There’s nothing like the unveiling of new data restrictions – particularly ones vague enough to cause lawsuits – to get folks riled up.
Last week marked the highly anticipated beginning of the GDPR era in Europe. While the unprecedented set of guidelines is only designed to affect companies processing and using (and sometimes abusing) data on EU citizens, marketing professionals in the U.S. and elsewhere have had a heck of time in the last month or so. (And GDPR isn’t the end of it; similar regulations in the U.S. will be coming sooner or later. There’s just no way around it.)
As marketers ourselves, we totally understand the fear, anxiety and complete chaos the new (and overly mysterious) GDPR guidelines have caused. Marketing databases and tactics are key targets of the rules; in many U.S. companies, the C-suite is trusting the department is taking the proper steps to ensure its piece of the pie remains compliant. Here’s what those look like.
Step 1: Remember You’re Not a Lawyer
There are plenty of resources available explaining GDPR and steps you should take to ensure your company isn’t breaching the new rules. But with things still shaking out in the courts, does anyone truly know what this will all mean going forward?
Sure, there are some common sense practices and steps every business should have taken by now, but it’s just about impossible to get a true sense of all the factors in play. You likely don’t have a law degree and shouldn’t hesitate to tap your company’s legal team to comb through the bushels of legal jargon and provide a professional opinion if you have an iota of a concern. Protect yourself and don’t put the weight of the world on your shoulders. If you’re feeling over your head or a twinge of doubt, take it to the attorneys. That’s what they get paid for.
Step 2: Know What You Have
You likely have loads of private data housed in a marketing automation system, an email platform (or three), a CRM and lord knows where else. This is common, so don’t panic. If you haven’t already audited your marketing-facing systems to identify where personally identifiable information (PII) might live, do it now. (It shouldn’t take much more than a brainstorm over lunch and an hour or so at the computer.) If you have, good work.
Remember this, though: GDPR isn’t going away. You need to be compliant now, and you need to stay compliant in the future. That means shoring up your information controls, not adopting new systems without proper vetting and adopting an intelligent search solution (like Docxonomy) that will constantly scan your data repositories for stray PII or other indications of a problem.
Step 3: Double-Check the Basics