What are you doing to plan and prepare for GDPR?

HL Admin
GDPR is right around the corner (May 2018), what is your marketing team doing to plan and prepare?
0

Comments

2 comments

  • Comment author
    Sion Stedman
    Hi all, hope all's well.

    Ahead of the GDPR taking effect, I have proposed to my marketing manager colleagues that they run a campaign to promote to existing contacts the benefits of opting in to receive marketing communications. We would then have a record of those who have opted in together in a 'consent master list', which can feed automated programs to update other Act-On lists as necessary.

    In January I am planning to ask our teams to extract from our various CRMs lists of all current clients. We will then update our Act-On master list. Following that, colleagues can run campaigns to get as many contacts as possible explicitly double opted in, and opted in to receive marketing communications (as required by the legislation).

    In the summer we will have a tidy-up to remove from Act-On all individuals whose details we do not have consent to contact or hold for marketing purposes. We plan to do such a cleansing exercise every nine months thereafter.

    After the GDPR takes effect in May, I am planning that when our customer service team sends their 'welcome email' to clients, there will be a link to a page where they can opt in to receive marketing communications. If clients chose to opt in, this then triggers a double opt in process and will record that they have opted in and what their marketing communication preferences are.

    Alongside these Act-On activities, we are updating the company Data Protection Policy, Privacy Policy and Cookie Policy. We will also have a specific Marketing Data Protection Policy which sets out the processes and policy that marketing colleagues are expected to adhere to.

    My biggest concern about the entire project is that of gaining consent from existing contacts. Elements of the four pieces of legislation we are following (the GDPR/the Data Protection Act/the PECR/the ePrivacy Regulation) are yet to be finalised. This means that we have no choice but to carry out our re-consent exercise based on a 'best guess' interpretation of legislation as it stands. I am concerned about collecting people's consent before 25 May 2018, only to find after then that the consent we have collected is in some way non-compliant. This would mean that we have missed our single chance of collecting people's consent. Does anyone have any views or suggestions regarding this?



    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 09-13-2017 12:23
    From: Act-On Admin
    Subject: What are you doing to plan and prepare for GDPR?

    GDPR is right around the corner (May 2018), what is your marketing team doing to plan and prepare?
    0
  • Comment author
    Sion Stedman
    Further to the above – and Act-On might already be advising users of this – organisations handling EU-based data should implement a double opt-in process for every sign-up form. GDPR means that in the EU, a double opt-in process will be a standard requirement (that is, collecting evidence of a person's consent that a) the submitted email address belongs to them, and b) that you can contact them using that address for whatever it is they have signed up to).

    New Act-On clients in particular should be advised to implement a double opt-in process from the outset. Unfortunately my company missed this opportunity, as a double opt-in process was previously only 'good practice', rather than the requirement it will become under GDPR. We will now be applying the process to our existing forms and contact lists.

    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-04-2018 08:08
    From: Sion Stedman
    Subject: What are you doing to plan and prepare for GDPR?

    Hi all, hope all's well.

    Ahead of the GDPR taking effect, I have proposed to my marketing manager colleagues that they run a campaign to promote to existing contacts the benefits of opting in to receive marketing communications. We would then have a record of those who have opted in together in a 'consent master list', which can feed automated programs to update other Act-On lists as necessary.

    In January I am planning to ask our teams to extract from our various CRMs lists of all current clients. We will then update our Act-On master list. Following that, colleagues can run campaigns to get as many contacts as possible explicitly double opted in, and opted in to receive marketing communications (as required by the legislation).

    In the summer we will have a tidy-up to remove from Act-On all individuals whose details we do not have consent to contact or hold for marketing purposes. We plan to do such a cleansing exercise every nine months thereafter.

    After the GDPR takes effect in May, I am planning that when our customer service team sends their 'welcome email' to clients, there will be a link to a page where they can opt in to receive marketing communications. If clients chose to opt in, this then triggers a double opt in process and will record that they have opted in and what their marketing communication preferences are.

    Alongside these Act-On activities, we are updating the company Data Protection Policy, Privacy Policy and Cookie Policy. We will also have a specific Marketing Data Protection Policy which sets out the processes and policy that marketing colleagues are expected to adhere to.

    My biggest concern about the entire project is that of gaining consent from existing contacts. Elements of the four pieces of legislation we are following (the GDPR/the Data Protection Act/the PECR/the ePrivacy Regulation) are yet to be finalised. This means that we have no choice but to carry out our re-consent exercise based on a 'best guess' interpretation of legislation as it stands. I am concerned about collecting people's consent before 25 May 2018, only to find after then that the consent we have collected is in some way non-compliant. This would mean that we have missed our single chance of collecting people's consent. Does anyone have any views or suggestions regarding this?



    ------------------------------
    Sion Stedman
    Idox Software Ltd
    ------------------------------

    Original Message:
    Sent: 09-13-2017 12:23
    From: Act-On Admin
    Subject: What are you doing to plan and prepare for GDPR?

    GDPR is right around the corner (May 2018), what is your marketing team doing to plan and prepare?
    0

Please sign in to leave a comment.