Becoming GDPR Compliant: A Technical Marketing Automation Perspective

GDPR compliance is a phrase you’ll have heard a lot recently and will be hearing a lot more before it comes into force 25th May 2018. What does being GDPR compliant mean for your Marketing Automation platform and marketing tech stack though?

There are a few key changes that will be required for you to reach GDPR compliance. The first is the strengthened conditions for consent. You’ll need to give clear and intelligible request for consent, with the purpose of providing clear understanding of where and what the data will be used for. This means that prospects and customers will need to opt-in to your marketing. No longer will you be able to buy lists of data to blast emails to, not that you’d do such a thing anyway…!

Looking at how you gather data is going to be really important. If you use forms you will need to allow users to opt-in to receive further marketing communications but with no long illegible terms and conditions full of legal jargon. Once they’ve opted-in you’ll need to record exactly when and where they opted-in from – part of GDPR compliance is being able to prove exactly that.

It must also be as easy to withdraw consent as it is to give – this means providing the ability to remove themselves from any future marketing campaigns – something which marketers have been doing for years. But rather than allowing prospects and customers to opt-out from all your communications, give them a choice of the type of content they can receive first. If you’re not already using one, a preference centre is going to be your best friend.

Another part of GDPR compliance is the right to be forgotten (data erasure). This means that someone can request that all the data you hold on them be permanently deleted. You’ll need to ensure that you have a process that easily allows this request and the subsequent deletion across all your marketing tech stack, not just your Marketing Automation platform.

This opens up a few other GDPR compliance questions, one being how your data is stored and shared across your business and potentially with 3rd parties. In order to be able to be in full control of your data you’ll need a clear view of your entire tech stack focusing on the flow of data into, out of and between platforms. If someone requested their data be deleted could you confidently know and remove it from every place it’s held?

This leads on to the right to access. You’ve got consent and using the data within your business, prospects and customers will have the right to request confirmation that you’re processing their data, for what reason and where. You’ll need a holistic view of where their data is being used and where across your business.

You may be familiar with the concept of privacy by design, but it’s now a legal requirement to ensure that any data you store is sufficiently protected from the outset. How good is your security across your marketing tech stack? Do you need to tighten security processes?

There’s a lot to think about and a lot of processes that need to be reviewed, but we’re here to help you become GDPR compliant and make your marketing thrive in a post-GDPR world. Get in touch to find out more.