What Your CRO Should Know About Data Privacy Compliance

TLDR: Data privacy regulations are evolving fast, and businesses in breach face sharp financial penalties and reputational damage. Bring RevOps together with Legal, Sales, and Marketing every quarter to set the agenda for your data privacy strategy, review your processes, and plan around new compliance requirements. Hiring a Data Privacy Officer and investing in cybersecurity are strong measures to ensure you’re properly processing and protecting customer data.

 

The data privacy landscape moves fast. As regulations emerge around the world, businesses that collect, store, and use customer data must get to grips with a complex web of compliance responsibilities.

Businesses that breach data privacy regulations, even unintentionally, face steep consequences. Regulators have the power to place data handling restrictions on businesses and issue sharp fines—to date, EU regulators have enforced over €1.5 billion in penalties to organizations in breach, with an average of €1.4 million per fine. In a time when people are more conscious than ever about how businesses look after their data, falling foul of regulations is an easy way to shatter customer trust.

Today is the time to act. To stay compliant, your RevOps team needs to know how the interlocking data privacy regulations apply to the territories in which you handle customer and prospect data. In this Tough Talks Made Easy, you’ll learn to explain to your CRO where the challenges and blind spots lie, and the processes you should implement to keep on top of your responsibilities.

 

Challenges with data privacy

Companies tend not to review their data privacy policy proactively, which causes them to fall behind the times and incur fines. Major markets like the EU, Japan, India, Australia, Brazil, and certain US states all have regulations that confer particular responsibilities onto organizations that operate in these territories or collect data on their residents. While data privacy is more complex for organizations operating internationally, multiple regulations can apply even when doing business in one local market.

As the regulatory landscape evolves, it’s important to stay in the loop with how these frameworks shape your legal obligations and data practices—particularly if your business is considering expanding into international markets.

Organizations typically focus on online practices when designing a data privacy strategy—sometimes to the detriment of offline behaviour. The age-old challenge of Sales and Marketing alignment becomes relevant to compliance here. As Sales Ops and MOPs send customer and prospect data between platforms, both teams should know how they’re allowed to use and store this data to avoid taking actions that violate the privacy rights of people in the dataset.

 

Measures to take

To set the agenda for data privacy strategy, RevOps should get together with Legal, Sales, and Marketing every quarter or six months. Across teams, you want everyone to have a good grasp of their responsibilities and have an eye on the regulatory movements that could impact their work.  

Some questions to answer: How are privacy and cookie policies evolving? What are our regulatory requirements for each market we do business in? How might our usage of tools and the web need to shift to meet new requirements?  What gaps do we have in our implementation of compliance policies?

From there, review your processes for data capture, storage, and deletion. When capturing data, timestamp the date and time that people submit contact forms, why they’re contacting your business, and whether they’ve opted in to receive marketing communications. For logging and auditing purposes, this creates evidence that you’ve lawfully obtained the authorized data.

For SOPs and MOPs—set up filters to segment the people in your dataset based on the communications they’ve opted in or out of receiving. For prospects who’ve unsubscribed from your communications, check in with Legal to decide when to delete their data entirely. And it helps to test regularly that your measures are working as planned. Are your filters and timestamps working correctly? Are you deleting data when required? Are you storing it in secure places that don’t violate compliance policies?

Hiring a Data Privacy Officer to keep up with regulatory evolution, guide policies and processes, and educate people on the risks of non-compliance is a smart move to advocate. If the budget to hire for such a role is a concern, it’s worth mentioning the penalties that regulators can apply—E.U. authorities, for instance, can enforce the GDPR with fines of up to €20 million, or up to 4% of a company’s global annual turnover.

For similar reasons, cybersecurity training and tools are worth pushing for. Data breaches decrease customer confidence and brand strength while making fines and legal action all the more likely—so by investing in data protection, you invest in protecting your customers and your reputation.

Create trust

People want to do business with organizations they trust. By making a cultural and financial investment in data privacy, you get to keep your business from appearing under the limelight for the wrong reasons, avoid fines and restrictions on how your RevOps team uses data, and better understand the processes to implement if you’re expanding into new markets.

Want to learn more about the actions you can take to remain GDPR compliant? Get in touch with our experts.

How Do I Enhance Security in MOps?

Hi Joe,

I’m worried that we’re not doing enough when it comes to security in MOPs. There are some pretty big gaps and I’m not quite sure what to do about it. How do I go about asking for help? Should I create a plan beforehand? How transparent should I be with leadership?

Thank you,
Concerned Casey

Casey, I can’t thank you enough for that question. I don’t think we talk about security enough in MOPs—but we should. Our marketing automation software holds a ton of sensitive information, whether it’s user account details or some level of personal identifiable information (PII), and our customers trust us to keep it safe. Particularly now, where marketing relies so much on personalization and connecting the dots between what our business offers and our customers’ needs. 

The risks of mismanaging this data are huge. For one, if a hacker or bad actor gets access to a pool of customer information, you better believe they’ll use it for nefarious purposes. Whether it’s selling that information to other cyber criminals or your competitors, using it to access your customers’ accounts on other high-value platforms, or blackmailing your company; there’s no shortage of ways your data can be used.

Beyond compromising your customers, a data breach is also bad for business. After they’ve been compromised, companies can spend millions of dollars addressing their security vulnerabilities and the loss of reputation that comes with a cyber attack.

The MOPs teams and businesses that are doing security right are focusing on the following areas: 

  • Data integrity: What data you collect, how you collect it, where you store it, and how you maintain it can all influence how secure that information is. For instance, there’s no need for you to have your customers’ social security numbers—so don’t ask for them. And if you do have passwords or PII on your marketing systems, you should look into encrypting or hashing them so that if a hacker gets their hands on them, they can’t read anything. You can also evaluate whether there’s even a business need for this sensitive information on your marketing system.
  • Controlled access to your systems: Security savvy teams ensure that only the right people have access to the right data—at the right time. It can be dangerous to have too many user accounts with permissions to access and manipulate the information on your systems. Instead, you should take a look at all your roles and permissions, and limit access to the people who need the data on a daily basis. Not everyone should be an admin. In addition, conducting regular scrubs on your systems to remove any old user accounts will also ensure you’re not at risk of a disgruntled employee compromising your data or your systems. 
  • Robust security policies: Good security should mean that you don’t have to think about security. With solid policies in place that let the right people in and keep the bad actors out, you and your team can focus on what you do best: marketing ops. 

If you’re seeing gaps in any of these areas, you should absolutely have a conversation with your security team (if you have one) and your executives. Be fully transparent about what you think is lacking, what the impact of those gaps are, and what the business should be doing instead. If they ask you whether this is an immediate need, the answer is yes. At the end of the day, securing your data is all about being proactive. You need to stay one step ahead of the bad guys—and avoid being the next big data breach in the news. 

 

You’ve got this, 

Joe Pulse

MOPs and Data Science: How to Get the Green Light on Collaboration

TLDR: The need for MOPs to surface dollar values, improve processes, and validate ideas makes Data Science a natural ally. When MOPs and Data Science work together, revenue and lead generation become easier to predict, benchmark, and grow. But Data Scientists work their magic using emergent technologies that are expensive to deploy, and your CFO will only approve the budget for projects where the ROI makes sense. In any project proposal, focus on how the results can benefit the business and help Marketing boost ROI, and you’re likely to get the green light.

 

Marketing is now a data-driven discipline, where a top priority is to understand what generates revenue and drives growth. Data literacy is crucial for MOPs to handle data, structure their systems, and answer decisive business questions. Unfortunately, teams often lack the skills and resources to manipulate and turn data into an asset that generates value. Data Scientists are the ideal collaborators for MOPs to validate ideas and improve processes, but they’re hot commodities in every workplace. 

When budgets are tight, it’s easy for C-Suite to overlook Marketing when approving spending for Data Science projects. So if you want the green light on a collaborative project with Data Science, show your CFO and CIO that the ROI makes sense. 

We’ll guide you through that conversation in this Tough Talks Made Easy, with some help from Rachik Laouar. As the Head of Data Science at the Adecco Group, Rachik spent the last three years building a full-stack data team and making the business a predictable machine. Rachik contributes his personal views to this piece and does not represent the Adecco Group.

 

How Data Science enriches Marketing

One of the most persistent challenges Marketing teams face is proving their success. If you’re in a low-margin business in particular or otherwise facing cost strains, there’s extra pressure from your CFO to show your contributions to the bottom line. 

Marketing as a space also has many “common sense” generalizations of best practice floating around, but the likes of “Never send an email on a Friday” don’t hold water for your business without evidence. Without the data or the know-how to interpret it correctly, your team is validating decisions and measuring success in the dark. 

The need for MOPs to surface dollar values and make good judgement calls makes Data Science a natural ally. MOPs collects lots of data from campaigns, which Data Science can turn into detailed customer profiles and identify purchasing behaviours. Data professionals connect and map the entirety of your business’ data to spot patterns and understand how to optimise processes. Where Marketing generates leads, Data Scientists automate changes to the lead journey to trigger positive engagement behaviours. When MOPs and Data Science work together, revenue and lead generation become easier to predict, benchmark, and grow.

 

Collaborating with purpose

Data Science teams work their magic using emergent technologies, like machine learning and AI, which are expensive for companies to deploy. Collaborative time with Data Science and new tools, therefore, require a budget for development, which involves your CFO and CIO. Considering the costs, C-Suite’s looking to allocate Data Science resources only to teams that can justify the investment with impactful results. 

There are a few points you can make to leadership in response. By modelling the business end to end, Data Science can see what brings in the most revenue, and as one of the most commercially-minded teams, Marketing should be at the top of the list. The more you invest in making campaigns compelling in response to audience data, the more likely the business will win deals. In other words: investing in Marketing boosts the whole organisation.

You might want to work with Data Science to better a product’s audience and attract more customer segments to it. Alternatively, you might want to streamline operations through automation and cut processes to achieve better outcomes. Whatever your proposal, frame it to C-Suite with intended results and impact in mind. 

After all, you’re not running experiments for their own sake—you’re working with Data Science to help Marketing make or save more money than you spend, investing less per lead generated than you bring in. That’s the language your CFO and CIO speak. 

Leadership can be adverse to risk or expect quick results, which means your CFO or CIO might be hesitant to play the long game. A dose of reality: if you’re trying something new, you need time to ride it out, make sense of findings, and realise the benefits. Suggest running campaign experiments with small subsets of your audience first, as a proof of concept, to make the idea more palatable to a hesitant CFO. 

On the whole, explain the analysis and modelling you want to do, limitations included, and what you’re trying to achieve with revenue when testing certain actions. Focus on how the results can benefit the business, and if you can estimate the ROI at roughly 1.5-2x what you spend, you’re likely to move the dial in your favour.

 

Investing in success

MOPs and Data Science together can be a force of nature, making the wealth of data that Marketing collects actionable and steering better strategic decisions. Come to any conversation with leadership with a clear plan of action and a confident sense of how collaboration with Data Science can boost the bottom line, and you stand a good chance of getting the green light. 

Need some help with data? Drop us a line to chat.