The field of marketing has been revolutionized, through disruptive technology and social sharing platforms, to become the data-driven science it was always meant to be. We now have to ensure the data we collect is secure.
Remember the simpler days of marketing?
The days when marketing professionals could simple say “I do marketing”?.
Today the field has evolved to include data analysts, automation specialists, content creators and community builders and technology gurus. Marketers wear many hats: from communication and PR experts, to business developers and yes, even IT help desk support.
However, in the last few years, especially since the implementation of the General Data Protection Regulation (GDPR) in Europe, marketers have become privacy law and data protection experts as well. And this is by no means an easy task.
It requires marketers to think with a legal mindset: to understand laws, the differences between laws, guidelines and best practices, and adapt marketing strategy accordingly.
GDPR was a crucial turning point for data-driven marketing. It sets strict regulations on how data is collected and processed and how EU citizens need to be informed. Many marketing strategies went from a hybrid of outbound and inbound activities to reach target markets to an almost complete inbound approach based on analysis of market data and customer behavioral patterns.
Other countries are starting to follow the EU’s example on data privacy. In the United States, there are data protection laws guided by Fair Information principles in order to protect consumer privacy, but they are still generally easy going compared to the EU. Only California has taken steps to mirror the EU with the California Consumer Privacy Act (CCPA) which consumers more of a right to know, right to delete and right to opt-out.
In light of GDPR, many companies fail to properly implement privacy and security policies for marketing data because it may seem “less risky” in terms of audit controls. But if a company manages data as a core business, as many companies do today to some degree, the authorities will also verify your marketing practices. Since GDPR, from my own experience, marketing has been called into audits such as ISO/IEC 27001 on Information Security Management.
Paradoxically, while legislation is moving to protect citizens, citizens are constantly sharing more personal data than ever before – whether consciously or not. With the rise of social sharing platforms and online consumption habits, it seems the consumers are willing to sacrifice privacy for a sense of community belonging (and maybe even some online sales).
So where does this leave us?
Data-Driven Marketing: create communities, but protect them.
Digital marketing channels, such as the website, social media platforms and conference platforms like Zoom and GoToWebinar, are greats ways to build online communities around your brand. However, it requires them to often leave behind personal data and search records such as cookies and navigation history.
Marketers need to put on their legal thinking caps and collaborate with their internal and external privacy and security teams including the DPO (Data Protection Officer) to create procedures and best practices that ensure privacy for the data they collect.
There are some simple and effective ways to do this in your company:
First and foremost, familiarize yourself with GDPR regulations as they apply to marketing. Remember that GDPR not only applies to Europe, it applies to EU citizen data, so any company operating in the EU and processing personal data needs to comply with the legislation.
Your company should adopt privacy and security as a core value and follow what the U.S. calls “Fair Information Principles” which guarantees transparency to the individual about how data is collected and stored and gives them the right to remove or delete their data. Fair Information principles also ensure that companies take steps to guarantee the integrity, availability and reliability of data.
A quick step-by-step guide towards marketing privacy compliance:
1. Get marketing on board with privacy: get your marketing resources trained and in regular update calls with the privacy team
2. Written policies: draft company-wide policies on privacy and security procedures for marketing and sales activities. Not only does it inform employees of best practices, but it also protects the company in case of individual non-compliance (whether on purpose or by accident)
3. Create procedures: these are different from policies. Procedures give employees a step-by-step guide on how to carry out there work. For example, if there is a written procedure for sending out an email campaign that includes steps for verifying compliance for marketing consent, marketers will know not to skip this important step
4. Use technology and automation tools: CRM systems and marketing automation tools can help you track when consent has been granted and when the period of data conservation is about to expire. It takes the burden off marketers to manually track this information (hopefully) eliminating human error. Technology tools also made it easier to demonstrate compliance in audits. You can also set up access-based roles in your technology systems to enhance the level of security
5. Monitor your privacy actions: do manual checks in your technology systems and regularly check in with your privacy team
6. From privacy to security: consider additional certifications like ISO 27001 (Information Security Management) and business continuity.
The key to a community is trust, and demonstrating to your clients and potential clients that you have built a community based on trust around privacy and security measures will ensure they keep contributing to that community with their pool of data.