It’s May 25th, 2018, the day GDPR takes effect. Pencils down. You’ve done all you can for GDPR compliance. You have:
- Put up a cookie warning banner
- Added opt-in to your forms
- Updated your subscription center
- Put in new policies and processes
- Asked all your data processors to sign DPAs (and dropped the ones that didn’t sign)
- Identified all the EU data subjects in your database and sent opt-in emails
There are still a few odds and ends you need to finish. We won’t ask and you don’t have to tell. Wink, wink. EU regulators didn’t show up at your door, so life is good. Time to breathe out and schedule that yoga class this weekend to decompress from GDPR. Life is good.
Hum, not every EU data subject in your database responded to your opt-in request, so what are you supposed to do with these non-opted in records? You’re supposed to remove them from your databases, but as a revenue-driven marketer, that just rubs you the wrong way. What a waste! How will this affect your ABM models, your attribution, your account scoring, and your MQL count that you fought so hard to tie to your quarterly bonus? There must be a better way.
There is: Anonymize them.
Instead of deleting GDPR non-opt-in leads, or any lead that has requested to be forgotten, we recommend that you use anonymization/pseudonymization instead. Essentially, anonymized data can no longer be identified, whereas pseudonymized data can still be identified if combined with other pieces of data. Here’s a link to a good primer from the International Association of Privacy Professionals (IAPP) on what those two methods mean: https://iapp.org/news/a/looking-to-comply-with-gdpr-heres-a-primer-on-anonymization-and-pseudonymization/.
To do anonymize data, you need to do the following at a minimum:
- Replace names with placeholder names such as “GDPR CRM1234567890” where “1234567890” is the record ID
- Replace email with placeholder email such as “gdpr.anonymized+CRM1234567890@acme.com”
- Replace phone number or replace it with a dummy phone number that preserves the country and/or area code, such as “+1 (415) 000-0000”
- Remove job title, but keep job function, job level, and buyer persona segmentations. Alternatively, you can also replace the actual job title with a generic job title, for example, change “Director of Demand Generation” to “Director, Marketing, Demand”
- Remove all notes as they may contain Personally Identifiable Information (PII)
What are the benefits of anonymization/pseudonymization vs. deletion?
- Preserve campaign and engagement history, as well as attribution
- Preserve the ability to execute account, industry, and geographical level programs
- Preserve the ability to do most analytics
- Preserve historical data for machine learning training
- Does not change trending analytics that rely on historical data
Folks who are well versed in GDPR are probably thinking, “What about changelogs”? Changelogs in most software applications can’t be changed or erased easily. PII still persists in the changelogs even after the contact data has been anonymized/pseudonymized. This is OK because changelogs are actually required to prove compliance. Imagine you honored a forget-me request and completely removed the record and all changelogs, so there is absolutely no trace of you ever having that record. What if the requester comes 31 days later and asserts that you didn’t remove his information promptly within the 30-day grace period? What evidence can you produce to prove that you removed his record 10 days ago and not 10 minutes ago? The ability to demonstrate compliance is as important as being compliant. The preservation of an audit log is actually an important aspect of being GDPR compliant.
Now, go fire up your favorite data tool (like Openprise) and anonymize those leads so you can really decompress this weekend.