Skip navigation
All Places > Champion Program > Blog
1 2 3 4 Previous Next

Champion Program

168 posts

chrome-break.jpgChrome 66 is coming, and it is part angel, part devil. On the personal/privacy side, Chrome's latest release will enable an in-demand feature like preventing video autoplay. But for marketers, aside from the video autoplay, there could be some very serious consequences. Given that Chrome is the dominant browser at ~60% of the market share, the Chrome 66 update could be catastrophic to your web traffic.

 

 

 

Web-browswer-market-share-2018-02.png

 

To veer off of our usual Marketo focus on this blog, I wanted to raise the visibility of a technical issue that has the potential to severely impact our marketing operations.

Google’s Chrome products, including the Chrome browser and Chrome OS, have been calling out vulnerabilities in Symantec’s security certificate infrastructure for a number of months now. In July 2017, a post on the Google Security pointed the finger squarely at Symantec:

 

Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.

 

Based on Symantec’s own blog post, their position seems to be that they’re too big to fail:

 

As the largest issuer of EV and OV certificates in the industry according to Netcraft, Symantec handles significantly larger volumes of validation workloads across more geographies than most other CA’s. To our knowledge, no other single CA operates at the scale nor offers the broad set of capabilities that Symantec offers today.

 

Normally, this type of security turf war doesn’t make it onto the radar, but this one is set to send out some pretty significant ripples. Let's not forget the size of the combatants: Google is the largest provider of web browsing, and Symantec is the largest issuer of wildcard SSL certificates, so any actions by either one will catch the majority of us in the middle.

 

Google Chrome 66 is going to depreciate any Symantec SSL certificate issued before January 1, 2016.

 

Chrome 66, was made available to the Chrome Beta channel on March 15, 2018 and will be released to Chrome Stable users around April 17, 2018.

 

The net result - two potentially devastating consequences for your marketing efforts.

 

The first impact is to your website and landing page delivery. If your public-facing marketing infrastructure is covered by an older Symantec SSL certificate, your visitors will be blocked from your site and will receive the following message.

 

ssl-warning-symantec.png

 

Ok, so that’s bad enough, but the issue goes much deeper.

 

Secondly, and much more insidiously, you could see a loss of functionality that affects your customer experience if you are using any web services or webhooks that are also secured by a Symantec certificate. This means that if you have dynamic updates or direct integrations from your website that enhance the customer experience, these updates and integrations may fail or use their fallback mode.

 

What can you do?

As a marketer, the first thing you need to do is check your systems and platforms that you've been using across the board (for example, here is Marketo’s response.)

 

For more information on how to handle this issue (and keep ensuring a great customer experience and protecting your brand reputation), check out DemandLab's post on how to check if you're affected and what options you have.

We’re in the final stretch with the GDPR compliance deadline looming ahead. “Are you Ready for GDPR?” is still the question of the day, and the topic of an upcoming webinar that I’ll be presenting in partnership with Marketo and Uberflip. I’ll be teaming up with Marketo’s Sr. Director of EMEA Marketing Peter Bell and Uberflip’s Director of Revenue Marketing Tara Robertson to help marketers understand what’s required for compliance, discuss the topic of “consent” and explore the implications of GDPR on your operations and the systems you use every day. This free presentation runs live on April 4 at 11:00 am EDT and we’d love for you to join us. Additionally, get a sneak preview of what we’ll be covering on Uberflip’s blog where Tara and I have a conversation about consent, data collection and the always popular question: is there any workaround to GDPR? Check it out, and, don’t forget to sign up for the webinar!


For those of you who need a little GDPR comic relief, check out the latest Perkuto blog post—we’ve scoured Twitter to find creative tweets from around the world about the angst of preparing for GDPR. If nothing else, it will make you smile.

Just when you thought GDPR was confusing enough, enter the topic of “legitimate interest.” Many of you have asked about it, wondering if you can bypass obtaining express consent opting for legitimate interest instead.

 

I can almost hear the glimmer of hope in your voice as you ask...could legitimate interest be my saving grace for updating permission requirements? Has GDPR provided organizations like mine with an escape clause? Approach with caution here. If you’re considering skipping express consent and claiming the GDPR provision for legitimate interest, you first must understand what legitimate interest entails and when you can use it. 

 

From Article 6(1) of GDPR, legitimate interest can be used to process records if:

 

  1. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
  2. Processing is necessary for compliance with a legal obligation
  3. Processing is necessary to protect the vital interests of a data subject or another person
  4. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  5. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. (ex: if the data subject is a child)

 

Clear as mud, right? Many marketers think they’ve found a loophole to collecting explicit consent with option A, the first clause. So is it? No—but it is a common misconception about GDPR and one that can get you into a whole lot of trouble.

 

Legitimate Interest Pie

 

Let’s look at a hypothetical situation when legitimate interest can be used. Say you are shopping online—maybe ordering a pizza. Rather than create an account, you opt to check out as a guest and only provide the necessary information to get your pepperoni pie delivered to your doorstep, or in this case, your name and delivery address plus payment information. Does the pizza place have legitimate cause to process your data? Yes, absolutely. Can they continue to communicate with you and send you pizza promotions for future orders? No, because they don’t have your consent. Legitimate interest in this example only applies to processing your order; it is not permission to use your information for any other purpose.

 

I also hear marketers attempting to justify legitimate interest with clause E, claiming they have a legitimate interest in marketing their products. So let’s get another opinion. The UK Information Commissioner’s Office (ICO) asserts that: “[Legitimate interest] is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.”

 

In other words, I expect Joe’s Pizza  to deliver my pizza (hot, please) so therefore I also expect Joe’s Pizza to process my order and charge my credit card. But that’s where my expectation ends—so if Joe’s Pizza started sending me special promotions, sold my data to another company, or began tracking my pizza purchases for their rewards program, they would be using my data in ways that I would not reasonably expect, and that would have more than a minimal impact on my privacy. The ICO addresses this scenario, saying if the customer “would not reasonably expect the processing or if it would cause unjustified harm, their interests are likely to override your legitimate interests.” Did you catch that? “Their interests override…” In other words, if you use the customer’s data in an unexpected way or a way that goes beyond your initial reason for gaining access to it, the GDPR supervisory authorities will likely take a big slice of your financial “pie,” - which as we all know can add up to a lot of dough!

 

Legitimate Checklist (because who doesn’t love a good checklist?)


Still thinking about taking the legitimate interest route? The ICO offers a checklist before you consider opting to claim legitimate interest. And as you know, we like checklists, so we thought it appropriate to share this one—you’ll find the checklist and the rest of this article on Perkuto’s blog.

For those of you who missed our recent webinar, “Fearless Marketing Strategies for GDPR World,” you missed a good discussion. The most popular topic of the day was “consent.” We had many questions regarding GDPR compliance requirements—everything from permission to retain personal data, to what to do if you are unsure if consent exists or are missing the documentation to back it up, as well as how GDPR consent compares to CASL. All very valid questions!   As for the answers:

 

GDPR Documentation for your Database

 

We’ve covered the topic before, but it’s worth another mention—auditing your database for GDPR compliance may be painstaking and time-consuming but it is also highly recommended; appropriate documentation is just as necessary as capturing consent. To verify consent, all records in your database should have:

  • opt-in date and timestamp
  • opt-in source
  • opt-in IP address (if available)

 

For records that are questionable, better safe than in doubt is the rule of thumb. Run a whitelisting (verification) campaign now, so there’s no question regarding if, how or when consent was obtained. No one wants to be fined €20 million or stop European marketing operations due to records you thought were compliant but are not.

 

And just a reminder, track BOTH data consent and email consent as one does not guarantee the other. Having said that, email consent can constitute data consent, if appropriate privacy policies are acknowledged.

 

Bundling Consent: What to Do and What to Avoid

 

When using content (such as a white paper) to attract interest, per GDPR, opting-in to marketing communications cannot be assumed or bundled with another action. You may however, include it as a separate action on the same form if your opt-in checkbox is unchecked and not required to download the promoted content asset. And always ALWAYS link your forms to your privacy policy!

 

GDPR vs. CASL

 

As we talk more and more about consent, we’re frequently asked another question: does CASL (Canadian Anti-Spam Law) compliance mean you are also GDPR compliant? Aren’t the two processes for capturing consent very similar? In a word, yes and no. (OK, two words) The opt-in process is similar, as both consent intake process should include an unchecked checkbox on a form and capturing date/timestamp, opt-in source and opt-in IP, and a link to your privacy policy. If you’re already using this methodology for CASL, you can extend it to your GDPR operations.

 

However, while both regulations are permission-based, that’s where the similarity ends. We like to think of GDPR as “CASL on steroids”—GDPR extends much further than CASL and with stiffer penalties. GDPR goes beyond permission to email, extending into cookies, data processing and other elements that are not governed under CASL.

 

See how the two legislations compare on the Perkuto blog.

From your comments, emails and phone calls, I think marketers are in need of a little GDPR TLC right about now. Trust me, I’m right there with you. Preparing for GDPR is not an insignificant undertaking, and when coupled with the responsibilities of your “day job” it can be an overwhelming load. In my ongoing effort to help and encourage my fellow marketers, I offer you a little Chicken Soup for the GDPR Soul.

GDPR Words of Wisdom

Eat a live frog first thing in the morning and nothing worse will happen to you the rest of the day. – Mark Twain, author

Perspective is everything, isn’t it? Surely, when Mark Twain made this statement, he was directing his comments to marketers feeling the stress of GDPR—get the task you’re dreading most done first. If you’re just starting out in your GDPR compliance journey, I recommend your first frog is a pre-preparation assessment of your database. This includes taking inventory of records that have (and don’t have) normalized country data attached to them, noting the quantity and compliance status of EU records in your database, and assessing the viability of questionable records. If you’re further along in your GDPR preparations, Twain also has advice for your situation: “If it’s your job to eat two frogs, eat the biggest one first.”  Little did we know, GDPR would be an all-you-can-eat frog buffet!

Go to bed smarter than when you woke up. – Charlie Munger, vice chairman, Berkshire Hathaway

Whether GDPR is keeping you up at night or you’re actually able to get some rest, the point of this quote is spot-on: gain as much wisdom as you can about GDPR. Read. Listen to podcasts. Attend a webinar. And speaking of webinars, be sure to register for our free presentation, “Fearless Marketing Strategies for a GDPR World.” We’ll be covering hot topics such as consent and what it means for your marketing communications, plus the impact of GDPR on common technologies like cookie usage and lead scoring. GDPR language is ambiguous and confusing; the worst thing you can do is stick your head in the sand and rely on what you think you know. Stay informed, seek out learning opportunities and ask questions along the way. Register for our webinar now.

No wise pilot, no matter how great his talent and experience, fails to use his checklist.Charlie Munger, vice chairman, Berkshire Hathaway

With stress often comes decreases in productivity and efficiency. Checklists help keep you focused, ensure you don’t forget details, and give you a sense of accomplishment as you mark items as complete. If you haven’t already, put together a GDPR readiness checklist or use ours. Note: the checklist below is a small part of a much larger GDPR checklist, which you can access—along with much more GDPR information—by downloading our free whitepaper, “A Marketo Client’s Guide to GDPR Compliance.

Database Audit Checklist

Completed

Are EU records present?

Examine current opt-in sources to determine compliance (or if an opt-in campaign before the GDPR deadline is necessary)

Evaluate information stored in the lead/contact objects vs. the account object and amount of information populated

Determine the degree of missing country information and if it’s normalized

Create marketable records segmentation and inactive smart lists to assess data quality

Determine the age of records; flag those outside of your defined period for record retention

Segment the database based on current compliance status of records

Determine if your database contains records of youth under the age of 16 and age 13 in the UK

 

Additional GDPR Resource and Support

The best thing a human being can do is to help another human being know more. – Charlie Munger, vice chairman, Berkshire Hathaway

There’s no doubt that Charlie Munger is a smart guy—after all, he’s Warren Buffett’s partner.  And when it comes to sharing knowledge, we couldn’t agree with him more. Perkuto exists to help CMOs succeed—with that in mind, we’ve put together a comprehensive package of resources to support you in your GDPR preparations:

 

When it comes to GDPR, our motto is “Prepare thoroughly. Market fearlessly.Let us know how we can help you.

 

Read the full post on the Perkuto Blog.

At some point in our careers, we've all had a data mishap. A colleague recently shared a direct mail promotion he received from a high-end jeweler. The headline read, "KEVIN, this Valentine's day, give LESLEY the gift she really wants," along with an image of a beautiful diamond necklace. The only problem—Kevin and Lesley are brother and sister. (And yes, they were horrified at the jeweler's suggestion.) Was the jeweler trying to promote sibling love? Doubtful. More likely: Major. Data. Fail.

 

Obviously, this example is variable data gone wrongeither mismatched data points, misinterpreted data relationships or just plain bad data. But whatever the reason, with GDPR just around the corner, it's crucial that your data is in order. Understanding who's in your database, as well as the age and viability of each record, is a foundational piece of GDPR prep. Think of it this way: retaining junk data is a liability for you. Why risk costly fines due to keeping questionable records?

 

What's Lurking in your Data Pool?

 

Over time, junk records creep into your files and weigh down your performance metrics, create potential marketing disasters and set you up for GDPR problems. Time to scrub the pool! The best way to identify junk data and gain more insight into the composition of your database is by creating a marketable records segmentation. Any groups regularly suppressed should be pulled into this segmentation. What should you be looking for?

 

Inactive Records: Since GDPR stipulates not retaining data longer than necessary, flag outdated recordsor in the absence of a defined expiration datethose that have not opened or clicked on an email or have not visited a webpage in the last 12 months. We’ll try to reactivate these names—more on that topic in a minute.

 

Disqualified Records: Be on the lookout for trash and disqualified records especially, usually corresponding to a lifecycle stage of trash or disqualified and including names rejected by sales.

 

Role Accounts: These are email addresses for a specific role that don't have a human associated with them. Under GDPR, such records are not considered "personal data" but since they don't benefit sales, remove them. To do so, include a filter for email that starts with and contains descriptors such as news@ administrator@ unsubscribe@ customerservice@ webmaster@ info@

 

Junk Domains/Data: Just as the name suggests, these bogus domains include data strings such as "ABC," "XYZ," swear words and email addresses without an @ symbol. Dump the junk!

Undesirable Personas: Examples include students, retirees, and maybe the media. If not a viable lead, they are not worth the potential risk of retaining.

 

Country Data: Run a query to determine if all records have normalized country information. Flag those that do not or are missing country data altogether.

 

Opt-In Sources: Is consent GDPR compliant? Do you have proper record-keeping to back that up? Create a separate segmentation based on current compliance status and deploy a whitelisting campaign for records compliant with current EU Directive legislation that may fall short of GDPR standards. Remember, this may include records that have consent, but the consent is dated.

 

Preserving Potentially Viable Records

 

OK! You've done some cleaning on your database; now it's time to look at the questionable and non-compliant records to retain as many as possible before GDPR goes into effect. Campaigns you'll want to run sooner rather than later include:

 

Read the full post on the Perkuto Blog.

Preparing for GDPR: It's Not Marketing's Job...or Is It?

 

GDPR:” you’ve heard the term repeatedly and know you ought to deal with it. But you’re also wondering, does the responsibility for GDPR readiness really belong marketing?  Isn’t this more of an IT thing?  Besides, you’ve got other, more pressing tasks…good grief!

 

Good GDPR grief that is, and all the mental agony that comes along with it. If you’re like most marketers, you’re probably experiencing what we call, “The Five Stages of GDPR Grief” when it comes to navigating GDPR preparedness.

Any of this sound familiar?

 

The Five Stages of GDPR Grief

 

Stage 1: Denial.

You don’t believe you need to worry about GDPR. After all, you survived CASL, CAN-SPAM, and the US Do Not Call regulation. GDPR…no big deal, right?

 

Stage 2: Anger.

GDPR keeps creeping into your news feed; the topic just won’t go away. You’re annoyed—even angry—at the thought that it might actually be your job to figure out GDPR requirements and steer your team through compliance preparations. Not exactly what you envisioned for your career in marketing.

 

Stage 3: Bargaining.

You begin rationalizing that you are too busy, that your main priority is driving revenue and supporting business growth. GDPR sounds like a major “squirrel” (distraction), so you begin bargaining with others in your company to take on the task. Case of beer in hand, you approach your colleagues, “Hey…so how’s my FAVORITE IT team…”

 

Stage 4: Depression.

You realize you’re stuck with the task and begin reading through dry, incomprehensible pages of legalese filled with seemingly conflicting advice. To say you’re bored to tears is an understatement. Is it 5:00 yet?

 

Stage 5: Acceptance.

You’ve come to grips that GDPR preparation is your responsibility; you’ve accepted that marketing with different rules is the new reality for 2018. Realizing there are many adjustments and changes you must make to your processes, you begin seeking out resources to help your team. But now what?

 

The Path to GDPR Compliance

We get it. We understand you’re busy and have many responsibilities in your “day job,” none of which include becoming a GDPR expert. That’s why we’ve created a free downloadable resource, “The Marketo Client’s Guide to GDPR Compliance.”

 

Written by the Perkuto team, this guide will help you understand GDPR from start to finish. You’ll learn about data transparency, storage and security requirements of this massive legislation plus some of the lesser-known nuances that impact your marketing strategies. We’ll help make sense of the requirements for compliance and outline the consequences for not meeting them. We’ll show you the steps you need to take to prepare for GDPR and (shameless plug) provide an alternative should you decide to let GDPR experts handle it instead.

 

From Intimidated to Fearless

Feel like you already have a good grasp on GDPR basics? Take your knowledge to the next level by attending our complimentary webinar on March 1, Fearless Marketing Strategies for a GDPR World.

In this interactive presentation, I’ll discuss the impact of GDPR on the marketing technology we use every day, including cookie usage, subscription management and lead scoring practices. Learn what campaigns you should be running now, how your communications must change once GDPR goes into effect, and ask questions specific to your situation at the end of the presentation.  Registration is free, but early registration is recommended as space is limited. Registration also guarantees you will receive a link to the presentation recording and slides, even if you’re unable to attend the live webinar.

 

In Good Company

When it comes to GDPR, we feel your pain, really. Remember, we’re marketers too! And from one marketer to another, we’re ready to turn your wounds into wisdom— download the Perkuto complimentary GDPR Compliance Guide and then register for the Perkuto free Fearless Marketing webinar.

 

Download White Paper

Watch Webinar

 

As Published on the Perkuto Blog

Hi all,

 

We're thrilled to announce this year's 2018 Marketo Champion class! The Marketo Champions are an elite group of our most advanced brand ambassadors who are Marketo Certified Experts and actively share their knowledge and expertise in the Marketing Nation Community. They have demonstrated outstanding leadership and are loyal advocates of the Marketo brand.

 

Please help me congratulate this amazing group of advocates!

 

P.S. Please note we'll be moving away from two classes to one per year.

 

Banner2-2018-Marketo-Champions-Desktop 304x299 (1).jpg

 

NameCompany
Boris KiperasCA Technologies
Dusty Garner-CarpenterConvergys Corporation
Matt GomezLaureate Education
JD NelsonSpigit
Darrell AlfonsoHitwise
Brooke BartosMisumi
Nick HajdinAccenture
Abby RyanVeracode
David Da SilvaNewVoiceMedia
Timothy CeratoSNHU
Maruti ShuklaDropBox
Karina GuerraCochlear Limited
Iryna ZhuravelAltium LLC
Eddie MoralesElastic
Dan StevensAvanade
Geoff KrajeskiCohnReznick LLP
Suzanne Kushner

 

Suzanne Kushner Marketing Automation Services

 

Sydney MulliganEtumos
Hicham TabbakAdecco Groupe France
Rajesh TaleleBright Aspects, Inc
Adam VavrekSkyword
Kelly Jo HortonIntersekt Solutions
Kara PietrykowskiOliver Hume Real Estate Group
Emily ThorntonAnnuitas
Adele MillerDynatrace
Dan RaduMacromator
Ashley HarvellDemand Spring
Rachel NobleDigital Pi
Tara Slover PetreElixiter
Michelle MilesPerkuto
Dayna WellmanMcGraw-Hill Global Education Holdings, LLC
Amanda ThomasAlert Logic
Erik HeldebroBambuser
Lauren AquilinoRevenue Pulse
Devraj GrewalZuman
Jessica KaoDigital Pi
Emily PoultonAdecco Group
Ande KempfRevEngine Marketing
Andy VarshneyaOptimizely
Brittany StoverDes-Case Corporation
Carly WirkusJamf Software, LLC
Chelsea KikoHileman Group
Chris SaporitoPaycor, Inc.
Christina ZunigaInTouch Health
Corey Bethel

 

McGraw-Hill Global Education Holdings, LLC

 

Courtney GrimesDemandLab, LLC
Courtney McAraSurveyMonkey Inc.
Jackie PottsLI-COR
Jason HamiltonRevenue Pulse
Jenn Dimariarevenginemarketingdev
Jenna MolbyACL Services
Joe ReitzAmazon
Juli JamesSt Edwards University
Justin NorrisSolutions Perkuto, Inc.
Keith NybergSugarCRM, Inc.
Maarten WestdorpScribe Software
Mark FarnellNewVoiceMedia
Taylor EnfingerANNUITAS
Veronica HolmesVerdant Marketing Automation
Alex GregerDemandLab

Vast.” The dictionary definition is “very great in size, amount, degree, intensity, or especially in extent or range.” (Merriam-Webster) It’s a word you’ll hear often in GDPR discussions, and it is an accurate description. In fact, there are 99 articles in the GDPR, each stipulating new parameters and expectations for data transparency, accountability, storage, and security.  In our prior posts, we’ve highlighted many of these areas, discussing changes to your backend operations, marketing strategies, external partners and provided a graphic overview with our GDPR infographic.

 

As much as GDPR covers, it also raises an equal number of questions.  Many of GDPR’s articles use ambiguous language leaving marketers scratching their heads, and lawyers busy providing clarification. For this reason, we’ve compiled a list of some of the more frequently asked questions and a few of the lesser-known answers, as discussed with our legal team.

 

GDPR – Who?

Q: Does GDPR apply only to EU citizens?

 

A: No. GDPR applies to EU residents, regardless of citizenship. An American living in the EU for three months qualifies for GDPR protection. If your business (B2B or B2C) markets to, does business with, or simply stores or processes the personal or business information of EU residents, you are subject to GDPR requirements regardless of your business’s location.

 

Definition of Personal Data

Q: What is considered “personal” data?  Is B2B information exempt?

 

A: Generic emails, such as “info@,” “contact@” are not personal addresses so do not count as personal data.  All personal (individual) data, whether B2B or B2C, is covered under GDPR. This includes any business information that makes a someone personally identifiable, such as their business email address.

 

Limits for Storing Data

Q: How do we define the duration of storing data? What constitutes “as long as necessary?”

 

A: That depends on the purpose of the data.  Where a contractual agreement exists, (ex: I am buying on Amazon) personal data may be retained as long as the contract runs. (or in our Amazon example, as long as I am willing to keep my Amazon account, which is mandatory to purchase on their site.)  If the data subject is not a customer, then three years after the last contact is a reasonable period, per the French CNIL.  It is the Data Controller’s responsibility to set the limit on data retention and this should be specified in your privacy policy. Be careful not to run wake the dead nurture campaigns on opt-ins that have exceeded the stated time frame.

 

Bundled Consent

Q: Can you bundle consent to receive future communications with other actions, such as a whitepaper download?

 

A: No. Consent is an independent action from a marketing action and your consent language needs to be clear. You can include an opt-in option to receive additional information on your form with an unchecked checkbox,  just make sure the checkbox is not required to submit the form. And, be sure to include a link to your privacy policy on all forms. See an example of a GDPR compliant opt-in form.https://perkuto.com/blog/marketing-strategies-gdpr?utm_source=MarketoCommunity

 

Cookie Law

Q: Does GDPR have any ramifications for EU Cookie laws or is ‘Do Not Track’ still in effect?

 

A: Yes, ...

 

Read the full post on the Perkuto Blog.

If “our similarities bring us to common ground,” (Tom Robbins) we’ve reached our destination.

No doubt, you have quite an assembly of tools in your MarTech stack acquired in various stages of your company journey. Each technology offers a different solution for your organization, but they all share a common ground: they access your data.  Is the GDPR alarm going off in your head?  It ought to be, as GDPR considers any technology provider in your stack— i.e. Marketo, Salesforce, Ringlead, ReachForce, Bizible —as well as agencies and service providers who can access your data, a “data processor.”  And GDPR has a lot to say about this role and the responsibilities that come with it.  Welcome to GDPR land.

GDPR Compliance: All Aboard

By GDPR definition, a data processor is “any person, public authority, agency or other body which processes personal data on behalf of the controller.”  So, all of your external systems, companies, agencies, service partners or contractors who are enriching your data, collecting data on your behalf, mining, segmenting, or analyzing records—even handling payroll or other outsourced HR activities–are data processors. Which means… (sound the major GDPR alarm)each one must be GDPR compliant.

But wait, there’s more.

Did you catch those last few words of the data processor definition,”…on behalf of the controller?”  If your MarTech tools, agencies and service partners are data processors, that makes your organization the data controller. And with great responsibility comes greater accountability: it is the data controller (AKA you) who calls the shots on what data is collected, why, and how it is used.  Ultimately, YOU, the data controller, are responsible for ensuring that personal information is processed in accordance with GDPR, and, YOU can be subject to corrective measures and penalties should something go awry. Additionally, YOU are responsible for ensuring that these data processors can provide sufficient documentation of their abilities to comply with GDPR requirements for both technical and organizational measures. YIKES! 

Takeaway: GDPR has a much broader impact on our operations and organizational structure than what’s on the surface.

How can you mitigate your risks?

Develop your Itinerary

  1. Take inventory and document your MarTech landscape, identifying all of your processors.  Any company from agencies to Marketo to deduplication vendors to data enrichment to ABM, CRM…you get the idea.

  2. Request documentation from each Data Processor demonstrating that they are GDPR compliant. Most of the established Data Processors have already prepared the documentation to show that they’re compliant with GDPR and all you’ll have to do is review it. For instance, Salesforce provides the following information on Trust and Compliance. If you work with a Data Processor that doesn’t have the documentation readily available, you’ll need to be proactive in requesting documentation. Here is an example questionnaire that you could adjust to your specific needs.
  3. Categorize the returned documentation. Keep a record of all documents and either work with non-compliant processors to help them become compliant, find a new processor, or decide what to do to protect yourself if they are not.
  4. Sign a data processing addendum with ...

 

Read the full post on the Perkuto Blog.

Many of us have been fighting with the lack of handlers that would enable to easily style forms. Combining multiple ideas, I propose you here a framework that will enable to add specific classes to form columns and form rows dynamically, using some JS that you can add once to your LP templates or in the embedded forms.

 

The idea is to leverage the fact that you can add a class to a field label and have the javascript replicate that class to any element in the DOM hierarchy of the label.

 

First, this how you can add some classes to field labels:

1-Access the form in edit mode and select a field (e.g. First name). Click the label advanced editor icon:

2-In the editor, open to the HTML mode:

3-And in the HTML, change the simple text into some HTML with a class:

 

You can use any class you want, provided that the JS knows how to identify it.

 

Second, use the following JS to duplicate the label classes to the rows and columns (I borrowed a couple of lines to Sanford Whiteman other solution to this problem, so thx for this ):

 

 

<script>

    MktoForms2.whenRendered(function (form) {

      var ANCESTORS_STOR = '.mktoFormRow, .mktoFormCol',

          _forEach = Array.prototype.forEach;

 

 

      function addcustomclasses(formEl) {

            _forEach.call(formEl.querySelectorAll(ANCESTORS_STOR), function(ancestor) {

                    _forEach.call(ancestor.querySelectorAll('.mfc-twelve-twelve'), function(input) {

                    ancestor.classList.add('mfc-twelve-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-eleven-twelve'), function(input) {

                    ancestor.classList.add('mfc-eleven-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-ten-twelve'), function(input) {

                    ancestor.classList.add('mfc-ten-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-nine-twelve'), function(input) {

                    ancestor.classList.add('mfc-nine-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-eight-twelve'), function(input) {

                    ancestor.classList.add('mfc-eight-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-seven-twelve'), function(input) {

                    ancestor.classList.add('mfc-seven-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-six-twelve'), function(input) {

                    ancestor.classList.add('mfc-six-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-five-twelve'), function(input) {

                    ancestor.classList.add('mfc-five-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-four-twelve'), function(input) {

                    ancestor.classList.add('mfc-four-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-three-twelve'), function(input) {

                    ancestor.classList.add('mfc-three-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-two-twelve'), function(input) {

                    ancestor.classList.add('mfc-two-twelve');

                    });

                    _forEach.call(ancestor.querySelectorAll('.mfc-one-twelve'), function(input) {

                    ancestor.classList.add('mfc-one-twelve');

                    });

            });

        }

 

        var formEl = form.getFormElem()[0];

        addcustomclasses(formEl);

    });

</script>

I am quite sure that the JS code can be streamlined and enhanced, for instance to handle any class starting with "mfc-" instead of a fixed list of classes, but I would leave it to someone better at JS than I am . Another enhancement would be to also recopy the class from the label to the input zone. (Sanford Whiteman, I know you turn this very basic code into gold)

 

 

Finally, you will need to add these classes to you CSS. you can use combined classes to manage specifically rows and columns.

 

For instance, I have prepared a CSS that uses the following set of classes to manage the columns width and responsive behavior on a multi-column form:

 

<style>

.mktoForm .mktoFormCol.mfc-twelve-twelve {

    width: 100%;

}

.mktoForm .mktoFormCol.mfc-eleven-twelve {

    width: 91.66%;

}

.mktoForm .mktoFormCol.mfc-ten-twelve {

    width: 83.33%;

}

.mktoForm .mktoFormCol.mfc-nine-twelve {

    width: 75%;

}

.mktoForm .mktoFormCol.mfc-eight-twelve {

    width: 66.66%;

}

.mktoForm .mktoFormCol.mfc-seven-twelve {

    width: 58.33%;

}

.mktoForm .mktoFormCol.mfc-six-twelve {

    width: 50%;

}

.mktoForm .mktoFormCol.mfc-five-twelve {

    width: 41.66%;

}

.mktoForm .mktoFormCol.mfc-four-twelve {

    width: 33.33%;

}

.mktoForm .mktoFormCol.mfc-three-twelve {

    width: 25%;

}

.mktoForm .mktoFormCol.mfc-two-twelve {

    width: 16%;

}

.mktoForm .mktoFormCol.mfc-one-twelve {

    width: 8.33%;

}

 

@media only screen and (max-width: 480px) {

    .mktoForm .mktoFormCol.mfc-twelve-twelve,

    .mktoForm .mktoFormCol.mfc-eleven-twelve,

    .mktoForm .mktoFormCol.mfc-ten-twelve,

    .mktoForm .mktoFormCol.mfc-nine-twelve,

    .mktoForm .mktoFormCol.mfc-eight-twelve,

    .mktoForm .mktoFormCol.mfc-seven-twelve,

    .mktoForm .mktoFormCol.mfc-six-twelve,

    .mktoForm .mktoFormCol.mfc-five-twelve,

    .mktoForm .mktoFormCol.mfc-four-twelve,

    .mktoForm .mktoFormCol.mfc-three-twelve,

    .mktoForm .mktoFormCol.mfc-two-twelve,

    .mktoForm .mktoFormCol.mfc-one-twelve, {

        width: 100%;

    }

}

</style>

The real advantage of this method is that you can design in advance a series of classes and document them so that your users are fully free to use them as they want in their forms.

 

-Greg

A Visual Look at GDPR Contributing Factors and Compliance Preparations

If you were to Google GDPR, your search would produce over 4 million results. That’s a lot of content! Assuming you don’t have time to read it all, the Perkuto team has compiled key stats to tell the story—consumer fears contributing to the legislation, how organizations are faring in their preparations and the ramifications of non-compliance.

From our research, the stats we found most interesting: 67% of Europeans surveyed cited they would share more personal information if brands were transparent about their intentions for data usage. (The Chartered Institute of Marketing, September 2016) In other words, GDPR is not a marketing deal-killer, but it is a game changer. Further, the stats suggest that with thoughtful data collection practices, we may even see an improvement in our data collection results.

Another interesting stat to note is that 77% of American corporations are making an investment of $1 million or more for GDPR preparedness. (GDPR Preparedness Pulse Survey, PwC US, January 2017) A significant investment, but also pennies on the dollar when considering the financial penalties at stake. We applaud their proactive approach.

Lastly, we are encouraged that 71% of organizations believe data governance will improve because of GDPR. (SAS Survey Data, June 2017) Though it may be challenging now, there is a light at the end of the tunnel—we will survive the preparation process, make the necessary adjustments and be better marketers because of it.

 

View the GDPR By the Numbers Infographic Now!

This post is part 2 of a 5-part series on GDPR readiness. In this previous post, I compared GDPR preparedness to a football game and the importance of both a solid offense and defense to win the game. To tackle the processing requirements of GDPR compliance, your defensive strategy involves operational adjustments and a well-documented game plan. Now, it’s time to turn our focus to the offense and strategies to help your marketing practices thrive in a GDPR world.

Many Marketo clients are asking questions about using marketing automation and lead scoring features given GDPR’s strict permission-based requirements to collect and store personal data. My answer is marketing operations and GDPR can coexist, with adjustments to our current methods. I believe GDPR will force us to improve our core marketing skills, and our GDPR playbook should include leveraging the benefits of our offering and easing customer anxiety associated with data collection.

Consent for Data Collection

Scenario: You are offering a free white paper or informational guide and you are collecting the customer’s name, email address, and phone number as a prerequisite to downloading. Behind the scenes, you are appending additional data to the record, including income and location as well as tracking online browsing behavior to score the lead.

Challenge: Under GDPR, brands must now have an individual’s consent before you may track and store personal data. Opt-out or implied consent forms do not comply with GDPR; further, you must also declare how you will use the data and for how long, including if you are appending information or scoring based on it. Therefore, the challenge is being GDPR compliant without introducing too much friction or anxiety with your form.

GDPR adjustment: Strengthen your landing page value proposition and incentive to increase customer motivation. Also add an unchecked opt-in checkbox to the bottom of your data collection form, including a link to your privacy policy. (Note: privacy policies must now be much more robust in detailing data usage.)

To implement: On a recent internet search, I found one suggestion to use this copy in your data collection form:

We’re collecting your name, phone number and email address so that we may follow-up with you further on this topic and provide additional assistance. We may also match profiling data from a third party with your registration information, to learn more about you and measure your product interests. Please check our privacy policy (insert link here) for details on how your information will be protected and managed.” (followed by a checkbox providing consent to collect this information)

This solution appears to be GDPR compliant and covers your bases…but it is lengthy and may “weigh down” your form and we may have also unnecessarily opened the door on customer anxiety. According to The Chartered Institute of Marketing, (September 2016), 57% of Europeans do not trust brands to use their data responsibly. Highlighting their concern will only increase apprehension. Thus, adding this verbiage to your form could reduce your conversion rate.

A common misconception, GDPR doesn’t mandate declaring everything on your form. You can state how you will use data, (including information to be appended and lead scoring practices) in your privacy policy—just don’t forget (or it will cost you big!)

A sample of a GDPR-compliant privacy policy regarding the opt-in checkbox on a form reads like this:

“The information set out in this form is registered in an electronic database for the purpose of [commercial prospection, HR…]. This information is intended to be communicated to [internal service of the company, commercial partners…] and retained for [the relationship, xxx months…]. In accordance with the applicable regulation, your rights to access and update your data, withdraw your consent or lodge complaint where applicable can be exercised by following this link [contact of the service, person or authority in charge…]

Just keep in mind a couple of things with your opt-in checkbox:

  • The opt-in checkbox cannot be a required field. Consent is an independent action from the marketing form action. In other words, if the form in question promotes a white paper, the user can download the white paper without opting in to further communication.

 

  • Consent language should make it clear that the checkbox is not needed to submit the form. (IE “Want MORE on this topic?) and should definitely link to your privacy policy. To step up your game, add a little note at the bottom of the form reminding them they can download your white paper without it.

 

Moving legal language to your privacy policy would enable you to use shorter, simpler, GDPR compliant copy on your form:

<Unchecked checkbox> “I’d like to receive more information on this topic, and understand and agree to the privacy policy. <insert link here>”

Short, sweet, to the point…on with the conversion. And the next example.

Cookie Tracking

Scenario: You are using reverse IP lookup and cookies (AKA Munchkin Code) on your site to identify repeat visitors and customize the user’s experience.

GDPR challenge: You must have consent to track visitor behavior. “By using this site, you agree to cookies” messages implying approval upon closure do not meet GDPR compliance. This is a departure from Do Not Track legislation.

GDPR adjustment: Use a banner across the top of your website notifying first-time users of cookie usage, capturing user consent. Then work with your developer to load Munchkin code with the proper settings.

To implement:

 

Read the full post and view examples of these solutions on the Perkuto Blog.

Looking to have field(s) + submit button all on one horizontal row?

Screen Shot 2018-01-23 at 11.00.17 AM.png

 

I was recently asked to help restyle a Marketo form to make it a single row, meaning just an email address and a submit button.  This isn't something available out of the box in Marketo and when I searched the community I couldn't find ready made code so I thought I'd share.

 

This can be done in the landing page editor, but it requires you to code in the form instead of placing it with the form object.

 

To start, grab an HTML object and place it on the page.

 

Screen Shot 2018-01-23 at 10.46.00 AM.png

 

Next, click on the gears and select Edit to open the HTML editor:

 

Screen Shot 2018-01-23 at 10.47.11 AM.png

Now, go to the form you want to use and select Form Actions > Embed Form

 

Screen Shot 2018-01-23 at 10.48.26 AM.png

 

This will open up a box with some code for you to copy and paste:

embed.png

 

Go back to your LP editor and paste that into the HTML dialog box.

 

Next, you'll need to add in some CSS and HTML.

 

Here's the HTML:

 

<div id="container">

     <div id="form-pane">

          <form id="mktoForm_24496"></form> CUT AND PASTE THIS LINE FROM THE CODE YOU JUST PASTED IN THE PRIOR STEP

     </div>

     <div id="submit">

         <p> Register Me!</p>

     </div>

</div>

 

Next, you'll need to add in some CSS above the HTML to do the magic.  Put this under the two script tags

 

<style>

.mktoButton { 

display: none;

}

#container {

display: flex;

width: 100%;

}

#form-pane {

width: 325px;

}

#submit {

flew-grow: 1;

background-color:Blue;

color: #fff;

height: 30px;

width: 150px;

text-align: center;

cursor: pointer;

}

</style>

 

The first style hides the native button. Then we create a container that can hold the form the form and your new submit button.  The form-pane needs to be the width of your field + label + space, so add up the the two widths and then factor in a little extra for breathing room, maybe 25px. The Submit code has a background color set for illustration purposes but in reality it doesn't need to if, for example, you want to use an image instead of text. Adjust the width and height as needed to get it perfect.

 

Finally, you'll need to add in code that will use the submit section to submit the form.  Here's that code, add it under the HTML:

 

<script>

var btn = document.getElementById("submit");

btn.onclick = function() {

    // When the button is clicked, get the form object and submit it

    MktoForms2.whenReady(function (form) {

        form.submit();

    });

};

</script>

 

And then you just need to approve and save your page and it's ready to go!

 

Screen Shot 2018-01-23 at 11.00.17 AM.png

 

In this example, clicking the button when the email address is empty will still invoke the validation rules

 

Go forth and be more creative than my example! Show me examples of your use of it in the comments and Like this post if you find it helpful.

The first post of a 5-part series on GDPR, we discuss the importance of preparing your marketing operations to meet compliance requirements or aligning your “defensive” strategy. In the next post, we’ll discuss options for building your “offense,” including ideas for collecting customer information in an engaging manner that’s also GDPR compliant.

If you watch football at all, you understand the importance of a good offensive and defensive strategy. You also know the impact of penalties and play reviews, sometimes the difference between victory and defeat. One ruling can be a total game changer.

We have a major game changer looming ahead for marketers. I’m, of course, referring to GDPR. I’ve been asked by many Marketo clients how the new consent-based legislation will impact the future of marketing operations. I won’t sugar coat it: marketers need to prepare for new challenges. GDPR was created with noble intentions to protect the privacy of consumers, and it will change our marketing landscape. A few specific examples:

  • Opt-in consent is required to email and retain personal data. Additionally, appropriate record keeping to verify permission is also required.
  • Lead scoring will be considered user profiling, which under GDPR, requires consumer consent. Similarly with propensity-to-purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use the consumer’s data in this capacity.
  • Data enhancements must be declared, and past data audited. If you are further enhancing your data from a third-party source, you may need to state the origin and the purpose. Keep in mind, anyone processing your prospects’ data must be GDPR compliant, too.
  • Data management: GDPR includes a host of consumer rights and protections, which marketers need to be prepared to accommodate.
  • Record disposal: We all hate to delete information. But under GDPR, we must delete records accumulated without opting in, and, remove data from individuals who withdraw consent or otherwise request deletion of their information.

 

Game Changer, Not Game Over

GDPR will require changes to current marketing practices, but it doesn’t have to kill your operations completely. Preparation and identifying your vulnerabilities is essential. To start:

Read the full post on the Perkuto Blog.