HOW TO PREPARE FOR THE GDPR REGULATIONS

DECEMBER 2017HOW TO PREPAREFOR THE GDPRREGULATIONSGOES INTO EFFECT MAY 2018

Page 1How to Prepare for the GDPR RegulationsGoing Into Effect May 2018As you have probably heard, the GDPR (General Data ProtectionRegulation) will go into effect beginning May 2018.You can have a look at the complete set of rules here.Many organizations have concerns about the security consequences ofthis regulation change. They invest a lot of their time and budget to keepdata secure, but they forget or are unaware that all of their leads andcontacts data from their database must be re-approved and all datacapture systems must be re-ordered.In this document, we would like to highlight some executive tips of howto prepare yourself for this massive regulation change from themarketing and sales departments’ point of view and to enable you toprevent your organization from being slapped with a massive fine of20 million euro or more.We, at Responsive Online Marketing, are available to support you alongall the way so you will be prepared for this massive change.

Page 2Here are some basic rules to take into consideration:1. New Leads a. Make sure to add a distinct statement in all of your web forms; itshould include the person’s permission to add his data to your databaseand to send him or her information (via emails or other electronic ortraditional tools) using the information that he or she provided you. Thestatement should also include a declaration about the privacy of thisinformation (that you will not share it with other sources). b. You probably are going to use a checkbox for this statement. Thischeckbox must be unchecked as a default. c. Make sure to collect only the data you need for providing yourproduct or service. Unnecessary data collection is forbidden. In otherwords, you will have to create a form with only the exact questions andcheck if your current forms are aligned with these regulations.2. Subscription CenterEvery person has the right to ask you to delete himself from yourdatabase. You will need to build a process which supports this kind ofrequest.We suggest creating a subscription center with basic automation aroundit (alerts and other useful features).A subscription center is a landing page that has multiple options forsubscriptions, including the chance to unsubscribe.

Page 3Here are some items you should add to the subscription center:a. Delete from databaseb. Unsubscribe from all emailsc. Unsubscribe from some of your content, for example, a person wants toget notified of new blog posts but doesn't want to receive marketingemailsd. [Important] \"Receive data\" option.The subscription center should be created like a form, connected directlyto processes in your marketing automation system (and to other systemsfrom there) which will automatically perform the lead's request.We recommend adding JavaScript functionality to achieve a better userexperience when clicking on some of the checkboxes.3. Dealing with Current DataPreviously captured data should be managed in the same way as newdata. In other words, you will have to send a notification to all yourEuropean leads, requesting them to re-approve their subscription tocontinue receiving content from you.The best practice is to refer them to your newly created subscriptioncenter.Of course, you are taking the risk of losing many leads who will activelyunsubscribe or asked to be deleted, but on the other hand, if they will notrespond, you will have to remove them anyway.You will have to make sure to track who followed your request and whoignored it, and you will have to make sure to delete them accordingly.

Page 44. Detailed Notification of All New and Current LeadsOnce collecting data from a person (no matter what your source is goingto be), you will have to send a notification email that must include: a. Your company name and connections options. b. The name and connection options of your data protection officer. c. The reasons why you collected the data. d. If you share the received data with a third party, you will have to giveits details. e. If your organization is located outside of the EU, you will have toprovide details about your data security process. f. The period that you will save the data or information on how youcalculate this time. g. You will have to explain the lead’s rights about getting hisinformation from you at any time, and his right to change or delete part orall of it. h. Details about the lead's right to prevent you from processing hisinformation or creating a profile on his behalf. i. Information on the person's right to file a complaint with theauthorities. j. Details about the duty of your company to provide the records oncebeing asked for it and the consequences of refusing. k. Details about automatic decisions made by marketing or sales tools(if any) and their implications. l. If your company receives details from a third party, you will have toadd the categories of more information gathered and the source.This notification must be communicated within no later than a monthfrom your initial connection with the lead.

Page 55. What Can You Learn From These New Regulations?Well, this is as bad as it sounds. Companies will probably lose a big chunkof their leads but, we can see two main advantages: a. Cleaning your database from irrelevant leads who never respondedto you. b. For leads who approve their subscription, you can and should builda profiled content program, and try to push your sales process harder. How Can We Help?As an experienced marketing automation agency with expertise in allleading marketing automation platforms, we offer a full package thathelps you to comply with these new regulations to reduce the risk to yourorganization. 1. Database Research: We will find all European leads in the databaseand mark them for the GDPR notification program. 2. Notifications: We will create all relevant notifications based on yourcompany information and the provisions of the law. 3. Subscription Center: We will plan and build a customizedsubscription center based on your company’s needs. We will also createall the background processes on your marketing automation and CRMsystems.

Page 6These procedures will run and perform compliance related tasksautomatically. This includes updating your leads’ subscriptions andinformation and deleting leads when this is requested. We will also createa data transfer process. This process will feature an in-house notificationto the relevant people in your organization.Our goal is to help you create an entirely automated GDPR system thatwill allow you to concentrate less on the regulations and more onsales and marketing.We will help you take advantage of the situation and build targetedmarketing campaigns to engage the leads who chose to remain in yourdatabase.