As the Marketoon from Tom Fishburne shows, the term GDPR strikes fear and can lead to "The Scream" with marketers (for those that know about it). Based on my conversations with CMOs and marketers, only 43% were aware of GDPR and of which 55% were actively preparing for it. There is no lack of content and information on GDPR in general, but most were confused on what GDPR is or what specific action did they need to take when it came to their marketing programs, website, and data collection process. Many marketers assumed that their Marketing Automation or CRM provider will take care of any changes and they were “covered”. Others believe that they don’t have an office in Europe, therefore, it doesn’t apply to them. It is confusion over the impacts of GDPR and my mission to help marketers that propelled me to write my latest report, A Guide to GDPR Compliance for Marketers.
A quick overview on GDPR, or the General Data Protection Regulation, it was passed in 2016 and mandates new personal data-handling requirements for individuals living in the European Economic Area (EEA) which includes all 28 countries in the European Union, Norway, Iceland and Lichtenstein. GDPR imposes strict fines on organizations that are non-compliant and the fines can be as high as 4 percent of the organization’s global turnover (annual revenue) or 20 million euros, whichever is higher. The stakes are high and enforcement begins May 25, 2018. I cannot stress enough how important it is for marketers to understand GDPR and begin preparing for it NOW.
In the report, I distilled the sections of GDPR that apply to marketing, provided examples and an action plan to help marketers prepare for GDPR enforcement. A few privacy experts, such as my brilliant colleague Steve Wilson, reviewed the content and contributed a parallax. I met Aurelie Pols via Twitter, and she provided valuable feedback as well. I also reached out to marketing technology providers and asked them to contribute a tip or best practice to the report. I’m thrilled that many responded and provided their actionable advice to marketers. My sincerest thanks to Steve, Aurelie, the marketers I interviewed, and the teams at Act-On, Adobe, Gigya, IBM, Marketo, Oracle, Salesforce, SAP Hybris, and SAS for their contribution!
Here is an overview of the report’s table of contents:
- Executive Summary
- GDPR Compliance Has Massive Implications for Organizations with Business Interest in the EU
- What is GDPR?
- What Constitutes Personal Data?
- What Marketers Need to Know About GDPR
- Coordinate with Internal Stakeholders
- Five-Step GDPR Preparation Checklist:
- Appoint a GDPR Lead or Team within Marketing and Review Data Handling Procedures
- Actions to Take When Collecting Personal Data
- Actively Manage Existing Contacts and Leads in a Database
- Update Privacy Policy Regularly and Notify Proactively
- Design a Data Breach Plan
- GDPR Compliance Advice from Marketing Organizations
- Act-On
- Adobe
- Gigya
- IBM
- Marketo
- Oracle
- Salesforce
- SAP Hybris
- SAS
- What’s Next? Artificial Intelligence for GDPR Compliance?
- Author’s Note
- Parallax Point of View by Steve Wilson, Constellation’s Security and Privacy Analyst
To access the report or download an excerpt please visit: http://bit.ly/2z3ooYS.
If you are a marketer from our end-user Constellation Executive Network community, leave me a comment below and I’ll send you a courtesy copy.
Lastly, a quick disclaimer... I am not an attorney and this report was not intended to replace legal advice. Please work with your legal and privacy teams to ensure compliance.