Is Your Marketing Automation Platform Ready to Comply with Upcoming GDPR Requirements?
GDPR is a new, comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. It will begin to be enforced May 25, 2018.
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider. It will also apply to non-EU businesses who:
a) market their products to people in the EU, or who
b) monitor the behavior of people in the EU.
In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
What is the GDPR?
The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU or not. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations regarding data collection. Some of the key principles are:
- Transparency on how data will be used and what it will be used for.
- Ensuring that the data collected is used only for the purposes explicitly specified at the time of collection.
- Limiting the data collection to what is necessary to serve the purpose for which it is collected.
- Ensuring the data is accurate.
- Storing the data for only as long as necessary within its intended purpose.
- Prevention against unauthorized use or accidental loss of the data through deployment of appropriate security measures.
What is the Penalty?
Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.
How Specifically Do You Comply?
GDPR compliance will involve several steps of updating your marketing operations at all touchpoints with customers. You will need to update your privacy policy, add data collection fields to your forms, update your subscription center, and ensure data is secure, etc. Hubspot provides a helpful checklist (get documentation here).
We’ve compiled links to several marketing automation platforms’ documentation for GDPR compliance. We have found that most of the platforms provide specific shortcuts to implement changes to form fields and data maintenance.
We found this guide from Marketo especially helpful, even if you’re not a Marketo user. It provides specific examples of fields to add to your forms (get documentation here).
Anybody using the Salesforce Marketing Cloud has multiple touchpoints and products within the cloud to update. They provide comprehensive documentation (get documentation here).
Here’s a guide provided by Oracle Marketing Cloud (get documentation here).
Here’s a guide provided by IBM Watson (get documentation here).
If You Need Help Updating Your Marketing Automation Platform for GDPR Compliance, Contact Us
If you need help with updating your marketing automation platform for GDPR compliance, we can help. We help clients manage their campaigns on several email platforms. Contact us for a free consultation!
The Author
Founder and President, Beasley Direct and Online Marketing, Inc.
Chair, DMAnc
