Have you heard of GDPR?
If you haven't recently been spending all of your time becoming an expert, I am very jealous. Here is the overview.
Acording to EUGDPR.org: The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
So what did this mean to us?
The current law applies to countries in the EU, however we are anticipating this will lead to a number of countries across the world implementing similar policies. We have decided to make GDPR our new global standard for all countries. The main ways the GDPR effected us as a marketing organization is around contacts rights regarding what data we have about them and how we intend to use it. To achieve compliance you need to :
- Follow new opt in permission rules
- Store additional data about when, where and how you collected a contacts data
- Allow contacts to request you forget all of their data (and comply with forgetting all of their data)
In addition to the above regulations there are a number of additional points to be considered, however each companies legal department can interpret these laws differently based on how they do business. We spent a lot of time with our legal teams working to understand each specific part of the new regulations as well as how each aspect of the marketing that we do would be effected.
Our goal was to find a way to track all the necessary GDPR information within Eloqua so we didn't need any 3rd party vendors. Note, we need to leverage 3rd party vendors for other parts of our GDPR implementation but not the email aspect. We also had a very formal deadline we needed to meet as GDPR had a legal go-live date. Since we already invest a lot in our Eloqua instance we hoped to be able to use some of the more advanced features of Eloqua to build our own GDPR programs.
Another important element we needed to consider was ease of use. We have 2 Eloqua admins and 20+ Eloqua users. We needed all the users to be able to easily update and access this information, while also making sure it wasn’t accidentally deleted or altered.
Our final challenge is that we currently use 2 different email automation vendors. We needed to determine if we should ensure they were both GDPR compliant, or migrate all users to one tool.
First, we determined that we thought you could build out all the necessary steps in Eloqua. We also had enough room in our contact ban to move anyone who would be affected by GDPR over to using Eloqua.
Next, we needed to build out the process that would live in Eloqua. We did an evaluation of all of our forms in any form tool. We then made sure any forms that opted people in lived in Eloqua and also collected the required GDPR information. Through a variety of form processing steps, all required GDPR fields are updated on the contact record. We chose to put this information on the contact record for ease of use for all users. The final processing step is to send people to our GDPR Update Program.
At the same time, we created some new processes about what is required when doing a list upload. All the GDPR fields are now also required for users to populate during a list upload.
The GDPR Update Program is fed by any forms collecting opt-ins as well as any contacts that were recently added to the database or updated. Using the form submit app we can pass all the GDPR information that was collected on the contact records to CDO’s for back up. This program also allows any contacts who get deleted from Eloqua and then re-added to have their CDO’s re-connected to those contacts.
I also created a number of templates for our users to make sure they were able to easily follow the process moving forward. Campaign, form and segment templates all help to make sure they are following the process correctly. I also hosted a training for all users and provided how-to guides on the entire process.
The Topliners community was helpful when developing the process. I was able to find examples of how others used functionality I don’t use daily to help me determine if my process would work, such as would a CDO be re-linked to a contact that was deleted using the form submit app.
The training courses that I took were helpful as well because this involved a lot of outside of the box thinking. The B2B: Program Canvas and the section on forms were the most helpful. There are so many features that I forget about if I don’t use them regularly, it was great to have a refresher and remind me of other ways to use both of those features.
Impact of Project:
This program has saved us a ton of money from needing to pay a 3rd party vendor to set up the tracking for us or to leverage a tool they have built to ensure GDPR compliance. It was also much easier to train users to make changes to the way they use a tool they are already familiar with than it would have been to train them to use a new tool. The templates and guides have really helped to ensure that everyone is following the process and so far things have been running smoothly.
Leadership was also very impressed with how we were able to accomplish all this leveraging the tools that we already had in place. They understood how much time and effort we put into this project and were very appreciative of our hard work.