<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=120091&amp;fmt=gif">

GDPR: Your Quick Guide to Best Practices

September 13, 2018 Liz Ryan


GDPR went into effect May 25th, 2018, and after four months, there's still some confusion. If you’re like Team Mojo, you’ve had some questions about GDPR compliance and how to make sure your marketing team is ready for the new regulations. We’re not lawyers, but we want to help where we can.

Making Changes According to GDPR

While some elements of the law are easy to optimize for, others are a little more confusing.  At minimum, your company must address changes to its:

  • Privacy Policy (including its online display)
  • Cookies and Permissions
  • Contact Database Management: Email Segmentation & Deletion

Privacy Policy

Every company has one, but if you were looking for an excuse to give it a refresh, there’s no time like the present. Updating your privacy policy to address GDPR-specific requirements for EU citizens, points such as right to be forgotten and right to data portability, is crucial, as well as ensuring this privacy policy is added to all front-end forms. When in doubt, confer with your lawyer about the specifics to include in your renewed policy, and include that policy on all pages.

Cookies and Permissions

Similar to privacy policy placement throughout your website, your homepage is going to need a facelift — a pop up notification when a visitor enters your website is the most popular way to enact this element of the law. It’s now required to give notice in plain language about cookie tracking and ask for permission to do so from visitors. Without this, you won’t be in line with compliance.

Contact Database Management + Email Segmentation & Suppression

Right to data portability, or the right to ask companies what data they have on you, is a large part of GDPR. Ensuring you fully provide this information to inquirers in a timely manner is crucial. Beyond this, a total purge of non-consenting contact data is required. If you are found to be holding non-consenting contact data, there will be legal repercussions.

At the same time, you can take steps to segment and suppress international data in your CRM. Implementing the Hubspot GDPR product tools on the front end of forms, landing pages, and like all intelligent marketers, including a clear opt-out option in email, will save time and reduce headaches down the line. Another method of suppression includes creating a list of contacts with any or all parts in a combination of IP Address, Contact Country, and unknown/blank fields relevant to GDPR.

Overall, be sure to take these steps for GDPR compliance:

  • Renew privacy policies to address GDPR-specific requirements
  • Implement Hubspot GDPR-compliant features to allow marketing leads to consent to data collection and provide mechanisms for executing individual rights
  • Suppress EU contacts if they have not explicitly opted in
  • Enable GDPR compliance checkboxes in HubSpot on all website forms.
  • Create internal process to provide or delete full data to contacts who request it

Using Your GDPR Resources

Here are three resources Mojo found helpful when optimizing our marketing strategies for GDPR:

Our Lawyer 

Nothing compares to speaking with your company’s legal professional on the topic. While marketers are trying their best to decipher the murkier parts of the law, your lawyer will be able to offer sound advice that helps you avoid any legal issues in the future. Talk to your lawyer first to ensure the next decisions you make are in line with the regulations.

The Hubspot GDPR Playbook Video

At Mojo, we’ve found this video to be one of the most helpful resources outside of our friends in the legal department. In this video, Hubspot takes you through the features within the platform to ensure you’re playing by the rules and avoiding any GDPR faux pas related to email consent, cookie tracking notifications, and list cleansing.

This GDPR Checklist

After diving into the GDPR playbook, this checklist is a great resource to keep on hand as you work through compliance and ensuring your team implements best practices. As time passes and the rush for optimization passes, it’s easy to fall back into old habits. They do die hard, after all. With this handy checklist in your toolbelt, you’ll be one step ahead of the game in the coming months.

A Few Final GDPR Notes

At the end of the day, if you have questions about GDPR compliance and its best practices, speak with your lawyer. They are your best resource when it comes to abiding by these new rules. We’re not experts, and the marketing community is learning together how to incorporate GDPR into our lives, but we’re happy to share our own experiences and hope they help you on your journey to GDPR compliance.


New call-to-action

Liz Ryan

Liz Ryan

President, Mojo Media Labs Chicago

Share This: