GDPR for Marketing Ops

Embed via Google Slides — SlideShare has gone down the hill.

Note: None of this is legal advice for GDPR Compliance and should not be taken as such.

GDPR starts rolling in on May 25th. As part of some client work, I did some research on GDPR and how companies can be compliant especially from an Ops (Marketing) perspective.

First — May 25th is not the deadline to be fully GDPR compliant, you do however need to show significant progress towards moving to compliance.

Someone asked me if- GDPR will kill marketing as we know it. No. Europe has always had stricter regulation, and GDPR is no different. It will however force us to re-think how we approach marketing, respect privacy and increase the quality of leads. If a prospect or data subject is on your website to download content or request more information, they will be more likely to consent to sharing personal data if:

1) The tool actually solves their problem

2) The eBook or content is exceptional

3) They know you will not abuse it.

As such, people will still fill out forms (or talk to Bots) as we know it. The difference being now businesses have to respect their data more.

For Facebook / Google — GDPR might even strengthen their monopoly more.

What can you do today to make sure you are GDPR Compliant?

Ensure you get consent on all lead forms for any purpose you will use the data for. This means, if you are using their email/phone to create custom audiences in Facebook, make sure there is a check box for it. If you are gathering mailing addresses for an ABM Direct Mail campaign, get explicit consent that you can use their data for that.

If you have Hubspot — you can enable the GDPR tools under settings to add a new ‘lawful basis to communicate’ on each contact record and set it via Workflows or Manually or via forms — adding the Notice of Consent field and customizing it to your needs. You can create Subscription Types to keep a record of all GDPR consent for each type of ‘communication and data usage’ from the data subject and store it in Hubspot. This can be updated by the prospect anytime, similar to how Email Preferences worked.

For any data deletion or append requests, create a separate email address. This helps keep an audit trial as well as give people an easy way to contact you. Any requests for deletion need to be completed within 30 days from when the request was first made. Hubspot has a GDPR Delete option which completely removes all contact data from your database — where as before Hubspot would delete the contact but not the analytics history or data incase they re-converted again.

Note on Hubspot — when you enable GDPR tools, it does not only impact EU contacts or visitors — it shows up for everyone. So for each form/landing page you can create Smart Content based on EU Countries to display the GDPR form (with the additional consent requirements) and non EU visitors can still see the regular version.

If you don’t have Hubspot and your marketing automation vendor doesn’t have specific GDPR tools for you to roll out — you can use check boxes on forms to gather consent, as long as they aren’t pre-checked by default. Although ideally you should talk to support about why they don’t have a product roadmap to help you be GDPR friendly and how to do it right.

For Facebook Lead Ads — you (the company) & Facebook are data collectors & processors so get legal counsel to update your privacy policy and remember to update it on your Facebook Lead forms.

This by no means covers the entire extend of GDPR and it is not legal advice and not to be taken as such. But I hope it helps, feel free to send me an email on kamil[at] if you have any questions or comments.

Originally published at Kamil Rextin .