6. 6 Principles of GDPR
Lawfulness, fairness & transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity & confidentiality
7. The High Price of GDPR
Ramifications for non-compliance:
€20 million or 4% of global revenues,
whichever is greater
Projected revenue from first year fines:
$6 Billion
52% of businesses expect to receive fines in
the first year
77% of large US corporations are investing
$1 million or more for GDPR preparations
8. Consent Do’s & Don’ts
Capture & retain consent
documentation: Opt-in source,
DateTimestamp, IP address
Keep records forever
Include a separate (unchecked)
checkbox to capture consent
and link to your privacy policy
Bundle consent with
another action or make
opt-in checkbox required
15. Assessing Compliance Status
EU Directive Compliant (whitelisting campaign)
● Opt-in records with insufficient documentation
● Form submissions & tradeshow badge scans
● Existing Business Relationships
GDPR Compliant
● Adequate opt-in documentation
Legitimate Interest
● Customers
● Active sales conversations
16. Whitelisting EU Directive Names
Suggested Content:
1st Email: Legislation changes
2nd Email: Hot content / Stay on list
3rd Email: Final warning
Privacy policy acknowledgement
Obtain proper record keeping
17. Subscription Center Documentation
● Single opt-in sufficient except for Germany
● Germany requires double opt-in
● Marketing suspend non-compliant records
● Obtain proper record keeping
18. Data Intake Checklist
Common Sources:
○ Marketo Forms
○ CRM
○ List Uploads
○ Content Syndication
○ API
Require normalized country data
Opt-in is not required nor pre-checked, acknowledges privacy policy
Opt-in documentation is captured
19. Data Center - All
Offline Consent
Lapse in Consent
Limited Purpose
Limited Time Usage
Consent / Legitimate Interest
Data Rights Scenarios
20. Data Rights Center
Useful Fields:
○ Most Recent Activity Date, Most Recent Activity Detail
○ GDPR Data Rights, GDPR Data Rights DateTimestamp
○ GDPR Data Rights Source, GDPR Data Rights Notes
TRACKING RIGHT TO MAINTAIN & PROCESS DATA
Remember: GDPR loves documentation!
21. Data Rights Flow Example
Rights Lapse:
● Timestamps important
○ Consent Date
○ Most Recent Engagement
Smart List:
● Email consent CAN equal data consent
● Legitimate Interest defined with legal
22. Policy Request
Data Breach Notification
Data Export / Transfer
Opt-in and Unsubscribe
Building a Compliant Preference Center
Data Erasure
Managing Individual GDPR Rights
26. Right to Erasure
● Auto-response email
● Applies to all databases
● Marketo durable unsubscribe
● Legitimate interest may override
27. Handling Data Breaches
● Required notification: within 72
hours of becoming aware of the
breach
● Prepare: an action plan - and
practice it!
28. Cookie Usage
Adjustments:
● Turn on ‘Do Not Track’ Settings (Marketo
Admin)
● Post a Cookie Policy
● Evaluate API Cookie Management Platforms
Explicit Permission Needed
31. Implications on your MarTech Stack
Data Controllers vs. Data Processors
GDPR Toolkit: Perkuto.com/GDPR-Toolkit
Don’t overlook your MarTech stack!
32. Who You Gonna Call? Legal.
Get legal advice for:
· Privacy Policy
· Website T&Cs & Cookie Policy
· Data Protection Plan
· Data Processing Recordkeeping Plan
· Security Breach/Incident Response Plan
· Data Protection Impact Assessment
· Legitimate Interest Assessment
· Proof of Processor Compliance
34. The GDPR Fearless Marketer’s Creed
No Prisoners
No Cowards
No Regrets
● Obtain consent & be transparent in your data usage
● Be prepared for every data scenario; up your
marketing game
● Maintain appropriate documentation; train your
team
35. Success!
Prepare your organization
○ The 6 principles of GDPR
○ Scrutinize consent & documentation
Take action now
○ Whitelisting campaigns
○ Critical Marketo updates
Fearless Marketer’s Creed
★ Your marketing CAN thrive in a GDPR world!