GDPR is still much of an unknown quantity ahead of its implementation, but one thing is clear: marketers need to know what data they have. Julian Saunders, CEO and founder of data management and GDPR compliance solution PORT.im, suggests five actions to prepare.
Unless you’ve been on a digital detox for the last year, chances are you have read a fair bit online about the EU’s General Data Protection Regulation (GDPR). You’ve also probably read reams of information on how it impacts marketers. Rather than regurgitate some of the excellent overviews that are already available, I believe it is better to offer straightforward advice on what marketers can do to get ready – specifically in relation to data. This guidance is based on our experience helping numerous marketing organisations become GDPR compliant:
- Find ALL your data: In an ideal world, all your marketing data on customers is stored on one system such as Adobe Campaign or MailChimp. If you’re in that minority – congratulations, you can feel very smug and move on to the next point. If you’re like everyone else with either a limited CRM system, multiple platforms or questionable paper trails of where your data is – then you need to do some serious auditing. First, identify all of your known data stores. Then, list all your customer touch points where data could be exchanged. Finally, ask your colleagues to check what customer data they hold on their devices or, and this can easily be forgotten, within their email inbox. This should give you a map of where every piece of marketing data could be stored and used.
- Clean your data: In a post-GDPR world, the more data you hold the higher your risk profile. Therefore, instead of continuing to hoover up data to create a bloated marketing database, ‘quality over quantity’ should be your new mantra. This means taking the data you have collected and deleting information stored in duplicate, incomplete information and details of questionable provenance. For example, if you cannot ascertain how, why or when the information was collected – the safe option is to purge it. If you have a third-party dataset be extremely cautious. Even if the provider claims that they are compliant with GDPR it does not mean you are. One of the biggest risks for marketers is a request to be forgotten from a client resulting in their data only being deleted in one location. Then, at a later data, a well-meaning marketing exec, using the duplicate of their information, will send a message to that customer, resulting in a breach and, potentially, a hefty fine.
- Centralise: One of the best ways to mitigate risk and achieve a fully clean dataset is to centralise your marketing data in one place. Ideally, this would also include information from customer service and every other client facing departments. Then, delete all other stores and create processes to prevent new stores being create without approval. The platform you use to manage your data should be cloud based and allow multiple people to access and amend. This will avoid bottlenecks and give everyone who needs it full visibility. For very small companies, a Google Sheet could suffice. Larger companies should consider augmenting what they already have with GDPR compliance technology (more on that later).
- The opt-in campaign: At this point, every marketer should be fully aware that they need explicit consent to send marketing messages to a customer. In most cases, this requires getting ‘new’ consent. As a result, launching a consent campaign should be on every organisations to-do list. I’m not going to go into best-practice on how to approach this campaign except to discuss the mechanics behind tracking consent. Put basically, you need to be able to link the response, or lack or response, from your consent campaign to your marketing database. On more complex CRM systems, workflows can be created that will automate this process. For organisations that don’t have this option, the choice is between manually amending the data – which can be both time consuming and subject to human error – or purchasing a technology solution that will manage consent. Whichever option you choose, it is critical that you can store and amend a paper trail covering consent on communications – including exactly what the customer consents to be contacted for and on what channel. This system also needs to be flexible enough to enable consent to be revoked at any time.
- Enforce data governance procedures: The above will be pointless unless you make sure your marketing team understand and follow strict data governance procedures. Limiting or banning the copy and storing of data on personal devices or in places other than your main store will help. However, the best approach is to fully educate everyone in your organisation on their responsibilities and the fines that could be levelled for breaching GDPR. Reviewing these procedures regularly and ensuring they are adhere will create a company culture that respects personal data and enables long term compliance.
If you’ve read this and broken out in a cold sweat because it seems like a lot of work and time is short – do not fear. It is important to remember that proper data management is not just about GDPR compliance. There are a number of additional benefits to getting your house in order. Clean data will increase marketing effectiveness, improve reporting and accuracy, allow you to use data science techniques, and generally enhance the relationship you have with your customers. There is also plenty of support out there, from bespoke technology solutions to consultancy and legal advice. Just remember, that none of us want our digital channels to turn into the spammy world our landlines have become. Good data governance means we can all be more confident in sharing our personal, and that has to be a good thing.