Back in May of this year, the EU began enforcing the General Data Protection Regulation (GDPR), which effectively prohibits enterprises from storing data on EU citizens without clear consent. There are plenty of resources available for anyone wanting to learn more about the ins-and-outs of GDPR in more detail, but for the purposes of this article we’ll be more laser-focused on the repercussions of the law. Specifically, how it effects marketers and their automation efforts. Data storage is so deeply ingrained in automation practices as we understand it that, surely, GDPR severely hampers your team’s marketing potential? There’s no way to balance your marketing automation and GDPR is there?
We should probably explore at least one of the basic tenets of the law: not all U.S. companies must comply. According to the language of GDPR, only U.S. based companies directly marketing to EU citizens must comply. Therefore, if you don’t language-localize your material for EU nations, don’t allow purchases in euros, or don’t mention any EU nations in your marketing material, you’re probably exempt. But so long as you’re targeting EU citizens directly (or if you’re reluctant to forfeit the European market) you’ve got some changes to make for GDPR.
So how exactly should you come at GDPR compliance for your automation?
The first thing you’re going to need to do is reach out to your existing European customers, if any. Any customers/leads you currently have data on should be notified concerning said data, preferably in a written message via email. If you learn nothing else from this, know that consent is the biggest takeaway for GDPR. Provide them with a consent portal which allow them to make clear what they are comfortable with you keeping on record. After that, need to update your databases. You must remove that which people requested you remove and make sure it’s permanently deleted. Once you’ve received consent concerning the data you’ve collected and your intentions with that information, you need to enact these changes accordingly. Then it’s time to focus on future leads.
The next step is to revamp your landing pages. For some this will be easier said than done. Larger enterprises are liable to have dozens of pages each acting as first steps along the buyer’s journey, This makes renovating them into GDPR compliant iterations even more vital. Make sure your landing pages are explicitly and crystalline clear as to what data you want to have access to.
After those front-end requirements, what else do you need to do as you transition into GDPR compliance? Of the utmost importance is ensuring you can properly dispose of customer data upon request. This requires more than just deleting it. The law requires complete and total data erasure from your databases. Make sure you have costumer consent for just about everything involving their personal data, as a matter of fact. From reverse IP tracking to monitor lead behavior to scoring leads. All require the consent of the data subject.
And before you think your automated efforts are in the clear, and you must audit them to ensure they don’t accidentally break compliance. A failure could potentially cost your organization 20 million euros ($22,792,420 USD) or 4 percent of your organizations annual global turnover, whichever is the higher figure of the two.
How Automation Can Help Your GDPR Rollout
That sounds like a lot of work. Isn’t the title of this article “Can you Balance Marketing Automation and GDPR?” Where is that balance?
As it turns out, your automated solution can actually help you in those efforts to become GDPR compliant. Most likely your marketing solution will need some re-tooling but automation will relieve your efforts to be data-conscientious. For an enterprise with an automated marketing solution, updating email lists to only include those who’ve opted in is a simple task. After a little re-tooling, the emails will keep rolling out in accordance with the law.
But there’s also the potential for streamlined data collection, a necessity in the age of GDPR. You probably are collecting more data than you need right now. It can be beneficial to know your leads as intimately as possible, since anything that could be the puzzle piece that secures a conversion. But is their high school GPA really a vital statistic?
It’s something all marketers do. Removing the excess can ultimately help declutter your data servers. Automated marketing software allows you to be more selective about the data you collect as well as look deeper at the data you have collected thus far.
If this sounds like a lot of hassle, it’s because it will be. GDPR compliance is a full-company effort and it’s going to be a long hard road which may not even end with the results you’d like. It’s very likely your current data subjects and customers are not going to fully-opt into the data storage or collection protocols to which you’re accustomed. So why bother? Aside from the aforementioned fines, and the fact that it’s the law, consider the improvement to your company’s image by complying with the GDPR.
Data security is very hot right now, even with technological laymen. If a person has to choose between a GDPR compliant company and a non-compliant one, they’ll pick the former every time. With high profile tech execs like Apple CEO Tim Cook rallying for similar data protection laws in the US, and state level laws already en route in California, it may just be prudent to get ahead of the curb.