The marketeers’ playing field witnesses the birth of a new platform or tool almost every week, with the promise of even more work efficiency. Fantastic! Obviously, most marketeers are immediately over the moon with every new and effective resource.
“This is the newest marketing tool”;
“The results of this tool look fantastic!”;
“I want to be able to do that too!”…
There are many reasons to start using new marketing tools immediately. Consequently, an ever-recurring question from the marketeers and DPOs in our courses is whether GDPR allows to use this newest marketing tool or not?
To answer these GDPR compliance questions, marketing teams benefit from practical GDPR training. This way marketeers can make their own assessment of any new tool.
In this blog post, we are handing you 5 tips to assess these tools yourself as a marketeer and to help you examine the GDPR conformity.
1/ What is the purpose of this new marketing tool?
Try to make a brief overview of the way you would like to use this tool. Using a scheme can help you. It also gives a better understanding of the platform if you should apply it later. If applicable, you can use this overview to inform your customers about your new marketing initiative.
2/ Which personal data are processed by the new marketing tool?
This is first and foremost the key question. Mapping the kind of data that this tool processes and where it comes from is vital.
Are they traditional personal data (name, email, …)?
Are less obvious personal data going to be processed (IP address, user behaviour, …)?
Will sensitive information be collected (medical, financial, …)?
Are all these data really required by us?
Are we allowed to use the data?
Do not forget to do a “panic test”: are our prospects or customers expecting us to collect these data from them? Would a panic arise internally and externally if it would come out that we are gathering that kind of data from them?
3/ How are the personal data being processed by the marketing tool?
In what way will the data end up in the tool? Does the tool work by means of a tracking pixel, forms, integration with another platform, etc.?
4/ Does this tool meet the legal requirements regarding GDPR?
A good indicator is to already make a list of the following findings:
Do the makers of the tool provide their own location data on the website? (You can use this later in your assessment.)
What is indicated in the terms and conditions of sale and use? Are you able to find them?
5/ Where does this tool come from and where are the data processed?
If the location is known, then check if it is a country of the EEA (European Economic Area). If not, is it a country with an adequate level of data protection outside the EU, as recognized by the European Commission?
Is it an American marketing tool? Then go through all these questions and decide whether this tool is necessary. Get the DPO or company lawyer involved to make deeper assessments.
Ask yourself the following question: is there no European alternative for this tool? Mind you: by using a European marketing tool you are not entirely on the safe side, because the tool could process data on American servers or in an American cloud environment. You will have to verify that.
Conclusion: with these 5 tips you can gather the necessary information to present the new marketing tool that you deem indispensable to your DPO, your legal team or your management. Your DPO can also use this information to complete the register of processing operations.