The Revenue Marketing™ Consulting Firm

Revenue Marketing Blog

3 Companies Weigh In On GDPR Preparations

3 Companies Weigh In On GDPR Preparations

As May 25th nears and the implementation of General Data Protection Regulation (GDPR) goes into effect, we decided to reach out to some top marketing professionals and get their take on this new regulation.

We asked these three questions:

  1. What are some specific steps your company is taking in preparation for GDPR?
  2. What are some surprising challenges your company has experienced as you prepare for GDPR?
  3. What are some surprising opportunities your company is seeing as you prepare for GDPR?

Here are their responses:

Nipul Chokshi, VP of Product Marketing at Lattice Engines:

What are some specific steps your company is taking in preparation for GDPR?

As a software company, we look at this from two perspectives: as a vendor (“processor” in GDPR parlance) and as a marketing organization (“controller”).

From a vendor standpoint, we are committed to protecting customer data. We are ISO-27001 certified, TRUSTe verified, and in compliance with the EU and Swiss Privacy Shield Framework. All data is encrypted at rest and in motion. Lattice has an internal dedicated resource for monitoring security and privacy compliance for all internal and customer-facing processes. Also, our customer agreement contains the EU Model Clauses, which are industry standard for data safety. This means that Lattice agrees to protect any data originating from the EU in line with European data protection standards. Lattice will not share or use customer data for any purpose other than that agreed upon with the customer. From a product standpoint, given that we sell to marketers, we’ve also developed features to support specific GDPR requirements like the “right to be forgotten” and “right to access.”

From a marketing organization standpoint, there were a few things we reviewed and updated.

  1. We wanted to ensure our privacy policy was transparent and easy to understand.
  2. We reviewed and ensured we had a proper record of every customer opt-in (Marketo tracks this for us).
  3. We ensured that our opt-in process was compliant with the needs of GDPR – for example, every form has a checkbox that the user must explicitly check in order to opt-in.
  4. We ensured that all the names we have in our database are properly opted-in. For those who haven’t, we are running a campaign to ask for the opt-in.
  5. For good measure, we also made sure that we collected compliance notices from all the vendors in our tech stack.

What are some surprising challenges your company has experienced as you prepare for GDPR?

The first challenge was just navigating the maze of legal language and requirements. Obviously, we had our lawyers provide advice, but looking through the requirements seemed daunting at first.

We also quickly realized that this was more than just a marketing problem. Given that we had to comply as a controller and processor, we created a cross-functional team from every department (marketing, sales, product, engineering, IT, etc.) and program managed the entire (months-long) compliance process.

Tactically speaking, to ensure GDPR compliance, one of the things we had to do was extensively go through systems/records and ensure that all contacts (both current and past) that chose to opt-out would be deleted from the systems. Given the large number of contacts stored in our records, it was a lot of work to go in and remove those contacts.

Another challenge we faced was company headquarters. Many companies have multiple international locations and some of the contacts we received were based in a US/non-EU office location, but the companies are headquartered in the EU. To ensure we are GDPR-compliant, we had to research the location of many company HQs.  

What are some surprising opportunities your company is seeing as you prepare for GDPR?

My POV is GDPR is a formalization of “common sense marketing.” Transparency and trust are the foundation on which you do business – and the building blocks of that foundation are put in place the minute you interact with your buyers, however early in the buyer’s journey. I would even go as far to say that those who comply with GDPR will find that it is a competitive advantage.

Boris Kontsevoi, President & CEO of Intetics Inc.:

What are some specific steps your company is taking in preparation for GDPR?

  1. Roles and responsibilities for data privacy have been assigned, the personnel involved have been trained.
  2. Internal audit has been conducted, together with personal data flows identification and registries of the personal data creation.
  3. Security policies have been reviewed, new requirements have been added.
  4. Data protection practices have been embedded into operations of all departments.
  5. Intetics contacted its clients and started cooperation with their data privacy offices.
  6. Data privacy operations have been turned into a continuous process.

What are some surprising challenges your company has experienced as you prepare for GDPR?

GDPR appeared surprisingly cloudy and vague. Lots of questions are still discussed in a “most probably” style by expert communities.

What are some surprising opportunities your company is seeing as you prepare for GDPR?

GDPR puts all players in equal conditions. Those who don’t or can’t follow the rules must leave the market. Also, it is a great chance to put in order the things for which you never had enough time, money, or motivation.

Kyle McCormick, Senior Marketing Operations Analyst at LogRhythm:

What are some specific steps your company is taking in preparation for GDPR?

Since our company already did business in Germany and Canada, we had a consent statement set up on our web forms and tradeshow apps; the only change we made was to make the statement visible to all countries covered under GDPR to gain opt-in consent. Another important step we’ve taken is mapping out our data flows and working with our vendors to ensure the data they send us is GDPR compliant (including lead gen vendors). Finally, we’ve added a GDPR banner on top of our EMEA nurture engagement engine emails to enable our current database to opt-in to emails after May 25th

What are some surprising challenges your company has experienced as you prepare for GDPR?

The biggest challenge we faced early on and still continue to face today is what business team truly owns GDPR in our organization. As a marketing team, we own almost all prospect data and some customer data, so it was assumed from the beginning that GDPR was our responsibility.  Unfortunately, GDPR covers so much more than just marketing data, so we consistently have to remind other teams the impact GDPR has on them as well.  Another challenge we’re experiencing is how to interpret legitimate interest. Trying to figure out who in our system can still be emailed and contacted based on legitimate interest is still something we’re working through today.

What are some surprising opportunities your company is seeing as you prepare for GDPR?

Before GDPR, we didn’t have our processes mapped out or documented. As a result, we’ve had to spend time to map out where our data sits and what applications or tools process that data. This made a huge impact right away because we were able to find inefficiencies with our uploading process as well as duplicating webhook calls for data appends. This has allowed us to reduce the time it takes to get leads into the system, appended, and sent to our SDR team for follow-up. Another opportunity we’ve seen has been the ability to get our data cleaner and delete inactive leads from EU countries. This has made it easier for us to target individuals who are actually interested in our product rather than just emailing every lead we have in the system. 

With each new change mandated by regulation, challenges and opportunities can arise. Change may not be easy for organizations to manage, but often improvements can be found among the many obstacles that are encountered.

If your company is still navigating GDPR challenges, TPG can help.  Contact us today to learn if you’re taking the right steps for GDPR.

 

About Pamela Muldoon
Pamela Muldoon is a Revenue Marketing Coach with The Pedowitz Group and comes to TPG with over two decades of traditional and digital marketing experience. She specializes in campaign and content strategy with a passion for helping clients develop a content marketing culture across the organization. Pamela is also a professional voice over talent and podcaster. When not online working on digital marketing strategies, she can be found unwinding at a poker table or hanging out with her two dogs.

Related Resources

  • Posted by Pamela Muldoon
  • On 04/26/2018
  • 0 Comments
  • 0 likes

0 Comments

Leave Reply

Your email address will not be published. Required fields are marked *