How to Clean Up Your Marketing Stack, Pre-GDPR

In its most simple form, marketing is the promotion of a product. While this has never fundamentally changed, the way in which the promotion process takes place adapts and evolves constantly. A large part of this is utilising platforms, tag-management systems, and data-management software to help plan and execute a meticulous strategy. When combined, these come together to form a marketing stack. With GDPR edging closer to its compliance enforcement date of 25 May, it is important for marketers to look not only internally at their own procedures and handling of personal data, but to also critically analyse their marketing technology stack with GDPR in mind, writes Ian Woolley (pictured below), chief revenue officer, Ensighten.

According to Gartner, 2017 was the year CMOs were set to overtake CIOs in terms of technology spend, indicating that the marketing department is going through intense digital transition. With the mass adoption of digital performance marketing, data has been positioned as the vital resource used by marketers and their martech stacks. GDPR brings the proposition of higher value data and increased transparency between organisations and their customers, but only if the necessary attention is given to compliance, consent, and transparency. Ensuring your marketing stack is GDPR-compliant should be a critical mission right now.

Ian Woolley, CRO, Ensighten

Unfortunately, many businesses are exposing themselves to GDPR non-compliance by overlooking their vendors. According to a recent study on UK marketers, less than half of them (43%) had GDPR-related conversations with their vendors, despite on average working with five different marketing suppliers.

Two-thirds of UK marketers (66%) see GDPR as a strategic opportunity. Yet, right now, 43% know that their brand websites are not yet compliant. As a result of being responsible for their own compliance, it comes down to the brand to create and maintain the trust and data governance that consumers will expect in a GDPR world. It also falls to the brand to police their technology platform, starting with the primary consumer touchpoint – the website.

The tech team will need to manage the process of visitor data audits, and all consumer data whether, it is personally identifiable information (PII) or not, must be made available upon request. Sites will require a consent manager so that visitors may directly view, change, and withdraw consent for various data uses at any time – before their PII is used. In order to enforce consumer consent preferences, the consent manager will need to be connected to all the different technologies and third-party suppliers that manage the various web operations underlying the site.

The risk of organisations being independent in seeking compliance, is represented by the fact that 46% of brands believe that their company is not responsible for data collection across their digital properties. However, this is not the case. It is the brand’s responsibility to ensure its marketing stack is compliant, whether it uses third parties or not.

The consent experience

Connecting the elements of privacy, consent, and first- and third-party data – and sharing them appropriately – will be fundamental to modern business success post-25 May. Creating that ‘consent experience’ is new territory for many marketers because historically it was not required to be as transparent, simple, or detailed as it must be later this month.

This is a process that must be adopted by both brands and their third-party suppliers. The data collected is likely to be of a lower volume, but a higher value as there will be transparency around its usage. This will assist in building a level of trust that has previously been missing between most online customers and the brand, even when some users may decide to not share as much.

‘Tag Piggybacking’

One of the biggest challenges is getting visibility of which third parties are ‘tag piggybacking’ on web pages. What is often hidden underneath a website is a complex net of unauthorised and even unknown JavaScript tags that piggyback off one another and cause compliance headaches. Each collecting visitor data and sharing it with the technology providers for every digital element of the page, regardless of whether they are a known and useful member of your stack, or not.

Given that a major part of the spirit and letter of GDPR is that informed consent must be gained prior to personal data being collected and used, leaking customer data is no longer an option. This must changed for the 25th of May to prevent breaching of the regulation – without the brand even using that customer data themselves!

Even companies wanting to comply need to be vigilant to avoid accidentally collecting any personal consumer data prior to consent, because removing data after the fact is not a scalable governance option. Unfortunately, the current marketing technology ecosystem that developed over the past decade was not designed to remove data easily.

Know your stack

With GDPR looming, there has never been a better time to know your marketing and data-collection process inside out. Every aspect of the marketing stack from website cookies, CRM data, delivery processes, and online consent journeys can impact GDPR compliance. It has become apparent through recent research that without holistic data governance and enforcement, total compliance will not be met by all third-party tech vendors. Doing this will give your business a leg-up in connecting with your customer base and ensuring you can thrive in the new data-savvy, post-GDPR marketing landscape.