By Michelle Miles January 16, 2018

GDPR: A Game Changer for Marketing Operations

The first post of a 5-part series on GDPR, we discuss the importance of preparing your marketing operations to meet compliance requirements or aligning your “defensive” strategy. In the next post, we’ll discuss options for building your “offense,” including ideas for collecting customer information in an engaging manner that’s also GDPR compliant.

If you watch football at all, you understand the importance of a good offensive and defensive strategy. You also know the impact of penalties and play reviews, sometimes the difference between victory and defeat. One ruling can be a total game changer.

We have a major game changer looming ahead for marketers. I’m, of course, referring to GDPR. I’ve been asked by many Marketo clients how the new consent-based legislation will impact the future of marketing operations. I won’t sugar coat it: marketers need to prepare for new challenges. GDPR was created with noble intentions to protect the privacy of consumers, and it will change our marketing landscape. A few specific examples:

Game Changer, Not Game Over 

GDPR will require changes to current marketing practices, but it doesn’t have to kill your operations completely. Preparation and identifying your vulnerabilities is essential. To start: 

Audit your database. Do all records have correct (normalized) country data tied to them? How many EU names are in your database? Are they viable? Knowing this will help assess the potential impact GDPR has on you

Assess your data practices. How are names accumulated and how are they used? Are your data practices documented? Documentation is also a key component of GDPR compliance.

Evaluate your systems impact. Do you have automated lead scoring, nurture or telemarketing processes that need to be reviewed? Where is all of your data stored – on an account, or do you have valuable firmographic data buried on person records?

Evaluate your data collection forms. Is your consent box pre-checked? (if so, uncheck it) Is there a link to your privacy policy on each one? Is your privacy policy clear, easy to understand and easily accessible? Explicit consumer consent and transparency in data usage are other GDPR requirements.

Evaluate your team structure. Who can design data collection forms? Who has access to your database? Assigning and documenting roles and permissions are important, especially in the unfortunate event of a data breach.

These items are just the beginning, and there are many more requirements to becoming fully GDPR compliant. With a compliance deadline of May 25, 2018, it’s game on. We’ve reached the 2-minute warning…if you don’t have a proactive game plan, you are running out of time. GDPR is a game changer; get your defensive strategy in motion. In our next post, we’ll discuss ideas for developing your offensive strategy to engage your customers better and still meet GDPR requirements.

Need help evaluating your data practices and processes? Get your questions answered or request a GDPR readiness assessment by our team of Marketo Certified Solutions Architects.

Michelle Miles

VP of Consulting Services at Perkuto | Marketo Champion

Marketo Certified Solutions Architect and MBA. Passionate about solving marketing automation challenges and process optimization. Two energetic children.

6 Responses to “GDPR: A Game Changer for Marketing Operations”

  1. Jon Larsen says:

    Thanks for this article! However, you say, “These items are just the beginning, and there are many more requirements to becoming fully GDPR compliant.” Are you going to provide details on ALL of the requirements in the upcoming 4 posts, or at least link us to resources to make sure we are fully compliant?

    • Michelle Miles says:

      Thanks for reading and for your comments! GDPR is an extensive legislation (108 recitals!) covering many different areas of how data is collected, used, managed and stored. We do have a white paper we’ll soon be releasing, “The Marketo Client’s Guide to GDPR Compliance” that will offer additional preparation guidance, or our team of Marketo Certified Solutions Architects would be happy to conduct a GPDR Readiness Assessment and develop a compliance action plan tailored to your needs. Due to the complexities, it’s impossible for us to cover every aspect of GDPR in our blog or even the white paper.

  2. The question I get asked most, and the pushback that is most used, is “but does this apply to B2B?” “this is only for consumer data and we don’t have to worry about it”. Can you clarify? For example, if a company is using lead scoring to qualify business leads according to job title, is that covered by your point 2? And do companies who operate on a B2B basis need to start deleting all the lists of data that they’ve gather over the years, before the absolute requirement to opt in comes into force?

    • Michelle Miles says:

      Hello – thanks for reading. Yes, GDPR applies to B2B companies. “Personal information” applies to anything that makes a person identifiable – such as a business email address. If your business markets to, does business with, or simply stores or processes the personal or business information of EU residents, you are subject to GDPR requirements regardless of your location. Job title and lead scoring are both impacted by GDPR. I recommend that companies immediately implement campaigns to proactively opt-in viable leads in their database prior to GDPR (be sure to update your privacy policy!), and begin database cleansing initiatives to purge leads that are not viable and are not compliant.

  3. Emily says:

    Thanks for all of the help on this topic. My question is, what does “correct (normalized) country data” mean?

    • Hello Emily,

      In general, normalized country data refers to a standard list of country names, for example:

      – USA (instead of U.S.A., United States, US, U.S., etc.)
      – UK (instead of England, United Kingdom, U.K., etc.)
      – Germany (instead of DE, DEU, Deutschland, etc.)

      The specific values will vary according to how you set them up; however, the point is with correct country data in your database, you can then accurately identify the compliance requirements that apply to specific records in your database, as well as improve the overall health of your data.

Leave a Reply

Your email address will not be published. Required fields are marked *

B2B Marketing Zone