GDPR: A Game Changer for Marketing Operations

Michelle_Miles3
Level 9 - Champion Alumni
Level 9 - Champion Alumni

The first post of a 5-part series on GDPR, we discuss the importance of preparing your marketing operations to meet compliance requirements or aligning your “defensive” strategy. In the next post, we’ll discuss options for building your “offense,” including ideas for collecting customer information in an engaging manner that’s also GDPR compliant.

If you watch football at all, you understand the importance of a good offensive and defensive strategy. You also know the impact of penalties and play reviews, sometimes the difference between victory and defeat. One ruling can be a total game changer.

We have a major game changer looming ahead for marketers. I’m, of course, referring to GDPR. I’ve been asked by many Marketo clients how the new consent-based legislation will impact the future of marketing operations. I won’t sugar coat it: marketers need to prepare for new challenges. GDPR was created with noble intentions to protect the privacy of consumers, and it will change our marketing landscape. A few specific examples:

  • Opt-in consent is required to email and retain personal data. Additionally, appropriate record keeping to verify permission is also required.
  • Lead scoring will be considered user profiling, which under GDPR, requires consumer consent. Similarly with propensity-to-purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use the consumer’s data in this capacity.
  • Data enhancements must be declared, and past data audited. If you are further enhancing your data from a third-party source, you may need to state the origin and the purpose. Keep in mind, anyone processing your prospects’ data must be GDPR compliant, too.
  • Data management: GDPR includes a host of consumer rights and protections, which marketers need to be prepared to accommodate.
  • Record disposal: We all hate to delete information. But under GDPR, we must delete records accumulated without opting in, and, remove data from individuals who withdraw consent or otherwise request deletion of their information.

Game Changer, Not Game Over

GDPR will require changes to current marketing practices, but it doesn’t have to kill your operations completely. Preparation and identifying your vulnerabilities is essential. To start:

Read the full post on the Perkuto Blog.​

10575
30
30 Comments
Grégoire_Miche2
Level 10

Yes, fully agreed.

Kevin_McMahon1
Level 5

I've read lots of discussions on the community about treating GDPR as global policy, but my manager is hesitant because of exactly what you said - the affect it will have on our marketing in the US. I don't see how we can ensure compliancy unless treating it as global policy, so how do I best get my point across?

Michelle_Miles3
Level 9 - Champion Alumni

Kevin McMahon​ I think you could offer an opt-in globally, and record proper documentation each time you capture it. However, you could still market to US folks if they ignore the opt in, so long as they haven't unsubscribed. If you have data management campaigns that marketing suspend folks who need to opt in and haven't (be sure to include the reason incase they opt in later and you want to unsuspend them) this is fairly simple to manage. This way, you'll have global practices in place and be prepared should email legislation tighten in the US, but you won't miss out on current opportunities.

Kevin_McMahon1
Level 5

Thanks Michelle that's super helpful! But how can we ensure people are in the US and our Country data is 100% correct? For example if someone who lives in the US moves to the EU, but the Country field still says US. Aren't we in violation for emailing them if they haven't double opted in?

Michelle_Miles3
Level 9 - Champion Alumni

You are in violation if they haven't opted in. Double opt-in is only a requirement in Germany. This is always a risk. I always include country of residence on forms as a required field and capture the IP address upon opt in (using a trigger token) to help beef up my data. If you are GDPR compliant in all other security and transparency aspects, that should help if you email someone who moves. Hopefully, they would first ask for erasure rather than go straight to a lawsuit, and you would have the opportunity to comply.

Grégoire_Miche2
Level 10

Hi Michelle,

DOI is an official requirement in Germany only, agreed. BUT... without DOI, you can never be sure that the person who gave you the content is who she says she is, which could create liabilities in all other EU countries. A lot of discussions are going on at the moment with my customers about whether or not they should implement DOI, and as always, everyone has a different opinion

-Greg

Michelle_Miles3
Level 9 - Champion Alumni

Agreed! I find the opinions tend to be based on how mature subscription and consent management procedures were prior to beginning GDPR compliance work.

Grégoire_Miche2
Level 10

Yes, this is very true !

At the end of the day, we have a couple of situations in which, as HQ and local DPO and lawyers are having different recommendations and the Marketing team is asking the local CEO to decide what level of compliance / risks / business impact he or she is willing to take.

-Greg

Kevin_McMahon1
Level 5

This is great thank you!

Michelle_Miles3
Level 9 - Champion Alumni

I'm seeing these situations too. Until we see how GDPR is enforced, I think there will be a lot of this.