The Role Of Marketing In GDPR
Shortly after we completed one marketing campaign, a company we partnered with on the program asked us to share our leads with them. When I explained that we could not share prospects information, the CMO of the partner organization shot back an email saying that he had shared leads with partners for the last 20 years and did not understand what had changed to prompt my refusal. My answer to him: data privacy regulations.
Marketing organizations in the United States have all adjusted to regulations requiring targeted recipients of emails to be able to unsubscribe. Though in practice it is still hit or miss, the nature of new regulations such as GDPR will force marketers to review their processes and tools to adhere to the strict legislation, especially if they do business internationally.
In my last article, I discussed the role of marketing in cybersecurity and how important it is that marketers become cybersecurity advocates within their organizations. Similarly, I believe the same can be said for marketers’ roles in protecting sensitive customer data from exposure and complying with GDPR.
Marketing’s Role In Customer Privacy
The biggest evolution that marketers will go through in 2018 is not just around the growing digital transformation taking place but around data privacy. As marketers, while it is crucial that we evolve our strategy by embracing new technologies, it has become increasingly important to also put the privacy of our customers as a front-burner priority. It is second nature for us to handle sensitive customer data when generating new demand generation campaigns and events, but it might not always be second nature to consider the privacy implications (the aforementioned real-life example I shared can attest to that).
So what exactly is a marketer’s role in protecting customer data?
Marketing As The Fort
Marketing departments are often owners of customer and prospect data in the enterprise, holding the essential key to customer information databases. That data is usually stored within marketing automation tools, many of them cloud-based, that have been vetted by IT departments to ensure they match up to the organization security requirements before being deployed and used. Members of the marketing staff who manage and administer these tools are well-aware of the latest security and data privacy requirements and often get guidance from IT and legal departments to ensure they comply with internal policies as well as external regulations. These marketers keep the fort secure and are very protective of the data they own. They are the best advocates and serve as a conduit to educate the rest of the marketing department on such policies and regulations.
Marketing As The ‘Leak Enabler’
But marketing departments include other types of marketers, some located far from corporate, out in the field, where demand generation tactics can be very efficient but sometimes lack compliance. Here is another example of how that could play out: Imagine a sales rep who recently joined a company, proudly handing an Excel spreadsheet containing customer contact information from his previous company to his local field marketer to help her start a campaign. Hopefully, such an email is intercepted by one of the corporate marketers described earlier, the file is deleted and the local field marketer trained on data privacy. But in reality, how many such cases are happening daily in enterprises? The reality of this unknown statistic and the failure of corporations to mitigate such data privacy violations is what led us to stringent laws like GDPR.
It is so easy to overshare customer data, even with good intentions for the sake of exceeding pipeline-generation goals. In reality, today’s marketers are not trained to understand what they legally can and cannot do with customer data, whether they are new to a corporate environment or in the field handling the lions’ share of that data for the various events and campaigns they run.
Marketing As GDPR ‘Compliance Officers’
By now, all marketers have heard about the ramifications that GDPR will have on global businesses. But few understand what it actually means to comply. Part of the GDPR mandate includes a requirement to prove that consent has been obtained and the burden of proof is on the corporation. A huge task is now upon us to figure out how to be GDPR compliant by providing that burden of proof, if requested. In the B2B world, it is difficult to prove consent when oftentimes a scan of a badge at an event gives us access to a prospect’s contact information. Keeping a running tally of proof of consent is a tall order and will require a huge overhaul of marketing processes, systems and employee training. How do we as marketers become quasi-GDPR “compliance officers” in 2018? I do not believe there is a ready answer to this challenge, but it is something we simply cannot afford to ignore with the regulation coming into play in May 2018.
Marketing As Gatekeeper
Marketers need to lead by example when it comes to helping protect the cybersecurity posture of the company they serve. I strongly believe that marketers need to be cybersecurity champions across the organization, partnering with IT to support their cause. I equally believe that marketers need to be data privacy advocates, acting as gatekeepers of customer data.
For this to take effect in 2018, marketers need to continue to partner with IT and legal teams to understand the ramifications of new legislation and find solutions to not only comply but to prove compliance. Marketers will need a certain level of legal training to help them understand the rules around data privacy, especially as it relates to the burden-of-proof requirement tied to GDPR. With the right tools in place to empower marketers to stay compliant with data privacy laws, they can soon become true gatekeepers, helping to prevent the oversharing of customer data. And that simple value proposition could very well be compelling to their audience.