The end of marketing is here. No more emails. No ads. Forget about retargeting. No more following up after tradeshows. Now that GDPR is in effect, it’s all done.
Is this what you think when you hear the ‘GDPR’ acronym?
Yes, GDPR is a big change to our day-to-day marketing activities. No, it doesn’t ruin your ability to continue driving business. In fact, I whole-heartedly believe GDPR will force marketers to better drive business.
First, let’s discuss what GDPR is.
I’m sure you’ve at least heard a least a tiny bit about GDPR. The General Data Protection Regulation (GDPR) is replacing the Data Protection Directive and is striving to standardize data privacy laws across European countries. This legislation aims to give more control to European citizens over their personal data. GDPR went into effect on May 25th, 2018.
If you do business with Europeans that involves the processing of their personal data, this legislation applies to you. Even if you don’t think you process European personal data, go double check the country of origin on records in your database.
Here’s why you, presumably as a marketer, should care:
- The potential fines are huge. Lawsuits are already being filed. The maximum fine for a single breach is 20 million euros, or 4% of annual worldwide turnover (AKA gross revenue), whichever is greater.
- This affects the activity you’re able to track, the data you can or can’t collect and who you can communicate with.
- The processes needed to comply with GDPR not only affect marketing departments and teams, but entire organizations.
- Data privacy regulations are never going away.
- Data privacy is never just for privacy teams.
So now that we have a basic understanding of what GDPR is about, let’s dive into what actions you can take to properly market in this new world.
- Get Consent
First and foremost, start obtaining permission to talk to people. Yes, GDPR has a ‘legitimate interest’ clause, but obtaining permission shows people that you care and that your organization is taking this seriously (i.e. increases rapport). It’s also much easier to show that you put permission-based processes in place and that someone agreed to receive communications from you, rather than filtering through grey area legal jargon. You can easily do this by placing checkboxes on forms and having people click through a confirmation email.
- Understand Your Data Flow
While this may not be “marketing’s” job, it’s still important to understand, and as a key player in your organization, to know which data is being used and moved into other organizational systems. Review which systems are in place, such as marketing automation platforms, apps, CRMs, ERPs and website tracking tools and know the kind of data being stored, and how data is getting into and out of each system.
- Enable Simple Email Opt-Out
This shouldn’t be new for email marketers, but I'll say it – make sure you provide an unsubscribe link in all marketing emails. It should be as easy to opt-out as it is to opt-in.
- Understand Data Requests
As mentioned before, GDPR aims to give more control over a user’s personal data that is being stored and tracked by an organization. This includes accessing, transferring and deleting.
- Internally Transfer Data Securely
We’ve looked at obtaining consent, talked about cookies, but we’re shifting gears to internal data security. Stop saving tradeshow booth visitor lists on your desktop. Don’t send the entire customer list via email. It’s not secure and puts the organization at risk if a hack attack ever happened.
- Discuss GDPR With Data Processors
If you work with third-party vendors, they need to be GDPR compliant, too. Your organization, the data controller, is still responsible for ensuring the relevant vendor organizations, data processors, are in line with the current regulation. This includes marketing automation platforms, consulting agencies, email service providers, event platforms, and the list goes on.
- Confirm with a Legal Resource
I said this earlier but it’s important, confirm these processes with a trusted legal resource. Many legal teams may have different takes on this new regulation and it is in the organization’s best interest to take due diligence on this. Make sure you’re all on the same page with where data is being stored and how it is being transferred.
Additionally, depending on the size of the company and the amount of data being processed, a company may need to hire a Data Protection Officer (DPO), that the marketing team can work with.
- Don’t Freak Out. Market Better.
Use this as your opportunity to create exciting, intriguing and relevant content for people, because now you know that people want to receive it. You’re now working with a database full of engaged and valid records.
And finally! Is this a lot to take in? Yes. Is it all going to be okay? Absolutely.
Is your Marketo platform GDPR compliant? Talk to our team of experts about how to get it there.
About the AuthorFollow on Linkedin More Content by Mariah White