GDPR Is Already Here: A Simple Marketing Guide for Compliance

The General Data Protection Regulation (GDPR) initiative has put customers back in the driver’s seat. Customers and prospects will henceforth own their personal data and have control over the communications they receive.

As marketers, we represent the voice of the customer. The European Union’s GDPR helps us do that by focusing on the “customer first.” The best possible outcome is that Marketing provides the customer with information considered valuable.

We should do so not only for EU customers but for all customers.

Preference Center

One way to provide valuable information to customers and prospects is to use a preference center.


Forrester defines it as follows: “The business practice of systematically collecting, managing, and utilizing explicit customer preferences—about frequency, channel, content, interests, and intent—in outbound communications. These preferences are managed in a centralized repository and collected in a user-facing portal known as a preference center.”

Preference management provides you with the ability to honor your customers’ needs, improve marketing ROI, and comply with GDPR regulations.

A preference center is based on the issues you solve for customers, not on the solutions you sell. Customers can identify how often they want to receive communications from you and on which marketing channels—email, text, blogs, etc.

The following table shows which functions customers should be able to easily perform once you’ve created your preference center:

A sample preference center that complies with GDPR is shown below. The preference center must be mobile and tablet (cross-device) friendly to ensure your customers and prospects can access the preference center on any device.

User Experience

The user experience for the preference center is critical. Companies with great customer experience drive revenue growth, Business.com research indicates. The user experience for your preference center should be interactive and it should immediately update across devices via responsive design.

Tips to enhance the customer experience:

  • Collect only needed information.
  • Required versus optional fields: Every field should not be required—only the fields that are relevant for the user experience. For example, if the subscriber opts into email, then the preference center should require the email address; if the subscriber opts into SMS, then their mobile number is required; and so on.
  • Pre-populate forms: Use the customer data from your marketing database to save the subscriber time and inherently provide a better experience.
  • Global unsubscribe: A global unsubscribe operation is required. CAN-SPAM opt-out law also requires marketers to enable this feature in real-time.
  • Access and security: The preference center should be easy to access and should require authentication only if the subscriber intends to update his/her information or preferences.
  • Not a target? An email should be sent to the subscriber thanking them for their response and letting them know that the company cannot assist at this time.
  • Verify a subscriber’s preferences: (a) The marketing automation system should send an email to the subscriber asking him/her to confirm the subscription; (b) the system should present a clear confirmation screen and save the subscriber’s response; (c) the system should send an email verifying any changes made to the subscriber data.
  • Segmentation: A preference center must connect with the marketing database. Only those subscriber selections should be sent to a subscriber.
  • Reporting: On-demand reports should be available showing all subscriber changes and requests.
  • Data validation and alert system: A set of data validation rules and related alerts are needed when unusual activity is detected.

Marketing Systems

Both your marketing database and your marketing automation system play a role in complying with GDPR and providing a quality customer experience.

The marketing database should be responsive without API limits and/or transaction bottlenecks. It must process multiple real-time transactions from all data sources daily: Web, email, social, and other marketing channels. Most important, it must be able to create a single record for a subscriber to include all the subscriber’s information globally. New data from the subscriber should update existing data. The database should allow for integrated reporting for a subscriber from all marketing channels.

The marketing automation system should be cleansed daily using the data in the marketing database. (Vendors are available that can assist.)

User Acceptance Testing

A best-practice for the preference center includes user-testing of the layout, navigation, and content. Here, the focus is on ensuring easy task completion, and organizing the layout into logical groupings of preferences and interests.

Data Protection Officer

GDPR requires that companies have a data protection officer. Under Article 37, data protection officers must be appointed for all public authorities, and where the core activities of the controller or the appointment processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data” (such as race or ethnic origin, political preference, religious or philosophical beliefs, and the like).

Although an early draft of the GDPR limited mandatory data protection officer appointment to companies with more than 250 employees, the last version has no such restriction.

Though GDPR may seem difficult, it will be less so if you think Customer First. That mindset is what marketing is all about, and GDPR only moves us closer to achieving it.

For Additional Research

Some resources for meeting GDPR requirements:

Let’s block ads! (Why?)

MarketingProfs Daily: Email Marketing

Add Comment