Long gone are the days when only your organization’s data security professionals had an obligation to secure and protect your data. It is now an incumbent function of a marketer’s role to also ensure that data is safeguarded. Enter GDPR.
What is GDPR? A newer and stricter European privacy law, the GDPR technically stands for “General Data Protection Regulation.” But there’s nothing ‘general’ about the GDPR. Now, you’re probably asking yourself, what does this have to do with me as a marketing professional if my company is US-based? No matter where you reside, the GDPR applies, as long as your organization offers goods and/or services, collects, or analyzes any data for anyone who resides in one of the 28 countries of the European Union. There are many facets of this regulation that affect a Marketing Automation professional’s accountability, and reaffirm the necessity of keeping all consumer and prospect personal data secure and compliant.
What Are the 6 Key Principles of the GDPR?
Data must be:
- Processed lawfully, fairly and transparently
- Collected only for specific, explicit legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Stored only as long as is necessary
- Handled to ensure appropriate security, integrity and confidentiality
How do the 6 key principles of the GDPR have a direct correlation to Marketing Automation efforts?
Consider some of the following questions:
- Do you have any data in your Marketing Automation platform whose country field contains any one of the 28 European Union countries? Any missing country field data?
- Do you have any automated campaigns running that profile your data based on behavior and/or preferences?
- Do you have any forms where your opt-IN boxes are pre-checked?
- Have all your records ‘opted-IN,’ giving you express consent to market to them?
- Do you have records where the lead origination date is more than 2 years old?
If you answered “Yes” to any of the above questions, you are possibly at risk for GDPR non-compliance, and will need to do some work straightaway to prepare for the May 25, 2018 deadline.
Here are some steps that you can take NOW to prepare:
- Do an audit on all data used in your marketing initiatives—immediately. If you have any agencies or third parties that are marketing on your behalf, that data is subject to GDPR laws as well.
- Look for any Country information that you may have in your database where the lead resides in one of the 28 countries of the European Union. These countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK. Run a segmentation on these to push into a separate GDPR list.
- Look for any missing Country information on your leads. If there are null fields, and you can’t easily determine the country of residence, put these leads (for now) into an inactive marketing list. Do not market to them digitally until you find and populate this information in your database.
- If you are running any campaigns that profile your data for use in digital marketing based on predictive behaviors or preferences, halt those campaigns or, at the very least, filter out your European Union country-based addresses.
- Review any forms that reside in your marketing automation platform, as well as any existing website forms that disseminate information directly into your marketing database(s). Ensure that none of those forms have any opt-IN boxes that are pre-checked.
- If there are leads in your system that have not directly ‘opted-IN’ to your communications within the past two years, or for anyone who is being marketed to simply because they did not ‘opt-OUT’ in the past, consider re-sending or initiating an opt-IN campaign before May 25, 2018.
- Maintaining documentation on consent is crucial. To do this, make sure you have an audit trail in place that reflects the following:
- How the lead was originally generated (Lead Source)
- What day day and time the lead actually ‘opted-IN’ to your database (Opt-IN Date and Time Stamp)
Consequences of GDPR Non-Compliance:
GDPR administrative non-compliance fines can soar as high as 20 million euros, (note, that’s almost 25 million US dollars) or 4 percent of the annual global revenue for your company, whichever is highest.
In essence, the GDPR is not something to take frivolously. As a marketing professional, you have both a responsibility and an accountability to ensure that the rules of the GDPR are taken most earnestly in your organization’s marketing initiatives.
Lastly, don’t think of this as adverse news at all. Companies that show that they are committed to taking citizens’ private data rights seriously may very well have a positive effect on an individual’s choice of who they want to do business with for the long term. By the way, a GDPR program is a great new loyalty campaign idea for you.
Latest posts by Angela Dalmas (see all)
- MAY 25, 2018: Why Marketing Automation Professionals Need to Be Prepared for This Date - March 12, 2018
- The Magic of ABMA (Account Based Marketing Automation) - June 20, 2017
- Getting Started with Marketing Automation - February 21, 2017