GDPR might be seen as the nightmare that won’t go away for marketers. This presentation, however, established the value of good data stewardship, showing examples of how data breaches can impact a business. Anyone who saw the Talk Talk share price graph after their data breach a couple of years ago will not have a problem prioritising security and data management.

The presentation focussed on legitimate interest: although this isn’t perhaps surprising given that most B2B companies are using legitimate interest, it’s different from presentations a couple of years ago that would have started with consent. By presenting a definition of legitimate interest, a message linked to the recipients job title and/or industry, it should be fairly easy to determine legitimate interest, particularly if there are some simple data enrichment tools.

The first challenge was that, in theory, you should select an audience based upon the content being sent. The solution is obviously to create “standard” segments – e.g. people who we can mail about CCTV products. Of course Marketo (and other MAPs) will create dynamic lists that are continually updated with contacts that meet the relevant criteria.

One key point was that you should really have a job title/job description to be able to use legitimate interest. The speaker, during his time at Panasonic, also enriched the data including adding information such as SIC codes.

Retention of data is a key challenge that many companies have yet to address. GDPR says that you should only store data for as short a time as possible. Although this might be a number of years, it does mean you can’t keep data forever. The recommendation is to set a deletion date for every contact: that data can be updated whether a contact is created, edited or engages. This then allows a simple deletion run to be executed on a regular (probably something between quarterly and annually).

The time before deletion should depend upon the source and therefore the reasons for retaining data. The reasons for retaining can be considered with active or passive, and the retention time should be different for each of these. As an example the retention periods used by the presenter are shown below:

The presentation recommended two dates for expiry: one for the active reasons and one for the passive reasons (i.e. legitimate interest). With the appropriate dates being updated with every interaction triggering an update to the deletion date (in Marketo parlance, this means setting up a listening campaign for each data retention reason to update the deletion date based upon activity).

When deleting contacts, all you need to do is to ensure that neither of the deletion dates are in the future, and if not, then the contact has “expired”. The presenter also looked for emails, meetings or calls logged in the sales teams’ Outlook accounts. This had to be done outside Marketo. If no evidence of sales interaction could be found, the contacts were passed to sales to review: the sales team had 30 days to select the option to stop the contact being removed from all databases.

This approach is an interesting way to ensure old data is purged, and we will be producing a tip sheet to show you how to implement this approach in different marketing automation systems.