The first post of a 5-part series on GDPR, we discuss the importance of preparing your marketing operations to meet compliance requirements or aligning your “defensive” strategy. In the next post, we’ll discuss options for building your “offense,” including ideas for collecting customer information in an engaging manner that’s also GDPR compliant.
If you watch football at all, you understand the importance of a good offensive and defensive strategy. You also know the impact of penalties and play reviews, sometimes the difference between victory and defeat. One ruling can be a total game changer.
We have a major game changer looming ahead for marketers. I’m, of course, referring to GDPR. I’ve been asked by many Marketo clients how the new consent-based legislation will impact the future of marketing operations. I won’t sugar coat it: marketers need to prepare for new challenges. GDPR was created with noble intentions to protect the privacy of consumers, and it will change our marketing landscape. A few specific examples:
- Opt-in consent is required to email and retain personal data. Additionally, appropriate record keeping to verify permission is also required.
- Lead scoring will be considered user profiling, which under GDPR, requires consumer consent. Similarly with propensity-to-purchase calculations—if you are using this to schedule follow-up sales calls, you must have permission to use the consumer’s data in this capacity.
- Data enhancements from Marketo’s MAP (marketing automation platform) must be declared, and past data audited. If you are further enhancing your data from a third-party source, you may need to state the origin and the purpose. Keep in mind, anyone processing your prospects’ data must be GDPR compliant, too.
- Data management: GDPR includes a host of consumer rights and protections, which marketers need to be prepared to accommodate.
- Record disposal: we all hate to delete information. But under GDPR, we must delete records accumulated without opting in, and, remove data from individuals who withdraw consent or otherwise request deletion of their information.
Game Changer, Not Game Over
GDPR will require changes to current marketing practices, but it doesn’t have to kill your operations completely. Preparation and identifying your vulnerabilities is essential. To start:
Audit your database. Do all records have correct (normalized) country data tied to them? How many EU names are in your database? Are they viable? Knowing this will help assess the potential impact GDPR has on you
Assess your data practices. How are names accumulated and how are they used? Are your data practices documented? Documentation is also a key component of GDPR compliance.
Evaluate your systems impact. Do you have automated lead scoring, nurture or telemarketing processes that need to be reviewed? Where is all of your data stored – on an account, or do you have valuable firmographic data buried on person records?
Evaluate your team structure. Who can design data collection forms? Who has access to your database? Assigning and documenting roles and permissions are important, especially in the unfortunate event of a data breach.
These items are just the beginning, and there are many more requirements to becoming fully GDPR compliant. With a compliance deadline of May 25, 2018, it’s game on. We’ve reached the 2-minute warning…if you don’t have a proactive game plan, you are running out of time. GDPR is a game changer; get your defensive strategy in motion. In our next post, we’ll discuss ideas for developing your offensive strategy to engage your customers better and still meet GDPR requirements.
Need help evaluating your data practices and processes? Get your questions answered or request a GDPR readiness assessment by our team of Marketo Certified Solutions Architects.