At a time when automatic data retrieval and storage increases, and exposure of personal information is required to make use of online services, it is comforting knowing there are strict requirements for providers on how to handle collected information. Because of the ever-increasing use of online services and consumers registering online, the EU has introduced new privacy legislation, GDPR.

What is GDPR?

General Data Protection Regulation (GDPR) is the largest change to the data security act in over 20 years, primarily dealing with Privacy, Security and Transparency. On May 25, 2018, the new law comes into force and BrandMaster is welcoming the enhancement.

How does GDPR affect us?

We believe and hope that consumers and individuals in the future will be more critical to both what information they provide, and to whom. The distinction between serious and unserious providers will become more visible, and hopefully make it easier to choose safe partners and suppliers.

And so, it is important to BrandMaster to embrace and show that we are a company that take this responsibility seriously and is a provider you can trust. GDPR gives us a good opportunity to build an even better customer relationship through respect and professionalism.

For the marketing and communications industry, GDPR does not necessarily change the way you work. If you already are serious and your communication is in relation to an existing customer relationship, we see no need to change this. What one must ensure is what methods are used to attract new customers. Automatic collect and purchase of lists are no longer allowed.

GDPR requires that it is potential customers who must show their interest in services and products themselves. If this is done with an Inbound Marketing strategy, web advertising, TV campaigns or social media will depend on who you want to reach. Regardless of the creative methods that you resort to, the new law requires the user to give an active acceptance before you can save and use the personal data. Thus, there is nothing wrong with collecting personal information for commercial use as long as the rights of the individual are not violated.

What actions is necessary now?

Most of you have probably already started the mapping process concerning personal data. If not, you should contact your company’s data security officer and inform about which systems you use in your department. There is still time.

GDPR requires that we record and document what systems and solutions we use to handle personal data. The act further imposes openness and security for the information we store. Furthermore, it is required that you have good practices that provide the individual the opportunity to gain access, delete and change their information. And you need to have routines for issuing warnings if there is a data security breach.

As a business, you are also fully dependent on your suppliers and subcontractors demanding the same standards on themselves as you do. While you are now preparing internal procedures and processes for the new privacy law, you must require the same from your own affiliates. Here, you should have a Data Processing Agreement with everyone who handles your data.  Security is not stronger than the weakest link.

What can BrandMaster contribute with?

In BrandMaster we have spent the last 8 months reviewing our own routines on what and where we store personal data on behalf of our customers. We have gone through the requirements for GDPR to ensure that we have routines and support features in place to meet GDPR regulations. We have reviewed our security practices and alert routines to ensure alignment with GDPR. And we will continue the work both towards and after 25 May to handle GDPR in the best possible way.

It is important to us that our customers feel secure in our handling of your data. Therefore, during the next three months, BrandMaster will send updated information about how we meet the security, privacy, and personal data requirements contained in our databases.

We will assist all our customers reaching May 25th, 2018 safely. So far, we have held two webinars where we reviewed what processes we have in place to support our customers and we have made an overview of how personal data can be stored in our solutions. Both will be made available to our customers.

Our consultants and security officers are always available to assist and help our customers with a good transition to the new regulations. In you have any questions related to GDPR in our systems, please send an email to

To learn more about GDPR: