Disclaimer – This post is meant to help marketing professionals prepare their data for future audits. This is not an official recommendation on how to manage your data going into GDPR, but a suggestion to supplement your data with additional date/time information, in the case of an audit. 

About GDPR

The EU General Data Protection Regulations (GDPR) will be going into effect in May 2018, now is the time to start preparing for this new regulation. GDPR will affect any organization that is doing business/engaging with prospects inside the EU. This does not necessary mean the individual has to be EU citizens, he/she just is located within the EU.

The GDPR is more than CAN-SPAM for Europe. In addition to email permission, this new regulation will require more clarity into how an individual’s data is being used/transferred for digital advertising. Organizations must provide clarity into the use of site tags, cookies permission, and any advanced marketing tracking technologies on its web property.

To learn more about GDPR visit here.

Clear Permission

As with any good practice, GDPR will require double opt-in your subscribers for any marketing communication. This includes customers of your services/product. The new regulation makes it clear that individuals who purchase a service or software will not allow companies to automatically opt the individuals into the promotional database.  If you currently are using an opt-out process there is a need to update your data permission flags and create an automated method to collect individuals unique subscriptions.

Net New Names – Automating Subscription Process

Below is a step by step example specifically for Marketo system, both the New New Name Trigger Smart Campaign, and Historic Name Batch Smart Campaigns should be within on default program folder. This will allow you to use all the same forms. You can also keep all reports within this one operational program.

Before you build the actual program lets make sure the groundwork is complete:

  1. Build new fields – You will need several date fields. For example:
    • Date of Opt-in Stamp,
    • Confirmation of Opt-in Stamp
    • Confirmation Date of Opt-in Stamp
    • Date of Expiration,
    • Date of Renewal,
    • Date of Opt-Out
  2. Build Field Opt-in History field – Stamp the date of opt-in and the opt-in field data to this one field
  3. Forms – Subscription Center that has clear terms and condition policy, no pre-check permissions

Once the fields have been created, let’s focus on the stamping program. This will require a smart campaign with:

  • Smart list Logic:
    • Filled out form trigger (this can remain empty until you build the form)
  • Flow step is
    • Data Value Change – Date of Opt-in Stamp the new value is system date token and time
    • Send Confirmation Email – Verifying their subscription
    • Wait
    • Data Value Change – Confirmation Date of Opt-in Stamp the new value is system date token and time


Within your forms there must be a Country field. Add the condition if they select any EU member country the opt-in fields appear. These fields can not be prepopulated with a checkmark.

When the form is submitted the action is to send a confirmation email and to a confirmation landing page, thanking them for filling out the form.

Historic Subscriptions -Reconfirm

Identify the number of leads you have in the EU. This group will need to have confirmation to subscribing and dates supporting their subscriptions. This group will receive a batch program inviting them to opt-in for communications from your organization.

Depending on the size of this list, I suggest you break the list down to 3 to 4 groups. Spreading out the email sends will help you make adjustments to the communications, hopefully, improving the performance of the campaign as you.

Here is the suggested program set up:

  • Smart List
    • Country is – Germany, France, Austria, Italy, Spain, etc
    • Unsubscribe is false
    • Email Invalid is false
    • Black List is false
  • Flow steps
    • Send Email
    • Wait
    • Data Value Change – Date of Opt-in Stamp the new value is system date token and time
    • Send Confirmation Email – Verifying their subscription
    • Wait
    • Data Value Change – Confirmation Date of Opt-in Stamp the new value is system date token and time

These programs will need to continue to run. There will need to be period check in similar to CASL which will confirm the lead is still interested in receiving communications. A best practice is every 9 months.

Privacy Policy

An extremely important part of GDPR is the privacy policy. It must be clear what individuals are signing up for. To just putting a clause such as “By completing this form I agree to the privacy policy” which will hyperlink to a page written in league jargon. It must be 100% clear what you will be doing with the individual’s  information.

For example, if an Individual enters their information for a contest, but the purpose was to add them to your marketing database. You must state by submitting to this content you agree to be marketed to by xyz company.


The final element is cookies/ad tracking.  I  suggest you include a lightbox on your website that appears at the top of the page. Within the lighbox, clearly, state why you are collecting their data via advertising/marketing tags with a hyperlink to a page that allows them to understand how to turn off cookies while they browse.  Make it clear by turning off specific aspects the user experience will change.


Leave a Reply