Hi,
Does anyone know anything about B2B double opt in processes and Best practices for Germany?
Solved! Go to Solution.
Come May 25, 2018, explicit consent will be required for all European countries as a result of the GDPR. More specifically, consent will be required for any person in the EU (irrespective of citizenship/residency) - even if they live/work in the US.
Today, we have a global "process opt-in requests" program set up that not only timestamps the opt-in request, but also associates the program that was responsible for it. And since we're a global company, we have an extended process for Germany, where double-opt-in is required (note the additional fields we use for future auditing purposes).
And for Germany:
Here's a graphic I put together a while ago.
Here are some links I've found to German law but, not being a German expert, I'm not positive if this is the best source:
Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG)
Bundesgesetzblatt (Federal Data Protection Act)
https://www.loc.gov/law/help/online-privacy-law/germany.php (Telemedia Act)
Consult your legal team.
But generally it is Double Opt In and you can find resources here or on marketingrockstarguides.com to learn how to set that up in Marketo.
Come May 25, 2018, explicit consent will be required for all European countries as a result of the GDPR. More specifically, consent will be required for any person in the EU (irrespective of citizenship/residency) - even if they live/work in the US.
Today, we have a global "process opt-in requests" program set up that not only timestamps the opt-in request, but also associates the program that was responsible for it. And since we're a global company, we have an extended process for Germany, where double-opt-in is required (note the additional fields we use for future auditing purposes).
And for Germany:
Hi Dan,
Thanks for your detailed answer. this process definitely will work for new leads/contacts.
Do you have any suggestions for existing contacts/leads?
Hi Sule - this works for existing leads as well. While we still can (in some countries), we'll be running a variety of highly relevant opt-in campaigns to encourage folks to opt-in to receive future marketing from us. In fact, we'll be promoting a new preference center to let users opt-in to content types that interest them. We're trying to take advantage of every touchpoint from now until next May to grow our in-house permission marketing database (which is why I hope Marketo strengthens this capability, for example:
You'll also want to ensure that every form has the ability for a user to opt-in (gated content, contact us, event registration, etc.).
Thank you!
All our forms have the ability for a user to opt-in, however, opt-in field is not mandatory.
I believe that shouldn't make it mandatory, any thoughts?
Definitely do not make it a mandatory field. In fact, this will be illegal under GDPR, which states: “there should be a genuine choice on the part of the data subject when providing their data and that they should not have been misled, intimidated or negatively impacted by withholding consent.”
Hi Dan,
Will your GDPR countries be automatically opted out unless they click the button to opt in?
Can you discuss how you are determining the record's citizenship and or location?
Hi Eric - good questions. Today, we capture country value on every one of our forms. Usually, this will refer to their work location/residency (not citizenship). So our legal team is considering applying GDPR compliance across all countries to minimize risks. There's still some outstanding legislation that has yet to be finalized - part of the ePrivacy directive (which could influence GDPR) - that allows us to continue to market to existing customers (B2B). And then of course, there's the whole "legitimate interest" card.
We're still waiting on final guidance from Legal, but given the potential fines involved, I suspect they'll take a very conservative stance here. And yes, GDPR will significantly restrict who we can market to after May 2018. To be honest, I'm more concerned with the laws around cookie consent (rather than email consent) - and significantly limiting the core capabilities of Marketo. https://onetrust.com/gdpr-compliance-means-cookie-notices-must-change/