Constellation puts forward for marketers to conduct the audit of the avenues by which they can interact with personal data. It is high time that you create a customized GDPR by considering the best guidelines that are highlighted below.
1. Through appointing a GDPR team or lead within the marketing area so as to review all data handling strategies
Constellation requires the CMOS to appoint a team or a person who will be in charge of handling all data in the marketing department of an organization. The main marketing data lead must work closely as part of the team that manages data with the DPO so as to review and approve all marketing campaigns with the European nations before they are executed.
A compressive review of the handling procedures, data collection methods, and the current mailing lists must be done.
Reviewing current mailing lists- You must check all the contacts with the EU countries so as to verify the records. You can remove those individuals who have not given a formal permission notice. You can also create a different segmentation list for those who have market automation so that they can be given permission in future provided they have fulfilled the GDPR compliance.
You must record all the data collection steps and channels – Record all the channels through which the marketing department gets contact data for instance list of purchases, sales, partners, website registrations and event. You must make sure that there is proper permission process for every channel.
Ensure that you inform your marketing team how serious the GDPR is – You can help every member of the team to understand some of the consequences that may befall them when they do not follow the regulations. Constellations do suggest that you must work with development and learning teams so as to ensure that all employees are taught a data handling course.
2. Measures to take when you are collecting personal data
On the web forms and websites
Give a clear wording- All organizations are required to use non- legalese and clear language which allows the person to offer proper consent. In case your company collects all personal information using the web form, constellation requires that you must post an understandable way on how the information can be used.
As an expected procedure, you must include a verbiage that resembles the cookie consent information that is on web forms. For instance the EU online handbook, you will learn that this site utilizes cookies so as to give you a good experience when you are browsing.
Create the process for verifying the age- The GDPR compliance needs parental permission so as to collect and process personal data of all children who are below 16 years of age. You can create an independent process of verification such as email notification, filling forms so as to collect the email of the parent and process a different permission.
In person
You must obtain the permission to collect personal information while you are present yourself. In case you are collecting personal data yourself for instance for a testimonial video, at an event, you must ask for permission for you to include a field for the person to check when he/she has made a decision to be emailed. Constellation requires all the event organizers to give an explanation on how personal data can be collected and utilized by the people when registering.
3. Managing existing leads and contact in the database
You must try to send an email verification notice to all the active EU contacts requesting them to reverify the email address so that they can renew their permission to receive direct email communication and mobile in-app.
Creating a center of preference- All organizations must consider creating a center of preference which gives customers authority to manage their preference of communication. A center of communication preference refers to the destination on the web which allows customers to opt in or out of the subscriptions for instance notification emails or newsletters informing the customers of new products or discounts. The GDPR compliance requires one to obtain uncorrupted permission using specific and clear language. Therefore to make sure that the center of preference communication has attained the GDPR compliance, the outline for the subscriptions should be written clearly and how often the emails will be sent. When it comes to business to business institutions, the consent may be differentiated using the line of product and indicate clearly how many times the person can be contacted.
4. update the privacy policy on regular basis and try to notify the customers in time
You must indicate a clear direction on the privacy policy on the website such as how to collect the information, store it and the organization can be contacted. For instance, the page of the privacy policy of Expedia.com‘s has been comprehensive, straightforward and worded clearly. You will get that all the categories in this site are outlined well-using links which direct one to the right section; this is a better idea rather than a one-page information page.