts for the team.

It since has become something we bring up every now and then. It’s basically what we do at BusinessBrew. As we write in our mission: ‘BusinessBrew wants to upskill your team, inject sound strategy that is easily implementable and set you on a road to running inbound marketing yourself. In the end, it’s you who should be communicating with your audience, not us.’ Basically, don’t get your knickers in a twist over inbound marketing.

GDPR has definitely been something that has marketers and business leaders worried and rightly so. There is a lot of work to be done and the consequences (€20.000.000 or 4% of your global turnover in fines, whichever is higher) are serious. So naturally, #Untwistingknickers lead to us attending a training to understand European privacy protection laws and GDPR.


What’s next?

Even though the CIPP/E certification is half of the training required for DPO’s according to the IAAP, I have no aspirations of getting to work as a DPO. For me, this foundation allows me to further build on my inbound marketing knowledge and advice you on how to make sure you can build successful lead generation campaigns, work with data from your sales teams and still be compliant with the GDPR and not to be forgotten, the upcoming changes to the ePrivacy laws.

Will GDPR be relevant for your business?

The legislation states three criteria for the territorial scope of the GDPR:

  1. Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

  2. Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing is related to the offering of goods or services or the monitoring of behaviour if it takes place within the Union.

  3. Processing of personal data by a controller not established in the EU but in a place where EU member state applies.

What do you need to know about privacy law?

If you recognise your business in the above criteria, then the GDPR applies to you. If you want to fully cover yourself as a marketer or business leader, these are the things you need to understand:

  1. Know the European Convention on Human Rights (ECHR).
  2. The Organisation for Economic Cooperation and Development Guidelines (OECD Guidelines) which have been evolving since the 1980’s. These became part of the first privacy laws in the European ‘constitution’ in 2007.
  3. How national laws such as Labor Law, Criminal Law and Civil Law are relevant.
  4. ePrivacy directive or the Privacy and Electronic Communications Regulations (PECR) in the UK.
  5. General Data Protection Directive (GDPR)

Finally, you still need to work on how you can be successful with your inbound marketing efforts. As a marketer, you don’t need to know all of these laws down to the letter but a basic understanding helps you to build your marketing strategy as part of ‘privacy by design’ which is how you should approach privacy under the GDPR.






Topics: GDPR

Nikita Smits

Written by Nikita Smits

Marketing strategist and GDPR specialist. Nikita was one of the founding members of BusinessBrew but is currently working as a digital marketing specialist at a Copenhagen startup.