The Martech Guide to GDPR

Annie Stone | Director of Marketing Services

May 22, 2018

Is GDPR the end of marketing as we know it? While GDPR is not something to ignore, it doesn’t have to be something that stops your marketing in its tracks. This blog post will give you a basic understanding of what you need to know about GDPR to be prepared and to begin to develop a strategy for your organization.

So What Exactly is GDPR?

The General Data Protection Regulation (GDPR) is a European Union Privacy Law. The GDPR introduces new requirements for companies in several key areas:

  • Data portability
  • Right to data access
  • Right to rectification
  • Right to be forgotten
  • Breach notifications

Read more detail on the key areas of GDPR.

Does this apply to my business?

The GDPR applies only to EU citizens, but it applies to any organization anywhere in the world that might collect personal data from visitors coming from the EU. For instance, any EU website visitor that fills out a form or uses cookies, or interacts with advertising will be applicable to this policy no matter where the host organization is located.

What should I do to cover my bases?

Segmenting Your Audience

A great place to start is segmenting your contact data to separate EU contacts from the rest of your contacts within your databases. Be sure to consider all the systems where you keep contact data, like your email automation, CRM or digital advertising, etc. Once you have your lists segmented this way, you have some flexibility in how you deliver marketing communications in accordance with privacy laws.

Capture and Manage Privacy

Once you have segmentation in place, you will want to work on operationalizing privacy preferences across all your marketing activities so that it can be implemented and changed automatically and seamlessly, without depending on manual human entry.

Opt-ins

You will want to set up an Opt-in campaign to reach out to your EU audience segment to ask if they would like to opt-in to communications from your organization moving forward. This is a great way of cleaning your database and mining for active leads and influencers.

Keep in mind that the opt-in must be explicit. The individual you email should manually opt-in, for example by clicking a checkbox. Your privacy policy should also always be available.

Managing EU Opt-Outs

This step can be the most complex and laborious depending on your martech stack.

Your European audience has several new rights that will affect the way you will need to provide privacy preference data:

  1. “Right to data access” — they get to view all the data you have stored about them, how you collected it and how you use it.
  2. A clear description of communications preferences and easy management of them.
  3. The ability to opt out of any communications or of processing of their data.
  4. “Right to be forgotten,” meaning that your company must delete any and all information you have on the person from all your systems.

When you think of marketing automation systems, CRMs and email, you can imagine how much information you need to be able to generate for each customer.

When you add social media, browser and mobile device tracking, chatbots, location tracking, voice systems like Alexa, and more exotic methods of data collection, it gets quite extensive and integrating your systems together to see each customer profile from all channels becomes more of a must-have rather than a nice to have in order to meet these requirements.

Outbound Leads

Purchased lists will be the biggest lead generation tactic affected by the policy.  Buying lead lists with EU contact data or using a service that provides lead lists will carry serious GDPR violation risks. Make sure any lead list service or vendor you engage with will guarantee their lists are populated with people who have opted into marketing communications from other vendors.

Advertising

There are several different aspects of advertising that you need to consider, each affected by GDPR in different ways:

  • Cookie-based retargeting
  • Contact-based retargeting
  • Retargeting based on social media behavior
  • Look-a-like audiences on social media
  • IP targeting
  • Programmatic advertising

Read more about advertising in this new GDPR world.

Conclusion

As with all things GDPR, caution should be the priority. Certain rules around the GDPR are subject to interpretation and will likely evolve over time. We highly recommend you consult with your legal counsel and security professionals for specific direction and planning, this blog post should not be interpreted as legal advice.  While certain marketing practices will change due to the policy, they will also constantly evolve to serve the customer and their experience.
Recommended Next
Data & Insights
How to Track Clicks in the Shadow DOM with Google Tag Manager
Three coworkers seated in a conference room discussing a project
Data & Insights
Decoding Revised OCR Bulletin: Protecting Patient Data
Jason Hamrick Blog Graphic
Data & Insights
Using Customer Data to Uncover Audience Insights
Black pixels on a grey background