Don’t Be the Cautionary Tale
If putting processes in place in your marketing automation platform for privacy management hasn’t been a company priority, they’ve been ignoring a lot of red flags. Unfortunately, when something goes very wrong, they’ll look for someone to blame. And who do you think has the biggest target on their back?
People who say the CEO or CMO because they ultimately set priorities are thinking logically.
Unfortunately, the blame often falls on Marketing Operations, and some of us have stories about peers who were blacklisted from managing marketing automation in a market.
Is it fair that Marketing Operations is supposed to be an expert in all things MarTech—managing the department with the most tool options, which means application diversity—and understand privacy laws around the world?
No. Everyone should be aware of GDPR and CCPA. Your legal team should be proactive about posting policies and working with WebOps and MOPs to ensure your data collection and storage practices follow standard guidelines. Regardless, in the absence of proactive paid counsel, you are expected to communicate the risk of ignoring privacy laws. In addition, you are responsible for getting related projects appropriately prioritized.
(And it’s not a bad idea to document your recommendations and keep an external record of them if you are being ignored.)
What is the penalty for ignoring GDPR?
Up to 4% of your global revenue or €20 million, whichever is greater. The kicker is it doesn’t matter if you’re doing business in that country or intentionally reaching out to EU residents. If you collect information at internationally attended tradeshows (even if they’re in the US), you’re susceptible to being held liable for GDPR violations.
“I think it’s interesting that Marketing Ops professionals are expected to be technical experts but also have to play a role in policy creation around data privacy,” said Ali Wittich. “There aren’t many professions I know of where someone has to be the technical expert and provide the legal point of view on something. But understanding data security and privacy can be a competitive differentiator for marketers. Ideally, most companies by now (one would hope) have a clear stance on data privacy and how they process personal identifiable information (PII). If your company or your client doesn’t have a policy documented, you likely have a personal perspective on data privacy and what companies can capture and track and what they cannot.”
PII isn’t just a topic for companies that sell in Europe. While the European Union has rolled out some of the most stringent privacy policies, several other countries provide their residents protection, such as New Zealand, Australia, Canada, and the Philippines. The California Consumer Privacy Act (CCPA) aims to provide many of the same protections as GDPR, with Virginia’s CDPA and New York’s Privacy Act hot on California’s heels.
“When new regulations happen, people don’t take them seriously. Then they hear stories about formal violations. For companies making loads more than 20 million in revenue, they may not be worried about GDPR. But if a small company could be bankrupt.
“As consumers start becoming more aware of their data rights, they’re going to realize they’re victims of companies exploiting their PII, and they’re going to start reporting it. There’s going to be a wave of complaints.
“You don’t want to be known as THAT MOPs professional.”
Key Considerations for Privacy Policy Optimization
While you can (and should) manage the majority of your data opt-in records in your marketing automation platform, it has its limitations.
“Most marketing automation software now have built-in enrichment for country data. Unfortunately, the country data is often the company’s headquarters country, not the individual’s. We’re responsible for knowing whether or not the person resides in a protected country, whether or not they happen to be sitting in that country when they fill out a form or visit our website.
“For enrichment, I strongly favor ZoomInfo, which provides information at the individual person level.”
However, your marketing automation platform should be sufficient for date/time stamping opt-ins, opt-outs, and managing a double-opt-in process where needed. We recommend having an opt-in option on your forms and triggering a workflow to record this information in dedicated fields to track a person’s opt-in status, date opted in, and date opted out. It is possible for someone to opt-in, opt-out, and then opt-in again, so make sure your process workflow can handle complexity.
Another best practice is giving people the ability to opt-out of certain types of communication rather than assuming a global opt-out every time. This allows them to still receive product news but opt-out of marketing communications or receive newsletters and podcast updates but not hear about product news.
If your marketing leaders are tempted to ignore opt-ins in favor of mass emailing, remind them that:
- Email marketing isn’t as effective as it used to be (it should be part of your strategy, but only email people who proactively opted into communication)
- You can get good results advertising and retargeting to target contacts who haven’t opted in yet
- Involving sales in your one-to-one email marketing strategy to encourage more opt-ins is a solid strategy
- Ignoring privacy laws can put their job on the line and cost the company A LOT of money
Ali has also learned a valuable takeaway from poker lessons. “My poker coach teaches that statistically, 70% of your hands will be garbage, and you don’t need to feel an urge to play every hand. Only bet on quality hands. That lesson is important in marketing and marketing ops as well. If your data isn’t high quality, you shouldn’t be betting on it. Not every single lead is quality. 70% are probably bad. And that’s okay.”
PSA: If You Can Manage One MAP, You Can Manage Them All
On the RMR, we have emphasized over and over that people shouldn’t limit their careers by the technology they have managed. Skills translate across technology. What makes things confusing for an administrator is terminology. For example, criteria-based actions are called workflow, automation rules, or smart campaigns depending on which system you’re in.
Don’t let confusing documentation slow you down.
Ali Wittich, Anna Leary, and Bryan D’Andrea have created a lexicon for marketers that bridges the terminology used in Marketo, Pardot, and Hubspot. It’s like the one ring to rule them all—only you won’t turn into Smegal. Check it out here.
For more on the importance of data enrichment and examples of data privacy done well, listen to the full Revenue Marketing Report episode at the top of the article or anywhere you podcast.