25th May 2018 marked a new dawn on data security practices across Europe when the General Data Protection Regulation (GDPR) came into effect.
There has been a lot of discussion about who controls and accesses data and who is responsible for ensuring data compliance. However, there is still some uncertainty as to the role marketers – both agency and in-house – occupy in terms of data responsibility.
There are several resources out there that specifically detail the role of a data processor and a data controller, but these tools often expect the roles to be occupied by different individuals.
As a marketer, you’ll probably need to wear both hats. It’s important to understand that your role as a processor or controller will change, depending on each individual relationship. To bring this to life, here are some example situations:
The bank will be creating any number of
marketing assets, alongside their usual data
processing activities. It’s in control of who gets
|External print company|
When instructing a printer to print personalised
direct mailers, for example, the bank will be
handing over data to the printers. Therefore, they
are a data processor.
The bank also uses a marketing agency to
generate leads using email marketing and gated
content on their website. Data capture will be
handled by a marketing automation platform.
The agency processes data on behalf of the bank
because they manipulate the data before it is
added to the marketing automation software.Marketing automation software
In this case, the software will also be a processor
because the data exists and is being used in their
It doesn’t stop there. The software is SaaS and is
delivered via a data centre. The data centre is also
a data processor.
The agency also uses a marketing automation
platform for their own marketing activity. In this
instance they are the controller!
|Marketing automation platform and|
Data centre apply for the same reason as above.
You can read or download our handy GDPR whitepaper here, which addresses this and many more questions marketers might have around GDPR. Becoming compliant requires time to get right, but it doesn’t have to be a minefield. In fact, it’s an opportunity to make sure your processes, security and relationships with third parties are watertight.