Privacy Pros: Help Your Marketing Team Get Ahead of Their GDPR Challenges
by Gant Redmon
October 25, 2017
I spoke on a panel at Hubspot’s Inbound conference recently to marketing professionals about the implications of the EU’s General Data Protection Regulation (GDPR) on their marketing activities.
Their biggest concern: the viability of massive contact databases and whether or not new consent must be obtained from each contact owner.
When it comes to marketing to a database, GDPR compliance is all about record keeping and transparency. To be ready for GDPR, marketers need to have a grasp on who is in their database and where they live, and then be able to identify what improvements are needed in order to comply.
There are several lawful ways to market to these databases. First, you need to know what data you have, where it is located, who has access, and how it is secured. From there, you can then choose a lawful purpose for processing the data, to ultimately market to the database. Many think affirmative consent is the only way you can market to names in a database. That is not true. There are several other alternatives to getting consent, including to perform a contract, or because you have a “legitimate interest” in processing the data.
There are many things privacy professionals should be doing to get ready for GDPR – and when it comes to the marketing function, privacy professionals should help guide their colleagues. Here are a few things to have the marketing team think about to get prepared for GDPR’s May 2018 deadline:
- Are you relying on explicit consent? Under GDPR, you’ll need to document that consent, have an opt-in/out policy, and have methods for subjects to see, modify, delete, and possibly move their information.
- Have you identified a legal reason to market? You will need to articulate your thinking of that legitimate interest and make it available to data subjects at the point of data collection where possible.
- Know what your data is, how it’s used, and then balance it with privacy rights. This is the heart of preparing for GDPR. If your marketers can accurately describe the information collected, its use, and balance that use in favor of the data subjects’ fundamental right to privacy and reasonable expectations, they will have built a foundation for GDPR readiness.
View Our Additional Resources
Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar
In IBM Resilient’s fifth-annual year-in-review and predictions webinar, our panel of cyber experts will discuss and debate the trends and stories that defined cyber security in 2017, and offer their predictions for what to expect in 2018. This year, we are also live streaming the event on Twitter for more engagement.
Six Steps for Building a Robust Incident Response Function
To overcome today’s top security challenges, organizations are increasingly seeking to orchestrate their incident response (IR). They aim to build agile, measurable IR workflows, increase communication and coordination, and arm their team with the right tools and intelligence.
Top Global Research Laboratory
Learn how a top global research laboratory replaced its ticketing system with a purpose-built Incident Response Platform (IRP) -- and enabled its team to increase the effectiveness and efficiency of its security operations team.
Improving Response with Orchestration and Automation: Ask Bruce
To effectively respond to today's complex cyberattacks, security teams need to coordinate their people and technology throughout the entire incident response (IR) process. When IR orchestration is supported by automation, organizations can accelerate their response and make their IR team more intelligent. In this video, IBM Resilient CTO Bruc...