Is your marketing automation system GDPR-compliant?

The rollout of GDPR this year holds significant implications for marketers, not the least of which is ensuring any marketing efforts meet the newly rolled-out regulations. Fortunately, there’s a clear path forward for marketers. Read on for the key actions you can take to ensure your organization’s marketing automation efforts remain GDPR-compliant.

Date published
July 10, 2018 Categories

The most significant regulatory change for marketers in decades went into effect earlier this summer, and already, some are estimating that as many as 93% of companies still aren’t compliant. We’re talking, of course, about the EU’s General Data Protection Regulation (GDPR) act, which requires explicit consent from EU residents to capture or use their data in any way. Not only is this a significant change, though – it’s also legally binding. Companies that aren’t compliant with the new GDPR regulations can face up to $20M EUR in fines, or 4% of annual revenue. For companies that have a history of flouting privacy regulations, these potential penalties are enough of an incentive to improve their regard for consumer privacy rights.

GDPR isn’t all bad news

But it’s not all negative news. There are already some early signs that GDPR will have some positive side effects for marketers, too. Increased data quality, additional options for personalization, and a more engaged prospect base are all reasons to comply with GDPR, provided your organization is collecting data on customers within the EU. In addition, after becoming GDPR-compliant, most organizations should see an uplift in overall data security after conducting more stringent checks on their data infrastructure and information management systems.

Be aware of GDPR’s impact and act accordingly

That said, these regulations have significant implications for marketing automation systems. Given their responsibility for data quality throughout the funnel, marketing automation practitioners are on the front lines of these changes. Data collection, usage, and even segmentation may all be impacted, so it’s critical to understand how to adjust one’s marketing automation systems to face this new reality.

Read on to learn about the key actions you can take to ensure your organization’s marketing automation infrastructure continues to delight your customers and prospects while remaining GDPR-compliant.

1. Perform a full audit of all landing pages

Given that landing pages are often the “front lines” of one’s marketing automation funnel, it’s critical to ensure they’re GDPR-compliant. Though this may sound like a simple task, it can take up a significant amount of time, especially if you have dozens of landing pages that act as entry points into the funnel for potential leads. It’s recommended to make a comprehensive list of all landing pages that capture customer data in any way, and then audit each of them to ensure GDPR compliance.

The critical thing to remember is that all forms need to request the explicit consent of each consumer prior to any data collection. Asking consumers to simply enter their email to sign up for a mailing list is no longer an option. Each form now needs to provide a way for consumers to opt into each type of messaging from your organization, and tell you what kind of communications they do and don’t want to receive.

Also, if your forms have pre-checked consent boxes, those need to go too. In this new reality, prospects need to explicitly tell you they want their data to be used. It’s also worth ensuring that your organization’s privacy policy is easily accessible from any of these landing pages as well. This will increase consumer trust in your brand, and eliminate potential pitfalls in the future.

2. Upgrade your marketing database accordingly

In conjunction with auditing landing pages and forms, marketers should update the infrastructure of their marketing database to comply with the new regulations as well. Practically speaking, this will likely translate to creating several new fields within one’s marketing database. What fields need to be created will vary by organization, but as a best practice, it’s recommended to create a more advanced set of permission fields that specify what types of communications your leads have opted into receiving.

Ensure that any new GDPR consent fields are also tracked in your CRM, and don’t forget to conduct some tests to ensure that the flow of data is working properly as well.

3. Review your email templates and mailing lists

The next step to ensuring GDPR compliance on the marketing automation front is conducting a full review of all email templates to ensure they have both an “unsubscribe” link and a link to your organization’s privacy policy. This may sound redundant, but surprisingly, studies have shown that up to 43% of email recipients mark messages as spam when there’s not an easy way to unsubscribe. Don’t let this be you.

Work with your marketing team to ensure that all of your email templates have a clearly-labeled unsubscribe link, and provide a link to your organization’s privacy policy (which should be updated to reflect GDPR) as well. This is a quick win that will have a significant impact on both GDPR compliance and overall data quality.

In some cases, it may also be worth re-permissioning certain segments of your database to refresh consents for leads that have already opted into marketing, but may want to further refine what information they receive from your organization. For more on how this piece, we’d recommend referencing this excellent rundown from Econsultancy, which has some great examples of what a quality re-permissioning campaign looks like.

4. Notify new visitors of cookies and data usage

One often-overlooked attribute of GDPR is that it doesn’t just require companies to obtain explicit consent from leads before communicating with them – it also requires organizations to notify leads how their data will be used, regardless of whether or not they’ll be emailed in the future. This requirement impacts everything from cookies to lead scoring, so ensuring compliance on this piece is critical.

If you haven’t already, it’s worth calling out cookie collection on your home page – a simple one-sentence description with a link to your organization’s privacy policy is enough. And if you do use lead scoring to drive your marketing automation efforts, we’d also recommend adding a line or two to all forms explaining to leads that the data they submit may be used for database prioritization. As with all things GDPR, automatically opting customers into lead scoring isn’t enough anymore – you need to give them the option to explicitly opt in or out depending on their preference.

5. Not using a CRM? Now is the time to start

Lastly, if your organization isn’t already using a CRM to manage prospect and customer data, now is the time to start. Given how GDPR has significantly increased the complexity of tracking privacy preferences for users, storing lead data in isolated spreadsheets will no longer be a viable option for most organizations.

If you’re not already leveraging a CRM to power your marketing automation efforts, now is a great time to start. Given the amount of privacy preferences that must now be tracked and stored in the EU, it’s worthwhile to automate the process of doing so – not only will it save your organization time in the long run, but it’ll also reduce the risk of data errors or erroneously emailing prospects that have already opted out of certain communications.

In summary

GDPR heralds the dawn of a new era for marketers. Not only must companies be more vigilant about how they interact with prospects and customers in the EU, but they also should upgrade their marketing automation infrastructure to keep pace with such regulatory changes.

By taking the steps listed above, companies can ensure that their marketing automation strategy is GDPR-compliant for leads in the EU. If your customer base lies outside the EU, then you may not need to take these actions. But if there’s any chance at all you’ll have leads from the EU interested in your marketing content, we’d recommend making sure your marketing automation infrastructure is up to the GDPR’s standards.

As a marketer, it can be easy to get lulled into indifference when it comes to GDPR. There haven’t yet been many high-profile cases involving the new regulations, and most companies aren’t yet taking massive action to protect the privacy right of their prospects and customers (despite having a two-year grace period to ensure compliance). But this indifference should be dispensed with now, as regulators will soon begin cracking down on companies that continue to not be GDPR-compliant.

But more than just avoiding regulatory consequences, marketers should see GDPR as a golden opportunity to reconnect with their customer base and solidify the goodwill they’ve already built up. By making their marketing automation efforts GDPR-compliant, organizations can show their customers that they don’t care solely about selling products, but also about genuinely building a trust-based relationship with them.

Exit mobile version