To Whom Does it Apply?
The GDPR applies to any organization inside or outside the EU who is marketing goods or services to, and/or tracking the behaviors of, data subjects within the EU and EEA. If you do business with data subjects in Europe that involves the processing of their personal data, this legislation applies to you. Penalties for non-compliance are significant, with large fines for those in breach of the regulation; the maximum fine for a single breach is €20 million or 4% of annual worldwide turnover, whichever is greater.
Implications for Marketing
Marketers aim to create customer experiences that feel personal and human, founded on trust and delivered with care. Though the GDPR doesn’t use these terms, the goals are the same—to respect the rights of customers and to earn their trust. To build and maintain that trust, marketers must be attuned to the how, when, and why their customers want to be engaged. It’s critical that customer preferences are respected, not only as a legal requirement, but as the foundation of customer-focused engagement practices.
How marketers address these higher expectations around the collection, use, and security of the personal data that are routinely used in the course of their work is key, and Marketo can help with meeting those expectations.
There are two key aspects of the GDPR where marketers needs to review past, current, and future practices. The first is consent by the individual to process their personal data, and the second is accountability, namely being able to demonstrate how the principles of the GDPR are being followed.
We provide extensive information around consent and accountability within the Marketo platform in our e-book, GDPR and The Marketer. In this article, however, we will focus specifically on the new features in Sales Insight Actions that will help your organization adhere to GDPR rules.
GDPR Compliance in Sales Insight Actions
Sales Insight Actions is a powerful application—part of the Marketo Engagement Platform—that provides a single workflow and view for sales and marketing to collectively drive pipeline faster through collaborative engagement. New functionality in Sales Insight Actions has been created specifically with GDPR compliance in mind. We will outline all three functions and explain how they, when used properly, will help your organization’s GDPR compliance efforts.
Compliance Card
Sales Insight Actions includes a Compliance Card in the Person Detail View to provide key information on a contact’s Authorization Type, as well as their Source Type. This allows users to easily add and track information critical to data privacy, and helps them make more informed decisions on campaign/outreach strategy.
Contact Authorization Type
Within the Compliance Card, users can track the legal basis for processing a contact’s personal data through the Authorization drop-down. Understanding a contact’s authorization type helps Sales Insight Actions users make more informed decisions regarding outreach practices, ensuring that each campaign or engagement is legal and appropriate.
Users have numerous options to choose from, including:
- Consent
- Legitimate Interest
- Performance of a Contract
- Compliance with Legal Obligation
- Protection of Vital Interests
- Public Interest/Official Authority
- Other
Contact Source Type
Within the new Compliance Card, users can track the source of a contact. The Source Type defines where a contact’s information came from when initially uploaded into Sales Insight Actions. Understanding a contact’s source type also helps with decisions regarding outreach practices, as well as determining which other systems or locations personal data is stored, ensuring that each engagement is in-line with GDPR legislation.
Again, users have numerous drop-down options to choose from, including:
- CRM Sync
- Import
- Manual Upload
- Chrome Extension
- Other
Editing the Compliance Card
When the Person Detail View is open, click Edit in the Compliance Card.
You will see two drop-downs: Authorization Type and Source Type.
If you choose “Consent” as the Authorization Type, two mandatory fields: “Date of Consent” and “Purpose of Processing” will appear. These two fields are not applicable to other options.
If “Other” is chosen for either Authorization Type or Source Type, you may enter text to describe the Source Type.
Bulk Actions
Sales Insight Actions also allows for updating a contact’s Authorization and Source types in bulk, saving valuable time in the compliance process.
When you select one or more contacts from the People page, a dota (three dot menu) appears on the right. Click it, and you’ll see Authorization and Source are options. You can set the Authorization or Source of multiple contacts simultaneously.
When you click on the Authorization modal, a pop-up with drop-down options that match the ones in the Compliance Card appears.
After the Authorization Type is updated, you’ll receive a confirmation pop-up, and you’ll be able to see the updated details in the Compliance Card in the Person Detail View.
Similarly, the Source Type may be updated in bulk as well by clicking the Source modal.
After selecting the correct Source Type for your selected contacts, a confirmation window will appear to confirm the successful update.