Today’s complex sales and marketing systems present many challenges for real-time consent management. Customers expect a near-instant response to their requests. For example, they may opt-out of communication or make a change to their personal information. It reflects poorly on companies if they send an offer by email or contact a prospect by phone days or weeks after expressly revoking permission. With so many marketing campaigns scheduled weeks in advance or triggered automatically by visiting a website, it’s vital to confirm that you still have permission to communicate just before sending that email or making that phone call.
Consumer digital privacy is making news again, or should we say, continues to appear prominently in the media. Taking care of customer data is an ever-changing minefield with only one guarantee – it will continue to change, often, and sooner rather than later. For example, in California, Proposition 24 will appear on the ballot the same year CCPA enforcement began. Prop 24 hopes to enhance CCPA and close perceived loopholes and vague language.
According to the State Comprehensive-Privacy Law Comparison from the International Association of Privacy Professionals (IAPP), three other states already enacted laws. Another 18 have been introduced or are in Committee. An examination of the current regulations and those still moving through the legislative process shows that almost all include consumers’ ability to access personal data stored by companies. Most provide for rectification of data, and only a handful do NOT allow a consumer ‘to be forgotten.’
Internationally, you will find close to 100 countries with some form of privacy regulations, from the very robust GDPR in Europe to more recent laws in countries such as Brazil and Mexico. Outside of the EU, where the GDPR covers a sizeable multi-state region, these laws are as unique as each country.
Most privacy regulations contain methods for customers to opt-out or opt-in to communication, whether via email, SMS, phone, or even postal mail. Storing these personal preferences and making them available across an organization is a critical privacy element. And when laws change, the system must re-evaluate previous activity and apply the new rules to maintain compliance.
Mitigating the risk of financial penalties is one goal of managing consent. Another perhaps more critical goal is to identify the topics they DO want to receive. When you understand their interests, backed by documentation showing how and when they granted consent, or you’ve established legitimate interest, you increase the number of marketable contacts, improve the customer experience, and build trust through compliance.
So, what does this mean for companies that store personal data about their customers?
Companies need to understand and implement various laws and regulations, depending on where their customers call home or conduct their online activities. While many of the regulations’ details are similar, they are not the same across the board and vary in specifics – even the definition of personal data changes from country to country. Complying with numerous laws is not a simple task and requires specialized expertise and tools.
For marketers, you want your database to contain as many marketable contacts as possible. And you want to respect their preferences immediately to avoid both financial penalties as well as customer dissatisfaction. Regulations often specify the length of time permitted for data storage and processing and remove expired contacts without obtaining new consent. If the laws don’t specify a retention period, companies should establish their own time to live policy based on the user’s activity.
Privacy laws and regulations are not static and require tools that enable companies to adapt without requiring extensive changes to existing systems and processes. Ideally, new or changed laws should only require simple configuration and should not require comprehensive updates entry points such as online forms, system integration, or list uploads. Also, the system should automatically re-evaluate previous consent activity with the new laws change to ensure compliance.
And it’s not just your marketing systems that need to be aware of consent. It is also true of your CRM system, your ERP system, your Support tools, and many more. Every entry point where customer data is collected, or where that information is used for communication should ensure compliance with laws and customer choices.
In the example below using the Oracle Eloqua marketing automation platform, a 4Comply decision steps checks for permission prior to sending an email. The email is only sent if permission exists for each contact.
Managing consent across multiple systems and multiple jurisdictions is a complicated task. What’s more, customers expect real-time consent management to immediately respect their choices, not in a few days or weeks. Companies need tools that simplify managing consent and enable systems to re-confirm permission before communicating in real-time. And these tools must work across the entire enterprise.
4Comply is an API Solution for quickly building highly customized consent apps without building an in-house consent management framework from scratch. It helps Privacy Officers and Business leaders implement consent management to improve customer experience and build trust with customers. 4Comply offers a complete solution for adding privacy compliance to all your systems.
4Thought Marketing is a Marketing Automation and Privacy Compliance agency. We help customers translate business objectives into strategies that produce results.