Technology Support: Data Privacy Regulation GDPR

My colleague Isabel Montesdeoca and I have just completed a successful three-city forum tour during which we introduced marketing professionals to some of the more eye-catching regulations about to come into force (May 25, 2018) as part of the European General Data Protection Regulation (GDPR). We emphasized the many advantages of focusing on gaining prospects’ opt-in permissions. A simple example: When reviewing current contact data intake processes to improve and standardize consent capture, companies have the opportunity to adopt procedures that enable marketers to understand more about the quality, validity and intended collection purpose of personal data. This could naturally lead to updating a gating strategy to drive more opt-ins, which could lead, in turn, to a more rigorous review of the content being made available to prospects.  

Any process review logically leads to a review of technology options that can automate processes and increase widespread adherence to a privacy compliant data policy. In the course of our research, three areas have caught my eye: consent management, data inventory management and preference management.

Consent Management

The GDPR requires that a subscriber’s consent be given by a clear affirmative act that establishes a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of his or her personal data. In other words, companies must gain a user’s explicit consent and cannot offer pre-ticked boxes or assume that silence or inactivity is implied consent. Much consent is achieved online, and companies must understand how to a) recognize and store the consent and b) ensure that communication channels (e.g. marketing automation platforms [MAPs]/sales force automation [SFAs] systems) recognize and respond to this information. While small organizations may be able to centralize all instances of contact data storage within a single MAP or SFA system, larger companies are increasingly interested in distinct consent management solutions as part of a broader data architecture. Companies such as Trunomi manage consent by issuing digital certificates that are interrogated by company systems before any electronic communication is sent.

Data Inventory Management

“Demonstrable proof” of process and activity is a key concept within GDPR. In addition, the regulation gives data controllers and processors the liability to maintain extensive, current internal audit records of all data processing activity. This will drive a need for unprecedented insight into how data flows within an organization, including cataloguing the systems that capture, store and use data. Moreover, companies will need to understand where, geographically, the data resides, if and how it is transferred to other geographies (ensuring compliance with Privacy Shield regulations) and who has access to the data. Systems such as One Trust Privacy Management Software offer solutions that map data and allow users to visualize a data lifecycle by tracking its flow throughout the company.

Preference Management

The basis of the GDPR is the right of every individual, in private and professional life, to a degree of privacy. At a minimum, companies will need to adapt their marketing processes toward gaining consent and communicating in a compliant manner. Beyond this, we believe that companies will give preference management a more central role in the marketing mix. With privacy regulation as a catalyst, the need to increase engagement with prospects will transform the concept of a standalone preference center into part of a broader preference management strategy governing all aspects of prospect and customer communications. Companies wishing to adopt this approach are evaluating what dedicated preference management solutions offer. Possible Now is one company offering a discrete technical solution to manage an array of preference collection points and capture an expanding range of preferences that can be used to drive more personalized and compliant communication via all channels.

While many organizations are wary of privacy regulation enforcement, legislation will not end with GDPR. The good news is that technology is available to help facilitate and enforce compliant data privacy policies. If your organization is ready to embrace the need for a more proactive and inbound view of marketing, it’s time to investigate the growing number of GDPR-compliant technology support options now available.