It’s GDPR GO Time- Are you Ready?

Michelle_Miles3
Level 9 - Champion Alumni
Level 9 - Champion Alumni

Years in the making, months of blogging and it’s finally here: GDPR becomes officially enforceable in a matter of hours. Are you ready?

If not, here are a few quick pointers and resources to assist in your efforts.

Consent

The topic of consent is easily the most discussed. Key points:

Explicit permission is required; implied consent no longer qualifies.  If you are claiming legitimate interest, consult your legal team first.

Documentation is just as necessary as capturing consent.  All EU records in your database should have:

  • Opt-in date and timestamp
  • Opt-in source
  • Opt-in IP address (if available)

Remember, you can’t “buy” consent.  In other words, you cannot make consent a requirement to downloading a promoted white paper.  You CAN include a consent option on your form as an unchecked checkbox.

Be sure to Link all your forms and communications to your privacy policy.  Let your privacy policy do the heavy lifting, meaning contain all the details about data usage, storage, and protection.

Transparency in Data Usage

Under GDPR, lead scoring is considered user profiling, which now requires user consent. The same thing with any other propensity to purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use an individual’s data in this capacity.

Data enhancements must also be declared, and past data audited. If you are enriching your data from a third party source, you need to state the origin and purpose.  Also think about where in the cycle your enrichment occurs, to avoid paying for enhancement if you do not have permission to retain records in your database or if data is kept for a limited period. (Ex: event reminders)

Munchkin code / Cookies

GDPR changes how we can use cookies but does not entirely rule it out. Cookie usage must be declared; “by using this website you agree…” messages no longer comply.  Visitors must be given the option to accept or decline cookie tracking.  If they refuse, then you have no choice but to disable cookies.

Just a reminder too, you will most likely need to change your setting that loads munchkin code as this is a departure from the current Do Not Track legislation.

Adjustments you’ll need to make:

  • Turn on ‘Do Not Track’ Settings in Marketo Admin
  • Post a Cookie Policy
  • Evaluate API Cookie Management Platforms - this will become more important with upcoming EU ePrivacy Directive legislation, which has different requirements for various types of cookies.

For more information, see the Marketo Dev site for details on configuring Munchkin code settings.

Preference Center

You will need to build a preference center to process the requests from individuals exercising their GDPR rights.

These rights include:

  • Opt-in and unsubscribes
  • Data exports and transfers
  • Data breach notifications
  • Policy requests
  • Data erasure (AKA “the right to be forgotten”)

Marketing

Marketing messages and analytics will change. Between consent for cookies (which may limit the behavioral data you have to score from) and the right to be forgotten, many of us are concerned that we won’t be able to track marketing performance and customer journeys for our websites accurately. In all honesty, your internal KPIs and goals will need adjustment. Make sure you know all of your April numbers and conversion rates so that you can see how to reset your goals to account for GDPR changes.

For other marketing ideas and tips, download our free GDPR Toolkit, loaded with helpful information and practical resources, including:

  • GDPR Marketing Communications LookBook- creative suggestions and visual examples for post-GDPR marketing.
  • A recording of my Marketo Summit presentation, Fearless Marketing in a GDPR World, which includes screenshots of how to set-up a preference center and data rights flow in Marketo.
  • GDPR FAQ eBook: Legal Questions. Straightforward Answers.
  • The Marketo Client’s Guide to GDPR Compliance
  • GDPR Data Processor Compliance Assessment

Get your free toolkit: http://bit.ly/2wvF1OZ

Stay informed

GDPR is just beginning, updates (and fines!) are sure to follow.  Learn from the missteps of other companies and adjust as grey areas are clarified—to stay informed on GDPR news, decisions and enforcement updates, subscribe to the ICO RSS feed: https://ico.org.uk/global/rss-feeds/

GDPR is here; it’s not the end but only the beginning.  Are you ready?

4770
4
4 Comments
Helen_Abramova1
Level 5

Thank you Michelle! Very helpful.

Michelle_Miles3
Level 9 - Champion Alumni

thanks!

Neil_Robertson6
Level 5

Good advice, but incomplete and misleading in some areas -there are 5 other ways to capture (and log) consent (contract etc) - this is not simply about “did I have checkbox ticked) and some cases.   Explicit consent is only required if you‘re  processing sensitive data. Art 4(11))

Michelle_Miles3
Level 9 - Champion Alumni

Yes, this was meant to be a quick summary. I have detailed consent and legitimate interest further in other articles. I hope it's helpful!