In a recent Econsultancy survey, 67% of clientside marketers said they have at least partially read the ICO guide to the General Data Protection Regulation (GDPR).

But whether you have or haven't read this excellent guide (it's certainly the best starting point), there are plenty of other resources you will need access to if you really want to engage with the GDPR. Here's a list of the ones I have found useful...

Advice specifically for marketers

Econsultancy subscribers can download A Marketer's Guide to the GDPR. The guide includes opinion from compliance experts on the most important part of the GDPR as it pertains to marketing.


There are also a couple of DMA guides for marketers – one on the essentials of GDPR, and another on the concept of accountability.


The Information Commissioner's Office (ICO) in the UK has self-assessment checklists for both data controllers and data processors which will help you understand high-level compliance with the legislation (and anything you might have missed). These checklists are ideal for small businesses, but are still a good tool for marketers to understand what compliance entails.

There is also a more concise checklist created by the ICO offering a 12-step roadmap to compliance.

Industry specific advice

There are plenty of articles out there on the impact of the GDPR at a sector level. But these are the ones created by the ICO and the DMA: 


For the most authoritative information on consent as legal basis for data processing, read the Article 29 Working Party (WP29) guidance.

Legitimate interests

There are no plans for new WP29 Guidance on legitimate interests, but the ICO published guidance in March 2018.

The Data Protection Network has also produced its own guide to legitimate interests under the GDPR, as has the DMA.

Privacy notices

Another excellent ICO checklist will take you through everything you need to craft compliant privacy notices.


Information Commissioner Elizabeth Denham's own 'mythbuster' article written in August 2017 quashes some of the hype about big fines set to be meted out. Denham also addresses the issue in a recent presentation shown below.


Accountability (documentation)

The ICO has produced a comprehensive guide to documentation.


The DMA clears up some of the myths around the GDPR and B2B maketing, with some links to additional resources such as a legitimate interest assessment template.


Econsultancy's newly updated Email Marketing Best Practice Guide (subscriber only) includes a section on email and the GDPR.

Third party agreements (contracts with data processors)

Law firm Mayer Brown has produced a concise and useful checklist for third party agreements, to ensure your vendors comply.

Automated decision making and profiling

WP29 guidance is available here

Breach notification

WP29 guidance is available here.


Transparency, along with accountability, is the chief principle of the GDPR. The WP29 guidance on transparency attempts to define what information should be presented to the data subject, and in what way, in order to be truly transparent. 


Econsultancy provides face-to-face training for marketers getting to grips with the GDPR, as well as an online classroom

online gdpr course 

For further reading, check out Econsultancy's own GDPR resources page.

Note that this article represents the views of the author solely, and are not intended to constitute legal advice.

Ben Davis

Published 5 March, 2018 by Ben Davis @ Econsultancy

Ben Davis is Editor at Econsultancy. He lives in Manchester, England. You can contact him at, follow at @herrhuld or connect via LinkedIn.

1244 more posts from this author

You might be interested in

Comments (2)

Pete Austin

Pete Austin, Founder and Author at Fresh Relevance

I recommend reading the GDPR yourself, because a lot of the advice out there is just plain wrong. Not normally a fan of the EU but their legal writing skills are top notch.

Here's my favorite quote ATM:
"The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language ... be used".

Does some expert recommend that you show data subjects more than one page of information about the personal data you store and how you use it? Then it's not concise. Or do they provide legalese instead of ordinary language? Then it's not plain. And not compliant with the GDPR.

6 months ago

Ben Davis

Ben Davis, Editor at EconsultancyStaff


Of course. I just found it not the easiest document to navigate. The WP29 guidance, coming from all 29 countries in the EU, is more focused by nature.

The principle of transparency is the thrust of the GDPR (along with accountability) and should be second nature to marketers.

6 months ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.