Over the past decade, new privacy regulations have given individuals much greater visibility and control over how their personal data is collected, used, sold and secured. The General Data Privacy Act (GDPR) and the California Consumer Protection Act (CCPA), both enacted in 2018, created a seismic shift in privacy legislation — but they were just the beginning. Since then, we have seen the number of states introducing or passing data privacy acts go from two in 2018 to 29 in 2021.
In response, marketers need to take steps to stay abreast of data security and privacy legislation. The current regulatory environment means the challenges are greater than ever to stay on the right side of privacy and security compliance.
So, what can marketers do to meet rising consumer expectations — and regulatory requirements — regarding data privacy and still be successful in meeting their business goals? Better yet, how do B2B marketers create a data-privacy-compliant marketing strategy?
Starting With The Basics
To stay compliant with regulatory schemes, it is important to understand what they require. From the European Union’s GDPR to the CCPA, data privacy laws are numerous and nuanced. However, both are grounded in the necessity to protect the rights of data subjects and provide transparency about:
- What data is held;
- Who has access to the data;
- How it's used or activated (and by who); and
- Where it's transferred/sold, with the right to stop any movement.
- Being able to answer these important questions is the best place for marketers to start when creating compliant strategies and activities to engage prospects and customers.
Shifting To First-Party Data Is Just The Beginning
Marketing and demand generation departments have relied on third-party data to serve ads to prospects. The deprecation of cookies and platform-data restrictions are impacting the way marketers are creating audiences, resulting in a noticeable shift from third-party, cookie-driven audience identification tactics.
The use of more first-party data (or clearly permissioned data) along with building experiences, creating engaging content or offering promotions in exchange for information are key parts of a successful data-collection strategy. It’s not enough to rely on information captured at the bottom of the funnel; you must build relationships with your audiences at every stage.
Generating Better Compliance Through Technology
Privacy, like many other practice areas, has become automated. Platforms and tools can help you:
- Maintain good data governance and compliance;
- Ensure requests are answered; and
- Ensure information is retrieved and returned to data subjects in accordance with applicable legislation.
Most privacy laws require “rights of access” to individuals. This means prospects and customers must have a way to ask for a copy of the data categories being gathered, or for their data to be deleted. To comply with these requests quickly and reliably, businesses need easy-to-use solutions for automating tasks like data deletion and archiving. Robust, compliant processes are must haves — not nice to haves.
It’s important to understand that we are in a new era of empowered individuals. Prospects and customers want to understand how their data is being collected, shared and used, and now they have legislative rights as to what information advertisers can access and how they can use it.
Common themes across the regulatory landscape, both enacted and under consideration, include requirements to provide consumers with more information and choices about data usage and the need for transparency. Marketers must earn prospects’ and customers’ trust (and stay compliant) with the following best practices:
- Audit and review the data you have in-house, whether it’s first-, second- or third-party data, and assess how you plan to use each type of data;
- Run a privacy risk assessment for each type of data.
- Document what data you’re collecting, how you’re collecting it and what you are going to do with it;
- Think about the customer or prospect journey in terms of the benefits prospects will receive, such as a better user experience or more personalized content; and
The landscape is set for a proliferation of new legislation, and the calls for a federal approach in the U.S. are loud and gaining traction. Privacy and resultant legislation should be embraced by marketers, who can use it as a tool for driving demand and engagement for their products or services. Creating a culture and environment that respects the shift to transparency and data subjects’ rights in the workplace creates a win-win for marketers, clients and employees.
Karie Burke is the Chief Data and Privacy Officer for Anteriad, formerly MeritB2B. Since 2013, the organization has relied on her ever-growing expertise in global B2B data-driven solutions. Burke launched Anteriad’s flagship International Database in late 2013 and has overseen that product from inception to its current day, GDPR-compliant iteration.