Privacy Management and Consent Compliance for Marketers
When the General Data Protection Regulation (GDPR) went into effect, you noticed all of the emails and web content blocking pop-up notices bringing your attention to revised privacy and cookie policies, right? How could you forget – they were everywhere!
We’ve talked about the California Consumer Privacy Act of 2018 which went into effect in January 2020 and how that is leading to similar inevitable privacy laws in other states, in the very near future. We’ve talked about personally identifiable information (PII) and how marketers had better be crystal clear so people understand what information you collect and why.
What has not been discussed yet is HOW to successfully manage privacy consent with ALL your digital assets. The problem with managing consent for all digital assets is that normally consent is collected, but typically in different systems, and it is a one-way data collect. When people view your digital assets, are you collecting consent differently between your website, your landing pages (if you use a marketing automation or landing page tool), and your emails?
Revoking Consent Dilemma
How will you manage when people want to revoke consent? That is the biggest part of the California Consumer Privacy Act that not many are talking about or have a solution for yet. And when people want to revoke consent, how might you manage destroying their data and suppressing them from your collected data and use for any reason? These are the things that keep me up at night, because I know it’s going to be a big scramble in Q4 2019. And because it will be a big hurry, many will make choices and martech stack decisions that aren’t really in their best interest but in the interest of speed. My nickname is Proactive Polly for a reason. Let’s do this … woop woop!
Data Privacy & Consent Management Solution
I hit the pavement to research ways to manage privacy consent, consulted with my colleagues in the information security space, had demos from many privacy management software providers and have arrived at a solid consent information architecture, tool and implementation plan. And because it should be ridiculously easy to manage consent no matter which web asset someone interacts with, implementation is the most streamlined with a single comprehensive solution.
The tool/platform used to manage privacy consent will get you 90% of the way compliant, but there are still things to consider that minimize the “human error” part of data management.
Things to address:
- User permissions settings to restrict users from exporting data lists that fail to suppress records of people who have revoked consent
- Integrating the consent database with your database of record that staff are interacting with
- A regular data purging process to delete data from people who revoke consent in your database of record
I recommend implementing a software platform to manage privacy and consent 3-6 months prior to January 2020. If you are going to integrate the privacy and consent platform with your database of record, plan for 6-12 months prior to January 2020, which means you will want to start now. We can help you with that.