Martech and GDPR: A B2B marketer’s guide
With one month to go until GDPR comes into force, Emma Crofts of The Marketing Pod explains how the regulation will affect the use of martech
As the enactment date of GDPR looms ever closer, many marketers will be making last-minute checks, wanting to be 100% certain their systems and processes are compliant. GDPR not only places a more onerous duty on businesses that handle personal data than ever before, it also contains far more expansive and up-to-date definitions of what actually constitutes personal data. GDPR is legislation for the digital age. It considers cookies and IP addresses, it replaces outmoded regulations from 1995, and the rules and penalties it introduces will apply to any business that processes the personal data of people who are living in the EU; meaning it has also forced large global businesses like Facebook sit up and take notice.
For anyone using martech (and that’s most of us), GDPR compliance has probably been on the agenda for some time now. Getting GDPR-ready will have been a complex journey for software providers and many will have been keen to share news of their efforts with users – raising awareness along the way.
However, as with any new regulation, there will be those who have put GDPR on the back-burner for a little too long. If you’re quietly wondering whether you should be doing more or have simply assumed that your software provider will be doing the legwork behind the scenes, it’s not too late to catch up. The simple fact is this: as of 25 May 2018, gathering and making use of your customers’ personal data, for marketing purposes or otherwise, makes you a data controller. With this new title comes new responsibility – and shirking that responsibility could lead to hefty penalties. So, with that in mind, it can be helpful to get back to basics – to be sure you understand how GDPR affects your business and how it alters your relationship with the other businesses you trust with your database.
What is martech?
First, let’s be clear exactly what we mean by martech. Martech Today describes it simply as “the blending of marketing and technology”, elaborating further by telling us that martech “especially applies to major initiatives, efforts and tools that harness technology to achieve marketing goals and objectives".
Scott Brinker, chiefmartec.com
27% of marketing budget is now allocated to technology
Martech has a broad and ever-growing range of applications, from sales intelligence, marketing personalisation, social media monitoring and CX management; through to PR, project and workflow management, and predictive analysis – the list goes on. In an industry where consolidation appears to be a dirty word, ‘martech’ has become a catch-all buzzword for any technology that can be leveraged to improve marketing performance, deliver greater personalisation, or enable more joined-up customer experiences.
In May 2017, the number of separate solutions which came under the martech umbrella was estimated to be 5,381 – a 40% growth year-on-year. Scott Brinker’s Martech 5000 ‘supergraphic’ gives us a brilliant visual insight into a crowded marketplace that is difficult to categorise, experiencing a prolonged period of hyper-growth, and where big names like Adobe and Hootsuite sit alongside niche tech developers and start-ups. Despite their disparity, all providers great and small have one thing in common: they are nothing without good data.
When Brinker tells us that ‘everything digital is controlled by software’, he seems to be stating the obvious – but this simple truth forces us to take a look at the systems and processes that we’re using every day. So, if you think you don’t use martech, my advice would be to look again. Anything we do to communicate with our customers and clients in the digital environment requires us to choose software that will manage the data we’ve collected; software that will shape our customer, client and stakeholder relationships. Whether you use one solution or a full stack, now you need to choose software that is not only compatible and relevant but also GDPR compliant.
What is GDPR?
For anyone holding or handling customer data, GDPR is a game-changer. Handed down from the EU, the regulation holds more force than a directive and doesn’t require additional enactment in statute. It will apply in all member states from the same date: 25 May 2018. The UK’s decision to leave the EU will not affect the commencement of the new rules.
GDPR stands for General Data Protection Regulation, which unfortunately makes it sound a little woolly – and a common complaint is that the regulatory wording leaves businesses unclear of their obligations in some important areas, particularly when it comes to B2B marketing. More will most certainly become clear with the first enforcement actions, but with weighty penalties set at €20 million or 4% of annual turnover, waiting for clarification isn’t really an option.
Savvy marketers are acting on what they know already: the required changes to privacy policies and permissions, along with the new concept of pseudonymisation and the all-important ‘right to be forgotten’. From a martech perspective, the ability to delete all traces of an individual from your database has been the most technically difficult aspect of the new rules. It goes beyond a restriction on processing and means not only being able to delete all data being actively used, but also being able to trace and delete all archived data.
Contractual certainty is a must-have
It’s here that your relationship with martech providers comes to centre stage. With access to your customer data and instructions to manipulate it for your marketing needs, providers will become data processors under GDPR. Their new responsibilities will include an obligation to ensure the data is only used for the activity instructed and that all activity is recorded. They will also have a duty to ensure their contract with you, the data controller, is GDPR compliant and contains language demonstrating they will assist you with compliance. But it falls beyond their remit to ensure the correct permissions and privacy policies are in place. This is the duty of the data controller.
While the contractual changes required under GDPR will help to indemnify marketers in case of a processing violation and should clearly set out the duration, nature and purpose of processing, there are also likely to be clauses limiting liability in the case of missing permissions. Protect yourself by treating your martech contracts to a little extra scrutiny – while also re-evaluating your data-gathering processes. Careful planning will become more important than ever before, so my advice would be to get your customer journey carefully mapped out and have the GDPR mantra of ‘privacy by design and by default’ always in mind when you’re reviewing your processes or choosing a new tech partner to work with.
While no distinction is made between B2C and B2B activities under the GDPR, the regulation is being viewed quite differently within each of the two camps, perhaps because the personal data held by B2B marketers is viewed as being less personal. With less impact expected on the individual due to processing their data, it seems that many B2B marketers are planning to rely on the ‘legitimate interest’ clause contained in the regulations when it comes to contacting their existing database and new customers. It’s the most flexible of the six lawful bases for processing data without explicit permission and has been widely interpreted within the B2B world to mean that businesses can use the data of professional individuals to inform them about services or products which they can reasonably assume may be of interest or benefit to them. Relying on legitimate interest is a risk-based approach and one on which marketers would be wise to seek specific legal advice. In the case of a dispute, the onus will be on the data controller to demonstrate that they have considered protecting the rights of the data subject and that their own interests are balanced with that of the individual.
More change to come
It's easy to see why some marketers are falling back on legitimate interest, despite it being a woefully short-sighted approach. The data-privacy status quo created by GDPR will, after all, receive another shake up when the expected updates to the existing eprivacy directive eventually comes into law. B2B marketers could therefore be forgiven for taking the short cuts available to them while they remain in legislative limbo. The new Regulation on Privacy and Electronic Communications will replace the Privacy and Electronic Communications Directive and was intended to come into force on the same day as GDPR. It is currently unclear whether it will maintain the softer approach of the existing PECR or bring B2B regulations into line with GDPR. But B2B businesses would do well to start getting their data ducks in a row now. Those who take timely action will not only future-proof themselves, they will also lay foundations of trust and transparency; valued commodities among their increasingly cynical digital audience.
Realising the opportunity
GDPR is certainly a challenge – but it’s one that holds an important opportunity for marketers. Here is a reason to re-engage; to make sure the information you’re providing to your database is relevant and interesting. Do you know how they feel when they see your email communication in their inbox? Now is the time to ask. Gain their express permission to communicate with them and you’ll find yourself at the beginning of a far more meaningful relationship. My advice would be to make GDPR compliance and data security a selling point, demonstrate that you care about your customers’ privacy, and get their express permission to keep on getting in touch. Then back this up by only using GDPR compliant martech providers that can offer complete security and privacy. While your data levels may take a hit, what you lose in volume, you’ll gain in value.
Far from signalling the end of marketing, GDPR should be seen as an opportunity to rethink your marketing strategy and reposition the function as a source of genuine competitive advantage.