The General Data Protection Regulation (GDPR) goes into effect on Friday, May 25, and by now most organizations have at least a basic understanding of how it will affect growth marketers and how to navigate customer consent.
Yet, even if you’ve worked extensively with your legal and compliance teams, you might still be wondering whether your GDPR strategy is truly comprehensive. Have you covered all your bases in case of an audit? Even after triple-checking, have you forgotten an important element to ensure privacy by design and protect your customers’ fundamental rights?
Not to worry—Iterable, in partnership with the experts at Kazo Security, has developed a customizable worksheet to properly prepare your company’s marketing operations under the GDPR. It addresses seven key GDPR initiatives, four of which we consider the most critical for marketers.
Read on for your last-minute GDPR cheat sheet on the four core initiatives to enact now, if you haven’t already taken steps to do so.
Don’t like reading? We’ve got a video version of this GDPR cheat sheet as well.
The Growth Marketer’s Last-Minute GDPR Cheat Sheet: 4 Core Initiatives to Enact Now
1. Subscription Center
A long-held asset in the marketer’s toolkit, subscription centers provide prospects and customers the ability to unsubscribe from marketing communications, as well as selectively opt-in and choose the content they would like to receive.
Now is an excellent time to re-evaluate your subscription center and make sure that it contains all the following elements to ensure its compliance:
- A detailed landing page that lists all available subscription options, each with a clear understanding of what consumers will receive
- An operational smart campaign that can effectively manage subscriptions (meaning, the center actually has to work!)
- Easy-to-identify links in each email and landing page that include unsubscribe or opt-out features
- A process to track prospect and customer requests, as well as confirm completions
Those who have subscribed to Iterable’s own marketing communications should stay tuned for the launch of our brand-new subscription center—coming soon!
2. Smart Lists
Every company’s growth marketing platform should feature a “Smart List” function that will run opt-in campaigns and manage user preferences. Known as Dynamic Lists within Iterable, Smart Lists are a built-in system that encourages data management efforts by automatically sorting contacts.
Below are a few commonly used Smart Lists that can effectively exclude individuals from marketing campaigns:
- All Users: everyone in your database
- Unsubscribed Users: users who are unsubscribed from marketing-related correspondence but can be sent transactional messages
- Blacklist: users who will not receive any messages
- Bounced: undeliverable email addresses
- Possible Duplicate: users that are duplicated in your marketing database
3. Double Opt-In
While not explicitly required by law, double opt-in consent campaigns provide an added layer of security for organizations looking to ensure their GDPR compliance.
Double opt-ins are also generally regarded as a marketing best practice for improving deliverability and increasing engagement. By preventing invalid addresses, mitigating hard bounces and reducing spam complaints, you can significantly augment your sender reputation with a double opt-in campaign.
4. Data Retention
The GDPR defines consent as an act that is:
- Explicitly given
- Easily informed
- Not “bought” with another transaction
This means that the days of pre-checked permission forms and deeply buried privacy policies are officially over. Information request forms must provide a description of data usage and a link to the privacy policy indicating how customer information will be handled and stored.
It’s important to determine your organization’s procedure for data retention to ensure that opt-in consent to receive ongoing marketing communications is considered an independent action—not assumed with a content download or contest entry.
The Final Countdown to GDPR Compliance
The GDPR applicable date may be only days away, but if you’ve addressed these four key initiatives from our GDPR cheat sheet, you’re already well on your way to transforming your marketing for the better. And don’t forget to download your complete copy of all seven initiatives, so you can ensure a comprehensive compliance strategy.
The Iterable team will continue to assist you regarding this regulation, so if you have any questions or concerns about GDPR best practices or how Iterable is preparing for the GDPR applicable date, please reach out to us at compliance@deviterable.wpengine.com.
