25th May 2018 marked a new dawn on data security practices across Europe when the General Data Protection Regulation (GDPR) came into effect.
There has been a lot of discussion about who controls and accesses data and who is responsible for ensuring data compliance. However, there is still some uncertainty as to the role marketers – both agency and in-house – occupy in terms of data responsibility.
There are several resources out there that specifically detail the role of a data processor and a data controller, but these tools often expect the roles to be occupied by different individuals.
As a marketer, you’ll probably need to wear both hats. It’s important to understand that your role as a processor or controller will change, depending on each individual relationship. To bring this to life, here are some example situations:
| Controller | Processor |
|---|---|
| Bank The bank will be creating any number of marketing assets, alongside their usual data processing activities. It’s in control of who gets what data. | External print company When instructing a printer to print personalised direct mailers, for example, the bank will be handing over data to the printers. Therefore, they are a data processor. |
| Bank The bank also uses a marketing agency to generate leads using email marketing and gated content on their website. Data capture will be handled by a marketing automation platform. | Marketing agency The agency processes data on behalf of the bank because they manipulate the data before it is added to the marketing automation software.Marketing automation software In this case, the software will also be a processor because the data exists and is being used in their system.Data centre It doesn’t stop there. The software is SaaS and is delivered via a data centre. The data centre is also a data processor. |
| Marketing agency The agency also uses a marketing automation platform for their own marketing activity. In this instance they are the controller! | Marketing automation platform and Data centre apply for the same reason as above. |
You can read or download our handy GDPR whitepaper here, which addresses this and many more questions marketers might have around GDPR. Becoming compliant requires time to get right, but it doesn’t have to be a minefield. In fact, it’s an opportunity to make sure your processes, security and relationships with third parties are watertight.
