If compliance isn’t at the top of your yellow legal notepad’s to-do list, it’s time to make a new list. In this session, Keith Nyberg, Marketing Technology Consultant at Etumos, guides you through best practices for managing your database as you move toward a more compliant model to ensure that your program is really doing what you think it is. Learn ways to effectively implement privacy compliance for your organization in Marketo.
4. About Me
Professionally
• Marketing Automation Manager at SugarCRM
• Traveled through Southeast Asia
• TH, LA, KH, MY, ID, SG, PH, VN & JP
• Marketing Technology Consultant at Etumos
• San Diego Marketo User Group
5. About Me
Professionally
• Marketing Automation Manager at SugarCRM
• Traveled through Southeast Asia
• TH, LA, KH, MY, ID, SG, PH, VN & JP
• Marketing Technology Consultant at Etumos
• San Diego Marketo User Group
Personally
• Enjoy surfing, stacking rocks, running BM camp
& taking my RV places
• Currently in Oceanside, CA
9. Agenda
What is Privacy Compliance?
Goal of Privacy Compliance Program
The Ideal Program State
10. Agenda
What is Privacy Compliance?
Goal of Privacy Compliance Program
The Ideal Program State
Steps to Implement
11. Agenda
What is Privacy Compliance?
Goal of Privacy Compliance Program
The Ideal Program State
Steps to Implement
This is NOT legal advice!
Topic discussed today are purely philosophical
and no guidance provided should be
considered as legal advice.
Privacy Compliance is tricky… it is your job to
work with your legal team to balance risk and
business success. Too much enforcement can
affect the business negatively, not enough
enforcement can lead your company to legal
consequences.
Let your legal team determine the right
balance!
12. What is Privacy Compliance?
Source:
https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx
13. What is Privacy Compliance?
Source:
https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx
14. What is Privacy Compliance?
LOTS OF LAWS!
Source:
https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx
15. A company's accordance with established personal information
protection guidelines, specifications or legislation.
Privacy Compliance is..
16. A company's accordance with established personal information
protection guidelines, specifications or legislation.
A company with good privacy compliance processes adheres to
regional regulations and enforces these regulations in their
communication strategy.
Privacy Compliance is..
17. How Legal talks
EXPRESSED CONSENT - any freely given, specific, informed and unambiguous indication
of the data subject's wishes by which he or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of personal data relating to him or her.
(Article 4(11))1
Sources:
https://gdpr.eu/gdpr-consent-requirements/
https://crtc.gc.ca/eng/com500/guide.htm
18. How Legal talks
EXPRESSED CONSENT - any freely given, specific, informed and unambiguous indication
of the data subject's wishes by which he or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of personal data relating to him or her.
(Article 4(11))1
IMPLIED CONSENT- may include having an existing business relationship (EBR) based on a
previous commercial transaction with the recipient; or having an existing non-business
relationship based on, for example, membership in your club, or if the recipient
participated as a volunteer for your charitable organization; or where a person makes
their email address publicly available by publishing it on a website.
Sources:
https://gdpr.eu/gdpr-consent-requirements/
https://crtc.gc.ca/eng/com500/guide.htm
19. How Legal talks
EXPRESSED CONSENT - any freely given, specific, informed and unambiguous indication
of the data subject's wishes by which he or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of personal data relating to him or her.
(Article 4(11))1
IMPLIED CONSENT- may include having an existing business relationship (EBR) based on a
previous commercial transaction with the recipient; or having an existing non-business
relationship based on, for example, membership in your club, or if the recipient
participated as a volunteer for your charitable organization; or where a person makes
their email address publicly available by publishing it on a website.
Sources:
https://gdpr.eu/gdpr-consent-requirements/
https://crtc.gc.ca/eng/com500/guide.htm
20. How MOPs talks
EXPRESSED CONSENT
• Opt-In: asking for consent to marketing on your company’s form
21. How MOPs talks
EXPRESSED CONSENT
• Opt-In: asking for consent to marketing on your company’s form
• Double Opt-In: asking for consent to marketing on your company’s form, in addition
to asking them to reconfirm their request via email
22. How MOPs talks
EXPRESSED CONSENT
• Opt-In: asking for consent to marketing on your company’s form
• Double Opt-In: asking for consent to marketing on your company’s form, in addition
to asking them to reconfirm their request via email
IMPLIED CONSENT
• Opt-Out: consent to marketing assumed until Opt-Out occurs
23. How MOPs talks
EXPRESSED CONSENT
• Opt-In: asking for consent to marketing on your company’s form
• Double Opt-In: asking for consent to marketing on your company’s form, in addition
to asking them to reconfirm their request via email
IMPLIED CONSENT
• Opt-Out: consent to marketing assumed until Opt-Out occurs
OTHER IMPLIED CONSENT
• Customer/Ex-Customer: existing/previous business relationship
• Hand-Raises: contact requests, inbound emails, etc
26. Program Goals & Outcomes
This program WILL
1) safeguard your instance
27. Program Goals & Outcomes
This program WILL
1) safeguard your instance
2) capture consent details
28. Program Goals & Outcomes
This program WILL
1) safeguard your instance
2) capture consent details
3) follow S.C.R.I.M. best practices
29. Program Goals & Outcomes
This program WILL
1) safeguard your instance
2) capture consent details
3) follow S.C.R.I.M. best practices
Source:
https://www.freepngclipart.com
LEGAL
30. Program Goals & Outcomes
This program WILL
1) safeguard your instance
2) capture consent details
3) follow S.C.R.I.M. best practices
Source:
https://www.freepngclipart.com
I’m stoked!
LEGAL
31. Program Goals & Outcomes
This program WILL
1) safeguard your instance
2) capture consent details
3) follow S.C.R.I.M. best practices
This program will NOT
• manage communication preferences
• append Email Opt-In – EVER!
Source:
https://www.freepngclipart.com
I’m stoked!
LEGAL
38. Unsubscribed
Privacy compliance is enforced using Unsubscribed.
This means that Unsubscribed will be set TRUE for any record that has not
provided consent based on their country’s requirements.
Anyone that should not receive direct marketing due to privacy compliance
will be automatically blocked from emails sent from Marketo and Salesforce.
This will occur on creation, or when the person’s location changes to a region
that requires consent.
48. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
49. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
1. One segment for each unique compliance process
50. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
1. One segment for each unique compliance process
2. Group consistent processes together
51. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
1. One segment for each unique compliance process
2. Group consistent processes together
3. Always have Other and Unknown
52. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
1. One segment for each unique compliance process
2. Group consistent processes together
3. Always have Other and Unknown
4. Know what process Other/Unknown/Default should fall into
53. The Segmentation
Legislative Approach
1. Embargoed
2. GDPR
3. CASL
4. Australian Spam Act
5. Other
6. Unknown
7. CAN-SPAM
8. Default
OPs Process Approach
1. Unsubscribe
2. Double Opt-In
3. Opt-In
4. Other
5. Unknown
6. Opt-Out
7. Default
1. One segment for each unique compliance process
2. Group consistent processes together
3. Always have Other and Unknown
4. Know what process Other/Unknown/Default should fall into
5. Sort by importance
56. Segmentation Fields
Safer fields to use
• Inferred Country (IP address)
• Country (form selection)
Riskier fields to use
• Account Billing Country (account)
• Account Shipping Country (account)
57. Segmentation Fields
Safer fields to use
• Inferred Country (IP address)
• Country (form selection)
Riskier fields to use
• Account Billing Country (account)
• Account Shipping Country (account)
58. Segmentation Fields
Safer fields to use
• Inferred Country (IP address)
• Country (form selection)
Riskier fields to use
• Account Billing Country (account)
• Account Shipping Country (account)
*Be mindful of enrichment!
61. The Ideal Program Components
1. Fields
2. Segmentation
3. Program
Source:
https://media.giphy.com/media/H6KusZ8pzxtyymblnE/giphy.gif
62. SCRIM Methodology
Scalable - The solution will work equally well at 10x, 100x or 1000x the current volume.
Clear - The solution is clearly marked and what is happening can be easily understood by
anyone in the system.
Robust - The solution can be tweaked or modified in the future as needs change without
being entirely scrapped.
Intelligent - The solution reports on its own effectiveness with proactive exception reports
and comprehensive logic.
Modular - The solution is broken down into smaller components that interact together, to
future-proof the larger system and allow for reordering as needed.
66. Steps to Migrate to New Program
• Build program skeleton
• Meet with legal/sales leadership
• Demo the program
• Discuss current process
• Ask if there are any needed changes to current process
• Build new fields
• Configure program
• Review configured program and all flows with legal/sales
• Migrate legacy data into new fields
• Discuss how missing data will be addressed
• Enable new program/disable existing
• Monitor records running through program
68. What’s Next
• Follow-up email with recording
• Save the date, September 8, 2020 for MOPsCON
• Discount code for MOPsCON 2020 for all attendees
• Join the MOPsPROs Slack group
• Feel feel to contact us at Mopspros@etumos.com with any
other questions