With May 25 around the corner, most of the real-deal businesses are in their final stage of a preparation for the upcoming data privacy regulation infamously known as GDPR. In this article, I am going to focus on the website-related side of things. I will cover the four most important checks that every business should consider when dealing with the online marketing data on their website.
It almost looks like the size of a business directly dictates the effort that is going to be needed when going through data privacy audit(s), changing the data-handling internal processes, and implementing GDPR-valid measures on their websites.
As the whole process can become quite overwhelming and complex, it is important to keep an eye on the most important things that need to be covered for the websites that play with online marketing data, and are powered by Kentico 11 EMS.
Think of Your Analytics
Website analytics, performance, user profiling, lead scoring… the daily bread of digital marketers these days. However, with GDPR looking over our shoulders, it is not something that we, as marketers, should continue doing unless we obtain valid consent from the website visitors.
Therefore, every website that deals with EU visitors needs to ask the visitor first for permission (consent) to include them in the analytics, profiling, and tracking efforts.
In the case of Kentico 11 EMS, you have to make sure that no contacts and activities are created for a visitor, and also no web analytics (including Google Analytics) are tracked for your first-time website visitors. You need to wait for a visitor to agree with your privacy policy by giving you a consent to use their data in such a manner.
Thankfully, Kentico 11 EMS doesn’t automatically create contacts and their activities as long as the default cookie level value is set to less than 200 (less than “Visitor cookie” level). This can be set in the Settings app > System > Cookies category > Default cookie level property. You can find more details on how to set up website tracking consents in our documentation.
However, let’s not forget about the Kentico 11's Web Analytics. It should not run unless the visitor has agreed to the tracking. Fortunately, this can be handled as well by following our documentation.
Finally, you should take care of Google Analytics tracking. In most cases, you would use a JavaScript web part that would contain the tracking code, and set the web part to be visible only if the contact agreed to a tracking consent. You would take advantage of built-in macros to check if the contact agreed to a specific consent or not:
Think of Your Online Forms
I bet your website contains at least one online form. Actually, if your business invests heavily into digital marketing, the chances are that you have many online forms!
Yes, they are perfect for gathering additional information from your visitors, but the era of using those details without permission in other marketing activities such as email marketing or marketing automation is over.
In the GDPR-compliant world, every online form needs to have an option for a visitor to agree with a specific consent regarding the additional use of their submitted data.
Luckily, Kentico 11 EMS takes care of this through the Consent agreement form control that can be added to an online form and used to track any necessary consent:
As long as your consent tracking is set up correctly, then you should be in the safe waters of GDPR compliance. Nevertheless, as always, make sure you check the requirements with your legal advisor.
Think of Your Email Marketing
So you have a valid consent from your visitors (contacts) and would like to leverage their data in your marketing activities. One of the frequently used efforts is email marketing. However, you need to be a hundred percent sure that you send the email only to those who agreed to it. No mistakes there!
The easiest way to do it in Kentico 11 EMS is through contact groups. You create a condition-based contact group with a macro rule that will gather only the contacts (visitors) who agreed to your specific consent:
When the contact group is rebuilt, you just need to subscribe the contact group to your email campaign, and you’re done. This way, you can be sure that you send marketing emails only to those who are happy to receive them in their inbox.
Think of Your Marketing Automation
Time is precious, so what can be automated should be automated. But even there are some rules that shouldn’t be broken. Especially with GDPR watching closely. If you don’t have a consent to use the visitor data in your campaigns, you have to ensure that your marketing automation processes do not include the contact (visitor) themselves, or finish the process if the contact revokes the consent.
The most convenient way to ensure this is through using the built-in macro rule called Contact has agreed with consent:
You can use them in marketing automation triggers so that the process are started only if the contact agreed to a specific consent. Additionally, the same macro rule can be used in the Condition step inside of any marketing automation process to check if the contact didn’t revoke their consent.
This way, you can easily control consent agreements in your marketing automation processes and ensure they are triggered only when a valid consent is given by the contact.
Is There Anything Else?
Well… the above scenarios, when addressed properly by your Kentico 11 EMS website, will make your GDPR-compliant life much easier, and with fewer headaches. However, as every website project is unique, you might need to take care of some additional things, for example, your third-party integrations.
Nevertheless, as long as your website covers the basics of GDPR compliance, you will have more time to spend on any other areas that your business should be covering to achieve GDPR compliance.
Is your business ready for GDPR? Let us know in the comments!
Disclaimer: All data and information provided in this blog post are for informational purposes only. We recommend consulting with a lawyer for any legal advice pertaining to GDPR compliance.