The most significant regulatory change for marketers in decades went into effect earlier this summer, and already, some are estimating that as many as 93% of companies still aren’t compliant. We’re talking, of course, about the EU’s General Data Protection Regulation (GDPR) act, which requires explicit consent from EU residents to capture or use their data in any way. Not only is this a significant change, though – it’s also legally binding. Companies that aren’t compliant with the new GDPR regulations can face up to $20M EUR in fines, or 4% of annual revenue. For companies that have a history of flouting privacy regulations, these potential penalties are enough of an incentive to improve their regard for consumer privacy rights.
GDPR isn’t all bad news
But it’s not all negative news. There are already some early signs that GDPR will have some positive side effects for marketers, too. Increased data quality, additional options for personalization, and a more engaged prospect base are all reasons to comply with GDPR, provided your organization is collecting data on customers within the EU. In addition, after becoming GDPR-compliant, most organizations should see an uplift in overall data security after conducting more stringent checks on their data infrastructure and information management systems.
Be aware of GDPR’s impact and act accordingly
That said, these regulations have significant implications for marketing automation systems. Given their responsibility for data quality throughout the funnel, marketing automation practitioners are on the front lines of these changes. Data collection, usage, and even segmentation may all be impacted, so it’s critical to understand how to adjust one’s marketing automation systems to face this new reality.
Read on to learn about the key actions you can take to ensure your organization’s marketing automation infrastructure continues to delight your customers and prospects while remaining GDPR-compliant.
1. Perform a full audit of all landing pages
Given that landing pages are often the “front lines” of one’s marketing automation funnel, it’s critical to ensure they’re GDPR-compliant. Though this may sound like a simple task, it can take up a significant amount of time, especially if you have dozens of landing pages that act as entry points into the funnel for potential leads. It’s recommended to make a comprehensive list of all landing pages that capture customer data in any way, and then audit each of them to ensure GDPR compliance.
The critical thing to remember is that all forms need to request the explicit consent of each consumer prior to any data collection. Asking consumers to simply enter their email to sign up for a mailing list is no longer an option. Each form now needs to provide a way for consumers to opt into each type of messaging from your organization, and tell you what kind of communications they do and don’t want to receive.
2. Upgrade your marketing database accordingly
In conjunction with auditing landing pages and forms, marketers should update the infrastructure of their marketing database to comply with the new regulations as well. Practically speaking, this will likely translate to creating several new fields within one’s marketing database. What fields need to be created will vary by organization, but as a best practice, it’s recommended to create a more advanced set of permission fields that specify what types of communications your leads have opted into receiving.
Ensure that any new GDPR consent fields are also tracked in your CRM, and don’t forget to conduct some tests to ensure that the flow of data is working properly as well.
3. Review your email templates and mailing lists
In some cases, it may also be worth re-permissioning certain segments of your database to refresh consents for leads that have already opted into marketing, but may want to further refine what information they receive from your organization. For more on how this piece, we’d recommend referencing this excellent rundown from Econsultancy, which has some great examples of what a quality re-permissioning campaign looks like.
4. Notify new visitors of cookies and data usage
One often-overlooked attribute of GDPR is that it doesn’t just require companies to obtain explicit consent from leads before communicating with them – it also requires organizations to notify leads how their data will be used, regardless of whether or not they’ll be emailed in the future. This requirement impacts everything from cookies to lead scoring, so ensuring compliance on this piece is critical.
5. Not using a CRM? Now is the time to start
Lastly, if your organization isn’t already using a CRM to manage prospect and customer data, now is the time to start. Given how GDPR has significantly increased the complexity of tracking privacy preferences for users, storing lead data in isolated spreadsheets will no longer be a viable option for most organizations.
If you’re not already leveraging a CRM to power your marketing automation efforts, now is a great time to start. Given the amount of privacy preferences that must now be tracked and stored in the EU, it’s worthwhile to automate the process of doing so – not only will it save your organization time in the long run, but it’ll also reduce the risk of data errors or erroneously emailing prospects that have already opted out of certain communications.
GDPR heralds the dawn of a new era for marketers. Not only must companies be more vigilant about how they interact with prospects and customers in the EU, but they also should upgrade their marketing automation infrastructure to keep pace with such regulatory changes.
By taking the steps listed above, companies can ensure that their marketing automation strategy is GDPR-compliant for leads in the EU. If your customer base lies outside the EU, then you may not need to take these actions. But if there’s any chance at all you’ll have leads from the EU interested in your marketing content, we’d recommend making sure your marketing automation infrastructure is up to the GDPR’s standards.
As a marketer, it can be easy to get lulled into indifference when it comes to GDPR. There haven’t yet been many high-profile cases involving the new regulations, and most companies aren’t yet taking massive action to protect the privacy right of their prospects and customers (despite having a two-year grace period to ensure compliance). But this indifference should be dispensed with now, as regulators will soon begin cracking down on companies that continue to not be GDPR-compliant.
But more than just avoiding regulatory consequences, marketers should see GDPR as a golden opportunity to reconnect with their customer base and solidify the goodwill they’ve already built up. By making their marketing automation efforts GDPR-compliant, organizations can show their customers that they don’t care solely about selling products, but also about genuinely building a trust-based relationship with them.