There’s no doubt that the GDPR is reshaping the marketing industry, and yet many marketers remain unsure about what the law actually requires. The regulation is long, confusing, and in many areas, vague. Plus, there’s immediate tension between GDPR requirements and marketing principles. A marketer’s goal is to gain identification information, while GDPR’s goal is to limit identification information to what’s strictly necessary.
Let’s take a look at how Unbounce, the marketing industry’s leading landing page and conversion platform, made its journey toward GDPR compliance.
Unbounce’s Commitment to GDPR Compliance
Unbounce has powered half a billion conversions over the past nine years. How does a platform that processes so much personal data ensure compliance with such a revolutionary, yet ambiguous data privacy law? By committing to compliance from the start. To learn about the methodology behind Unbounce’s GDPR compliance efforts, we spoke to Bethany Singer-Baefsky, Unbounce’s Data Protection Officer (DPO). As DPO, she works closely with Unbounce’s security team to analyze vendor compliance management, advise on the privacy implications for new projects, and provide resources and advice for teams whose jobs require handling personal data.
What did “compliance from the start” mean for Unbounce? In our conversation with Singer-Baefsky, she tells us, “After Safe Harbour was overturned in October 2015, Unbounce began paying close attention to developments in EU data protection law. We took note when Privacy Shield was adopted, and followed the debates surrounding what would become GDPR. The laws were changing around the same time that Unbounce was looking to open up an office in Berlin, so we have been committed to compliance from the beginning. Compliance implementation, including obtaining buy-in, scoping, having regular progress meetings, completing infrastructure changes, etc., began in earnest about a year before the law went into effect.” It took collaboration across all teams to ensure that initial GDPR implementation was finished before the deadline. Developers dedicated over 5,200 hours to GDPR compliance, marketing and product marketing teams treated compliance like a product launch, and the support team fielded a deluge of customer questions. Singer-Baefsky adds, “This was a team effort in every sense of the word.”
Unbounce created a landing page so that anyone could find up-to-date information regarding Unbounce’s GDPR compliance progress, FAQs, and additional GDPR resources. Singer-Baefsky explains, “Our support and sales teams, especially those team members based in Berlin, were beginning to field a ton of questions as we neared the implementation deadline. Our legal/compliance/security team is quite small, and we didn’t have the people-power to constantly answer questions and simultaneously work towards the ever-looming deadline. We met with our marketing and product marketing teams and decided to approach our comms from the point of view of a product launch. We wanted a place to educate customers about our GDPR compliance efforts, and we updated the page based on our progress and on feedback we received from visitors and our teams.” This landing page allows Unbounce to remain transparent with their current and prospective customers, plus they published a blog post that educates marketers about how to ensure their landing pages are GDPR compliant.
Is GDPR Compliance Worth It?
GPDR compliance costs organizations time, resources, and money. Even though GDPR compliance is an ongoing effort, Singer-Baefsky believes that making sure that Unbounce was prepared for the GDPR enforcement deadline was absolutely worth the cost. First, compliance is helping Unbounce meet its business objectives. Singer-Baefsky states, “Unbounce wants the world to experience great marketing. Great marketing builds and maintains trust, and data protection is what ensures that that trust remains earned. Beyond this, our European office and customer base represent a substantial investment into the European market; a failure to attain GDPR compliance would amount to a colossal business failure.”
GDPR compliance also gave Unbounce an opportunity to analyze its processes. Singer-Baefsky said, “This was a company-wide effort that absorbed our development and legal teams for months, but as overwhelming as that could be at times, it was also an opportunity to review the ways we store and process data, ensure our security and access controls were up-to-date, and get our documentation in order. The result is a product our customers, and the millions of consumers who land on their pages each year, can trust as well as a more mature risk management system and a renewed culture of privacy and security awareness.”
Unbounce’s GDPR compliance process can offer insight into steps other organizations can take to prepare for enforcement. GDPR compliance is daunting; it’s unlike other compliance frameworks, and marketers are not only confused, but also scared by it. Singer-Baefsky notes, “We’re all just doing what we can until enforcement begins in earnest and the EU starts recognizing third-party certifications.” Until then, let KirkpatrickPrice help you with your compliance efforts. For marketers who want a streamlined compliance approach, contact us today and let’s connect you with one of our privacy experts who can show you how KirkpatrickPrice can prepare you for GDPR compliance.