The day is fast approaching: May 25, 2018, the first day of GDPR enforcement.
The day of reckoning for marketers who didn’t build a subscription center.
The day of reckoning for marketers who haven’t opted in people from the start.
The day your hard work needs to be done.
The good news is that this is the right time to make the pitch for Permission Marketing where everyone is opted in and expecting your message, rather than foisting it upon them. It’s the best time to allocate resources to making marketing treat your audience the way you want to be treated. It’s the right time to Operationalize what you know is the right thing to do.
This is an Opportunity to go from something you know your Marketing team should do, to one that you must do.
I want to share a few of the resources I’ve come across for Operationalizing many of the GDPR rules. Please keep in mind this is not legal advice. Please review the resources and work with your Legal Counsel to properly setup your system for Consent Management.
Overviews of GDPR
- Understanding GDPR [Marketo webinar]
- GDPR Summary for Marketo Customers
- Sirius Decisions Privacy Compliance Model
- Perkuto’s GDPR Resource Center
Operationalization of GDPR and Privacy
- Building a Full Subscription Center – one of the key parts is to be explicit about the kinds of communication the Lead can opt in to. It is no longer enough to have a generic “opt in”.
- GDPR and The Marketer: A Practical Guide [Marketo] – this is a pretty good guide that describes a number of key things to build inside Marketo to manage consent.
Basics of GDPR
Here’s the quick run down from what I’ve seen so far:
- Opt-in or Double Opt In systems will be mostly compliant if you built them already.
- Record Consent for Email, Phone, and Website communications.
- Encrypt all systems and all transfers between systems. [Update: transfers should be encrypted, however, disk level encryption may not be always required. Please review with your Legal and IT teams.]
- Stop sharing Spreadsheets (Use a secure file service).
- Work with Third Party Vendors to ensure proper opt in and transfer compliance.
- Setup rules to handle data from each Country. Make sure Marketers know this.
- Consider using Workspaces and Lead Partitions to reduce access to “need to know” staff.
- If you’re CASL Compliant already, much of the work may already done.
- Event Opt In Matters – record consent!
- Consider calling your work “Consent Management”.
- Securing your database – use Admin tools to lock down your system.
Again, please work with your Legal team to ensure your processes are fully GDPR compliant.
[Updated: Mar 17, 2018 with new content]