Years in the making, months of blogging and it’s finally here: GDPR becomes officially enforceable in a matter of hours. Are you ready?
If not, here are a few quick pointers and resources to assist in your efforts.
The topic of consent is easily the most discussed. Key points:
Explicit permission is required; implied consent no longer qualifies. If you are claiming legitimate interest, consult your legal team first.
Documentation is just as necessary as capturing consent. All EU records in your database should have:
- Opt-in date and timestamp
- Opt-in source
- Opt-in IP address (if available)
Remember, you can’t “buy” consent. In other words, you cannot make consent a requirement to downloading a promoted white paper. You CAN include a consent option on your form as an unchecked checkbox.
Transparency in Data Usage
Under GDPR, lead scoring is considered user profiling, which now requires user consent. The same thing with any other propensity to purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use an individual’s data in this capacity.
Data enhancements must also be declared, and past data audited. If you are enriching your data from a third party source, you need to state the origin and purpose. Also think about where in the cycle your enrichment occurs, to avoid paying for enhancement if you do not have permission to retain records in your database or if data is kept for a limited period. (Ex: event reminders)
Munchkin code / Cookies
Just a reminder too, you will most likely need to change your setting that loads munchkin code as this is a departure from the current Do Not Track legislation.
Adjustments you’ll need to make:
- Turn on ‘Do Not Track’ Settings in Marketo Admin
- Evaluate API Cookie Management Platforms - this will become more important with upcoming EU ePrivacy Directive legislation, which has different requirements for various types of cookies.
For more information, see the Marketo Dev site for details on configuring Munchkin code settings.
You will need to build a preference center to process the requests from individuals exercising their GDPR rights.
These rights include:
- Opt-in and unsubscribes
- Data exports and transfers
- Data breach notifications
- Policy requests
- Data erasure (AKA “the right to be forgotten”)
Marketing messages and analytics will change. Between consent for cookies (which may limit the behavioral data you have to score from) and the right to be forgotten, many of us are concerned that we won’t be able to track marketing performance and customer journeys for our websites accurately. In all honesty, your internal KPIs and goals will need adjustment. Make sure you know all of your April numbers and conversion rates so that you can see how to reset your goals to account for GDPR changes.
For other marketing ideas and tips, download our free GDPR Toolkit, loaded with helpful information and practical resources, including:
- GDPR Marketing Communications LookBook- creative suggestions and visual examples for post-GDPR marketing.
- A recording of my Marketo Summit presentation, Fearless Marketing in a GDPR World, which includes screenshots of how to set-up a preference center and data rights flow in Marketo.
- GDPR FAQ eBook: Legal Questions. Straightforward Answers.
- The Marketo Client’s Guide to GDPR Compliance
- GDPR Data Processor Compliance Assessment
Get your free toolkit: http://bit.ly/2wvF1OZ
GDPR is just beginning, updates (and fines!) are sure to follow. Learn from the missteps of other companies and adjust as grey areas are clarified—to stay informed on GDPR news, decisions and enforcement updates, subscribe to the ICO RSS feed: https://ico.org.uk/global/rss-feeds/
GDPR is here; it’s not the end but only the beginning. Are you ready?