Top 5 Marketing Considerations for the GDPR
Given the focus these days on how enforcement of the General Data Protection Regulation (the GDPR) will affect marketing, it’s interesting to note the big impact marketing operations and the explosive pace of marketing technologies have had on data privacy in general. In a day and age where we all have tracking devices in our pockets and purses (i.e. your mobile phone), it’s clear that tech-savvy marketing teams have a fine line to walk – on one side is the opportunity to get a direct line to buyers’ behavior and on the other, the risk of a complete breach of customers’ trust. Let’s face it, collecting and using a lot of personal information can lead to personalized messages getting “creepy” or private information getting stolen.
We are all consumers, and while we generally understand the benefits of personalized marketing – special treatment, offers, promotions and discounts – we are also acutely aware of the potential drawbacks and misuse of our data. We need to know that companies can be trusted with our personal information, and will only use it in a way we agreed to. Here’s where the GDPR comes in to help marketers stay on the “right” side of that fine line.
We’ve compiled the top five considerations for the GDPR to keep your marketing footing and maintain a good balance between effective promotion and responsible use of buyers’ private data. We also found some great resources for organizations on their path to GDPR readiness, including the UK’s Information Commissioner’s Office (ICO) that covers not only the GDPR but also other related privacy regulations. If you haven’t had a chance to dig into the regulation, we’ve provided links to the ICO website for more information.
Once an EU citizen is informed of how their data is being used, for how long and by whom, they need to give you consent to use it. This means having them “positively” opt-in to all forms for data collection, from signing up for newsletters to dropping their business card in a box for a drawing. Opt-in processes should be very clear, delivered separately from terms and conditions and never be allowed through default methods like checkboxes. For more information please check the following link.
- Personal data access & portability
No matter who collects personal data across your company, the best way to think of your role with the GDPR in mind is as a “co-owner” of people’s data. As a co-owner you take responsibility for all data pertaining to an identifiable citizen of the EU. So, when they ask to see it or to have it back, you must have a way to give it to them – free of charge. The regulation guidance is to provide direct, self-service access to a customer’s data and allow them a way to take it with them. For the details, please learn more below.
- Personal data collection
The type of data you collect about EU citizens is an important aspect of the law and encompasses all personally identifiable information. This includes data such as names and addresses, but also applies to less recognizable personal identifiers such as device IDs and IP addresses. When determining the applicability of the law to the data you collect, we suggest that you default to protecting it all. Although their data today may not identify them (i.e. cookie or session ID), when combined with other information collected by you or a partner, it could reveal their identity in the future. Make sure you have a way to audit all data collected on any EU citizen. For more information, please check the link below.
- Data processing
Chances are that the personal data collected on any customer or prospect isn’t sitting idle for long. It’s most likely being used across all marketing systems for email, advertising, content syndication – basically everywhere. You could also be processing and analyzing it for “look-alikes” and segmentation. This means you have to track and manage modification and deletion requests in every place the data lives. If you have not invested in a consent management system, now may be the time to look at one. For fair and lawful processing principles, please refer to the following link.
Customer data platforms and data privacy
Treasure Data’s enterprise customer data platform (CDP) provides a powerful way to jump start your GDPR readiness. An enterprise CDP ingests, unifies and processes customer and prospect data, and directly integrates with mobile and website logs to keep it at the event level. It also collects customer and prospect data from other marketing applications, as well as practically any offline source and provides tools for analysis. So, if your buyers are researching products on your website, signing up for loyalty points and purchasing your newest widget at the big box store, you’ll know. You’ll also know how they took those actions and be able to draw conclusions about why, so you can help influence future engagements and purchases. That’s the power of a CDP.
And, with power comes responsibility. That’s why our marketing group is taking the opportunity to use our own enterprise CDP for meeting compliance with the prospect and customer data we collect and process. We not only get the benefit of keeping our prospect and customer data protected – leveraging our deep history with security compliance – we also gain best practice privacy tactics for Treasure Data’s enterprise CDP.
Below are our four areas of focus as we help our customers with getting ready for the GDPR:
- Respect opt-outs from segmentation, syndication, profiling, and other automated processing
- Log and process requests for updating and deleting personal information across syndication targetsSecurely store, purge and apply expiration to personal data records based on controllers’ policies
- Disable data collection for erasure requests and provide failsafes for processing
If you’re looking for more information on how Treasure Data can help, please visit our Treasure Data & the GDPR webpage. It’s our hub for the GDPR resources and product updates to help with compliance.