GDPR: A Game Changer for Marketing Operations

Michelle_Miles3
Level 9 - Champion Alumni
Level 9 - Champion Alumni

The first post of a 5-part series on GDPR, we discuss the importance of preparing your marketing operations to meet compliance requirements or aligning your “defensive” strategy. In the next post, we’ll discuss options for building your “offense,” including ideas for collecting customer information in an engaging manner that’s also GDPR compliant.

If you watch football at all, you understand the importance of a good offensive and defensive strategy. You also know the impact of penalties and play reviews, sometimes the difference between victory and defeat. One ruling can be a total game changer.

We have a major game changer looming ahead for marketers. I’m, of course, referring to GDPR. I’ve been asked by many Marketo clients how the new consent-based legislation will impact the future of marketing operations. I won’t sugar coat it: marketers need to prepare for new challenges. GDPR was created with noble intentions to protect the privacy of consumers, and it will change our marketing landscape. A few specific examples:

  • Opt-in consent is required to email and retain personal data. Additionally, appropriate record keeping to verify permission is also required.
  • Lead scoring will be considered user profiling, which under GDPR, requires consumer consent. Similarly with propensity-to-purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use the consumer’s data in this capacity.
  • Data enhancements must be declared, and past data audited. If you are further enhancing your data from a third-party source, you may need to state the origin and the purpose. Keep in mind, anyone processing your prospects’ data must be GDPR compliant, too.
  • Data management: GDPR includes a host of consumer rights and protections, which marketers need to be prepared to accommodate.
  • Record disposal: We all hate to delete information. But under GDPR, we must delete records accumulated without opting in, and, remove data from individuals who withdraw consent or otherwise request deletion of their information.

Game Changer, Not Game Over

GDPR will require changes to current marketing practices, but it doesn’t have to kill your operations completely. Preparation and identifying your vulnerabilities is essential. To start:

Read the full post on the Perkuto Blog.​

10577
30
30 Comments
Dan_Stevens_
Level 10 - Champion Alumni

Great post, Michelle!  The other "consent" piece that isn't mentioned here is around cookie consent (e.g., Munchkin tracking).  IMO, this can potentially have the biggest impact on how we operate as best-practice/modern marketers.  If we now need consent to track behaviors/engagement/activity etc., the value of the platforms we use today - like Marketo - will significantly diminish.

Profiling is another big game changer.  IMO, preventing this type of activity serves no benefit at all to the end-user since it will make it very difficult to provide relevant experiences in our marketing efforts (e.g., delivering personalized/relevant content to advanced leads that are within a specific persona/industry segment).  For example, dynamic/custom content for leads with IT titles who are close to becoming marketing-qualified (high lead score/engagement).

Also, I received some additional clarification - from both our legal team and outside experts - that defines WHO exactly does GDPR apply to.  GDPR applies to EU data subjects IN THE EU.  Meaning both EU residents and people that are in the EU (travel, vacation, assignment, etc.).  It does not extend to EU citizens.  So if a German citizen works for JP Morgan in NY (and lives in NY), GDPR does not apply to that person.  But if I - as a US citizen - take a 2-week vacation to Europe, GDPR applies to me during that 2-week period.

Michelle_Miles3
Level 9 - Champion Alumni

I agree on all counts! This is consistent with the advice from our lawyers, and I am addressing many of these issues - including cookies - in my next post. I should have it ready next week.

Amanda_Thomas6
Level 9

Great Idea! Thanks for sharing your knowledge on this subject!

Michelle_Miles3
Level 9 - Champion Alumni

Thanks Amanda Thomas! Happy to share! I have a lot more content in the works; we love helping marketers succeed. I should have my next post out on Tuesday detailing some offensive marketing strategies for GDPR-compliant, opt-in consent.

Michelle_Miles3
Level 9 - Champion Alumni

View Part 2 of the blog here: Marketing Strategies to Thrive in a GDPR World 

Dan_Stevens_
Level 10 - Champion Alumni

The EU just released some formal Marketing guidance on GDPR (specific around legal grounds for processing the data: Legal grounds for processing data | European Commission) - and thought it would make sense to include it here, in this discussion.  While purchasing lists has never been a best practice; and often result in very poor response rates, there is some specific guidance here:

Can data received from a third party be used for marketing? | European Commission

Before acquiring a contact list or a database with contact details of individuals from another organisation, that organisation must be able to demonstrate that the data was obtained in compliance with the General Data Protection Regulation and that it may use it for advertising purposes.

There is also clarifications on existing records of consent:

Does consent given before 25 May 2018 continue to be valid once the GDPR starts to apply on 25 May 2...

If the consent provided by a person prior to the General Data Protection Regulation (GDPR) is in line with the conditions of the GDPR, then there is no need to ask again for the individual’s consent. Your company/organisation has to make sure that the consent given before the GDPR meets the conditions set out in the GDPR.

Here's how we've been capturing opt-in consent for the past couple of years or so (and then, of course, there is additional context/audit data contained in the activity log for each lead):

pastedImage_0.png

Anonymous
Not applicable

Hi Dan

Is this opt in sufficient, I was under the impression we had to be explicit on what we are asking people to opt in to eg, marketing campaigns, events, whitepapers etc and how do I go about creating these opt-ins?

Grégoire_Miche2
Level 10

HI Dan,

Unfortunately, the links do not appear to work.

-Greg

Dan_Stevens_
Level 10 - Champion Alumni

Shena - yes, you definitely need to explain what they‘re opting into.  Whether you direct them to a more refined "preference center" or place the explanation next to the opt-in checkbox - for example:

pastedImage_0.png

It's recommended though that you develop a preference center approach as this will potentially minimize full opt-outs and allow users to select just the content that their interested in - for example:

pastedImage_1.png

Dan_Stevens_
Level 10 - Champion Alumni

Hmm, the pages are still there - they completely changed the URLs of them.  I've updated them in my post above.