Posted April 26th, 2018
As most B2B marketing services providers with a global presence are well aware, the EU’s General Data Protection Regulation (GDPR) go into effect next month. GDPR legislation requires that marketing service providers like Starfleet Media, which captures leads from all over the world on behalf of our B2B clients, follow certain privacy rules when it comes to collecting, tracking, or handling EU-based prospect data. The GDPR applies to any vendor that processes or stores data of propspects in the EU, even if, like Starfleet Media, they don’t have a physical office in Europe. Many of our clients’ legal departments have recently contacted us to confirm that we will be able to satisfy their own policies for GDPR compliance. The answer is a resounding “yes.” At Starfleet Media, we have always been committed to personal data and privacy laws and we are now taking the necessary steps to ensure that we comply with the new legislation for capturing and distributing prospect data in the form of qualified leads from European countries.
For Starfleet Media, compliance largely means making sure that our landing pages for Smart Decision Guides, commissioned eBooks, benchmark reports, etc., adhere to the new rules. The good news is that our white label landing page service provider, Unbounce, has invested heavily in the necessary changes to be GDPR compliant as a conversion platform. By collecting lead information with Unbounce, Starfleet Media serves as the data controller while Unbounce serves as our data processor. We have partnered exclusively with Unbounce for the past five years. Unbounce ensures us that the company has already made the necessary changes to create a GDPR compliant platform with privacy and security safeguards throughout its platform.
While this is a big part of the compliancy puzzle in the case of a marketing services provider like Starfleet Media, there are still a few things we need to do to ensure that we capture and distribute qualified leads on behalf of our clients in a compliant way. These include the following requirements:
- Obtaining consent from our visitors (lawful basis of processing)
- Deleting personal data if requested (right to erasure)
- Encrypting lead data at transit and in rest (using SSL)
- Signing a data processing addendum (DPA)
We gather consent via opt-in to collect, use, or store someone’s data. When building our landing pages in Unbounce, we include an opt-in field to our forms. Visitors must actively check that opt-in box to give consent. Last year Unbounce launched sticky bars (a discreet, mobile-friendly way to get more conversions), but they do double duty as a cookie bar, notifying your visitors about cookies. When we publish a cookie bar using Unbounce’s built-in template, we will be required to embed the code across all of your landing pages using script manager, then publish to every landing page we build in Unbounce.
With the new GDPR, we are also required to inform visitors to our landing pages of our data protection policies. This means providing easy access to our privacy and data protection policies. We have always believed that sharing our privacy and data protection policies are an important way to earn the trust and confidence of our readers. We have always strived to make it very clear to prospects how their data will be shared and used. We will now update our policies to explain how we are complying with the new regulations that go into affect next month.
With the new GDPR, a prospect whose data has been collected can request that we erase any of their personal data without “undue delay”. Our support team has established a protocol, in partnership with Unbounce, to ensure that all information for a specific lead or a group of leads are deleted from all databases. As of today, we are committed to fulfilling deletion requests within the time limit enforced by the GDPR. We are also working to ensure that we adhere to the GDPR requirement to process all data securely by forcing visitors to the secure HTTPS version of our landing pages.
At Starfleet Media, we have always viewed data privacy and security as cornerstones of our content marketing and lead generation services. We understand that nobody wants their personal data falling into the wrong hands or being used in an intrusive way. We are happy to assure both our readers (industry practioners who may be in the market for making a technology purchase decision) and our clents (which include some of the world’s largest and most preeminent technology solutions providers) that we take privacy and data security seriously.