Privacy Pros: Help Your Marketing Team Get Ahead of Their GDPR Challenges

by Gant Redmon

October 25, 2017

I spoke on a panel at Hubspot’s Inbound conference recently to marketing professionals about the implications of the EU’s General Data Protection Regulation (GDPR) on their marketing activities.

Their biggest concern: the viability of massive contact databases and whether or not new consent must be obtained from each contact owner.

When it comes to marketing to a database, GDPR compliance is all about record keeping and transparency. To be ready for GDPR, marketers need to have a grasp on who is in their database and where they live, and then be able to identify what improvements are needed in order to comply.

There are several lawful ways to market to these databases. First, you need to know what data you have, where it is located, who has access, and how it is secured. From there, you can then choose a lawful purpose for processing the data, to ultimately market to the database. Many think affirmative consent is the only way you can market to names in a database. That is not true. There are several other alternatives to getting consent, including to perform a contract, or because you have a “legitimate interest” in processing the data.

There are many things privacy professionals should be doing to get ready for GDPR – and when it comes to the marketing function, privacy professionals should help guide their colleagues. Here are a few things to have the marketing team think about to get prepared for GDPR’s May 2018 deadline:

  • Are you relying on explicit consent? Under GDPR, you’ll need to document that consent, have an opt-in/out policy, and have methods for subjects to see, modify, delete, and possibly move their information.
  • Have you identified a legal reason to market? You will need to articulate your thinking of that legitimate interest and make it available to data subjects at the point of data collection where possible.
  • Know what your data is, how it’s used, and then balance it with privacy rights. This is the heart of preparing for GDPR. If your marketers can accurately describe the information collected, its use, and balance that use in favor of the data subjects’ fundamental right to privacy and reasonable expectations, they will have built a foundation for GDPR readiness.

Learn more about GDPR and how IBM Resilient helps companies prepare for its May 2018 deadline.

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

11 − 5 =