Compliance in your marketing? It's more necessary than you think

Recently, a report conducted by PFL and Demand Metric -- which surveyed nearly 600 marketing professionals across a variety of different industries -- revealed data accuracy, understanding audience needs, and branding as the three most important factors to multichannel marketing campaign success.

Data is critical for marketers conducting multichannel marketing campaigns because it’s used to personalized messages and reaching prospects at the right moment in their customer journey. When marketers rely on and analyze data within multichannel marketing initiatives and campaigns, they can measure and improve strategies in real-time, allowing for better, more segmented outreach. Without data to inform campaigns, marketers might as well write a message on a paper airplane and throw it out the window.

But, what should businesses worry about when their marketing teams are using sensitive data? With the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), organizations need to ensure all proper security and compliance measures are taken, or else they could find themselves in some serious legal trouble or with a data breach on their hands.

A 2020 Thales Data Threat Report found nearly half of US companies have experienced a data breach. Furthermore, companies who’ve experienced a breach under-perform the market by more than 15 percent for the next three years. So, it’s imperative marketing and compliance teams work together when picking a marketing vendor to ensure it has the necessary security measures in place. 

What marketers need to know about CCPA and GDPR

CCPA and GDPR impact nearly all direct marketing tactics --  some much more than others. When it comes to compliance, marketers need to make obtaining consent their highest priority. When many marketers hear the word "consent" they might think of something like tiny, pre-checked opt-in boxes at the bottom of a web form. It’s not that easy anymore. Marketers need to think like risk and compliance professionals, keep clear records, and practice true opt-in marketing.

Companies must provide clear agreements of consent from the individuals whose data they’re processing and using. Additionally, anytime your communications policy changes, you must reconfirm consent. You also have to give consumers a clear and direct path to withdrawing consent if they choose to do so.

Compliance mandates also cover something called "legitimate interest," which is much less straightforward than data consent. The process for proving compliance with legitimate interest is murky at best:

• identify a legitimate interest;
• show that the processing is necessary to achieve it; and
• balance it against the individual’s interests, rights, and freedoms.

Because of the fuzzy nature of legitimate interest and the clear guidelines associated with consent, channels that are more intrusive have heavier regulations affiliated with them. For example, compliance for SMS text messaging and phone calling can be challenging because of the emphasis put on consent and protecting consumer data. With a channel like direct mail, however, it’s easier to meet the legitimate interest requirement. The only thing needed to prove legitimate interest is showcasing why the piece of mail may be of value to the recipient

Direct mail is not considered as intrusive as other channels, but it still achieves great marketing results. So, if a marketer has a good reason to contact their mailing list, they can send that mail post haste (pun intended).

Security measures marketing vendors should have in place

The average enterprise marketing team has about 120 marketing technologies within their tech stack. With 8,000 total projected marketing technology tools and platforms available, the number continues to grow for small and medium businesses too. It’s a lot to keep track of, especially when marketers are regularly adding more and more vendors, creating a spiderweb of third-party data -- marketing vendors use a business’s data, but those vendors have vendors and software of their own. This never-ending network makes data more vulnerable and susceptible to breaches and risk.

Many enterprise-level marketing teams have data analysts both because metrics are so important to decipher when thinking about marketing campaigns, and because teams want to be secure and protect their own data. The analyst takes on the essential role of understanding the processes of partners, platforms, and vendors.

For example, with automated direct mail platforms, data is transferred from the platform to the printer or fulfillment center. Is the data protected after it leaves the technology and is in the hands of the printer? Businesses should look for vendors who can keep entire processes in-house or those who’ve gone through rigorous security testing, training, and audits.

Breaches or data misuse can set businesses back months and even years. Marketers need to adhere to mandates like CCPA and GDPR and ensure their data is secure. Monitoring it can be challenging because businesses have technology for everything these days, but "it’s too hard to track it all" won't hold up in a court of law. Security, compliance, and risk assessments need to continue to be top of mind for marketers, especially as tech stacks keep growing.

Image Credit: donskarpo / Shutterstock

Nick Runyon is an accomplished executive with experience developing and implementing marketing strategies that drive fast and scalable growth. As CMO of PFL, he helps marketers achieve unmatched results through direct mail orchestrated with digital marketing and sales.