GDPR is big, complicated, and, if I’m honest, a bit intimidating. As the director of digital marketing at Return Path, I oversee a lot of areas impacted by these new regulations. It’s my job to get up to speed on what GDPR means, understand how it impacts our work, and create a strategy to get our program fully compliant. Since Return Path is a global company, I need to be certain our marketing program is above board with how we collect, store, and use data—not just for our European customers, partners, and prospects, but for everyone we interact with.
Here are some of the steps we’ve been taking to get Return Path’s marketing program ready for GDPR as we close in on the May 25, 2018, effective date. Hopefully, our experience will help to provide some guidance for your program as well.
Check in with the professionals
At Return Path, we’re lucky to have a smart and talented team of Privacy and Legal professionals we can lean on to help us translate the legalese, talk through what the impacts are, and help us determine what steps we need to take to guarantee compliance.
If you haven’t already, check in with your privacy and/or legal teams for their insights and direction about GDPR compliance. They can bring to light nuances you haven’t considered (did you know the regulations aren’t just enforceable based on country of residence, but based on citizenship?) and help you work through plans to get your program fully compliant.
Stay in sync with your email marketing manager
I don’t know about your email marketing program, but we send a lot of emails. From transactional emails, to newsletters, to event invitations, to daily digests, we’ve got a lot of great content to share—and all of that email needs to be compliant with the new GDPR regulations. I’m fortunate that I sit just a few seats away from Laura, our email marketing manager, and we’re in close communication every day.
If you’re not directly responsible for the daily ins and outs of your email marketing program, it’s important to be in lockstep with the person who is. They’ll have the best insight into the nitty-gritty details of how your campaigns run, how clean (or not) your data is, and what the impacts of making changes will look like.
On the other side, if you’re the manager for the email marketing manager, it’s your responsibility to make sure they have all the tools they need—information, time, resources—to do their work and do it correctly to ensure GDPR compliance.
Keep your stakeholders up to speed
Of course, Laura isn’t the only person sending emails at Return Path. We have regional marketers, field marketers, product marketers, and others who play a role in building and sending communications, and it’s imperative that they all understand our procedures, who is and isn’t receiving communications and why, and the reasons we’ve implemented those policies.
To help get all our marketing team and internal stakeholders up to speed on the basics of GDPR, I’ve mapped out an internal communication strategy for the next few months. This strategy includes the steps we’re taking to ensure compliance, how any changes will impact our existing procedures, and what we’re doing to mitigate negative impacts (such as a drop in our mailing list size). From formal marketing department meetings to casual one-on-one conversations, it feels like we’re constantly talking about GDPR—but in my mind, there’s no such thing as over communicating in this situation.
Document your processes
One key step in keeping people on the same page is documentation. It’s boring. It’s tedious. It’s not particularly innovative. But good documentation is critical to keeping a large team, or even a small team, aligned with your email marketing policies and procedures.
We will apply GDPR standards to our entire email marketing program, but that might not make sense for every company. No matter what your approach is, it’s imperative that you’ve outlined your sending policy, so that a few months from now when someone comes to you with a question, or a new hire joins the team, or if (heaven forbid) someone questions a campaign you’ve sent, you have something that clearly explains the way things are done.
What are your sending policies? Do your policies vary by audience? What are your data storage policies? How do they vary by region? What defaults are in place that will be applied to any campaign send no matter what? Where are the opportunities to make decisions about who you send campaigns to? These are all important questions that require a clear answer that anyone in your marketing department can understand.
The GDPR buzz has only just begun, but if you start taking steps now to understand any changes you’ll need to make, coordinate with your email marketing manager, security and legal team, and other stakeholders, and get your policies and procedures fully mapped out, you’ll be ahead of the game and ready to go on May 25.
Holly is the Director of Brand & Digital Marketing at Return Path. In her role, she loves pushing the boundaries of the Return Path brand while creating fun and innovative digital experiences with her incredible team of designers, developers, and content creators. She’s as Type A as it gets, and there’s nothing she enjoys more than crossing things off a well organized “To Do” list. Outside of work, she’s usually speed-reading anything she can get her hands on, rewatching The Office, or spending quality time with her husband and two kids.
Enter your name and email address below to subscribe to our mailing list.