GDPR One Week In: A Marketer’s Guide

by Adam Smartschan

GDPR is here. Are you ready?

There’s nothing like the unveiling of new data restrictions – particularly ones vague enough to cause lawsuits – to get folks riled up.

Last week marked the highly anticipated beginning of the GDPR era in Europe. While the unprecedented set of guidelines is only designed to affect companies processing and using (and sometimes abusing) data on EU citizens, marketing professionals in the U.S. and elsewhere have had a heck of time in the last month or so. (And GDPR isn’t the end of it; similar regulations in the U.S. will be coming sooner or later. There’s just no way around it.)

As marketers ourselves, we totally understand the fear, anxiety and complete chaos the new (and overly mysterious) GDPR guidelines have caused. Marketing databases and tactics are key targets of the rules; in many U.S. companies, the C-suite is trusting the department is taking the proper steps to ensure its piece of the pie remains compliant. Here’s what those look like.

Step 1: Remember You’re Not a Lawyer

There are plenty of resources available explaining GDPR and steps you should take to ensure your company isn’t breaching the new rules. But with things still shaking out in the courts, does anyone truly know what this will all mean going forward?

Sure, there are some common sense practices and steps every business should have taken by now, but it’s just about impossible to get a true sense of all the factors in play. You likely don’t have a law degree and shouldn’t hesitate to tap your company’s legal team to comb through the bushels of legal jargon and provide a professional opinion if you have an iota of a concern. Protect yourself and don’t put the weight of the world on your shoulders. If you’re feeling over your head or a twinge of doubt, take it to the attorneys. That’s what they get paid for.

Step 2: Know What You Have

You likely have loads of private data housed in a marketing automation system, an email platform (or three), a CRM and lord knows where else. This is common, so don’t panic. If you haven’t already audited your marketing-facing systems to identify where personally identifiable information (PII) might live, do it now. (It shouldn’t take much more than a brainstorm over lunch and an hour or so at the computer.) If you have, good work.

Remember this, though: GDPR isn’t going away. You need to be compliant now, and you need to stay compliant in the future. That means shoring up your information controls, not adopting new systems without proper vetting and adopting an intelligent search solution (like Docxonomy) that will constantly scan your data repositories for stray PII or other indications of a problem.

Step 3: Double-Check the Basics

Nobody knows what’s coming in terms of data protections going forward, but making sure you have the basics covered will go a long way toward protecting yourself and your company. If your site uses cookies, are you notifying users? Are forms tied to email systems asking for explicit opt-ins? These are the basics; if you’re not doing them now, you should be. The days of collecting data without consent are long gone. Little things like this might ultimately be the difference between a massive fine (and a PR nightmare) or operating in the clear.

Have questions about GDPR and its affect on your marketing efforts? We’re not lawyers either, but we’re happy to chat. Contact us or email louis@altitudemarketing.com to get the ball rolling.