I recently had the opportunity to present to the Atlanta Pardot User Group on GDPR, CASL, CAN-SPAM and other email marketing compliance obligations (alternate presentation title: “Is the sky falling or not?”)
Data privacy and opt-in compliance are front and center for marketing and sales teams, with some of the most stringent global compliance requirements yet coming into effect in May 2018.
My biggest takeaway from the discussion in the room is that while marketers want to stay “white hat” and follow the relevant laws in the countries they market their business in, it’s not always clear how to do that logistically.
Questions About Compliance & What This Means for Our Businesses
The following areas of discussion popped up — and unfortunately there isn’t always a super clear answer to these questions:
- What technology do we need to comply with these regulations… that were written by people that know very little (nothing) about digital marketing and think 3rd party cookies are the kind you buy at a grocery store?
- Is it even technically possible to be 100% in compliance with GDPR, CASL, and other regulations?
- How much slack will the regulatory powers-that-be cut us if we make a good faith effort to comply, but still fall short?
- What’s the tradeoff between playing by the rules and moving the needle on marketing results?
- How do I grow my list in a compliant way?
- What about all of these weird, one-off scenarios that aren’t addressed anywhere in the law and that my lawyer won’t give me a straight answer on?
- Who is ACTUALLY going to get sued for this stuff at the end of the day?
Download the Slides from the Meeting
Check out the slide deck to learn more on what your compliance obligations are, what tools Salesforce has available, and what gaps may still exist in your organization today.
Fill out the form below to get the slides!
Pardot is still not ready for GDPR and I don’t know why people are not talking about it:
Pardot allows users of the page to modify the email address on the email preference page to anything that they want ([email protected] or an actual person email address), and then opt those email addresses into lists to which the owners of those email addresses do not explicitly agree.
As the Pardot client, we have no way of knowing if this was done maliciously. The email address owners don’t know it wasn’t us – because we cannot prove who it was but it could have been us.
The only thing that prevents this is the ability for us to add a page action after the email preference page to send an email to the email address confirming opt in – but it isn’t possible.
If I can opt you into spam against your will and you not be informed by the senders of the email prior to the sending of the emails… That is against the very words of the GDPR.
You’re right, this was a weird loophole / issue. This was fixed just before the GDPR deadline.
How do I get the slides? I cannot see the Form below…
Belated apologies for the missing form. It should be visible to everyone again, and I’m glad you flagged that for us!