Maintain GDPR compliant subscription lists with Dynamics 365 Marketing
Any company that offers a product or service, collects data related to residents, or otherwise operates within the European Union must be sure it complies with the General Data Protection Regulation (GDPR). It can be a bit confusing to navigate at first, particularly for organizations in the U.S. or otherwise outside of the EU. Dynamics 365 Marketing is fully equipped and ready to easy the process of ensuring data collection procedures meet the requirements of the EU.
This blog is not meant to cover the specifics of the regulations, but rather how to make use of the features in Dynamics 365 Marketing. It is recommended that companies familiarize themselves with at least the basics of the regulations before diving in too deep.
Main compliance features
With the core of the regulations being focused around affirmative consent from the individual, Dynamics 365 makes it easy to ask for, receive, and store consent responses. Marketing activities can be customized based on the level of consent provided by the members of the audience. Dynamics 365 comes with its own layout of consent levels with the values being stored on the contact record.
Customer journeys can be set to run only with contacts that have specified consent levels. Similarly, lead-scoring models can also require a minimum level before scoring leads. Through marketing pages and marketing forms, audience members can be prompted to provide consent while also being made fully aware of the data collection. The contacts can also view and update their consent status at any point.
Viewing and maintaining consent levels
Dynamics 365’s default consent levels layout is a 0-5 scale. Level 0 indicates no consent given. As the level increases, new options are made available and will include the options from the previous levels. Level 1 consent allows emails only asking to confirm current or update the consent level. At level 2, messages relating to specific transactions between the company and client can be sent. Level 3 allows for mailing list sign-up emails, level 4 allows general marketing messages to be sent, and level 5 gives permission for personal data like demographics to be used in automated decision making.
Consent levels for a contact can be found on the contact record within the Details tab. The Data protection box will show the consent level, whether the contact is a child, the contact’s parent or guardian (if applicable), and an option to enable interaction tracking. When creating segments, query filters for given consent can be used. Customer journeys can require a minimum consent level as a backup by going to the General tab while editing a customer journey.
Subscription centers are the best place for contacts to verify or make changes to their consent levels. Selectors for choosing a specific consent level can and should be added. If one is not already available, create a marketing form field that links to the contact/lead record’s GDPR consent field. Set up the subscription center form to include the form field and be sure to provide information about what to expect with each level of consent. GDPR, however, also requires double opt-in. Any new or modified consent requires a verification through something like a confirmation email and form.
Controlling personal data
Proper steps to ensure data is secure must be taken as part of GDPR. Dynamics 365 has standard security controls for fields, forms, and entities to limit who is able to view the specific items. Be sure that sensitive data is only accessible to the users that actually need it and know how to use it.
Contacts also need to be able to access, delete, or request updates for their data. For users requesting to see their data, manually exports to Office files can be done as well as any number of customized solutions or reporting software connected to D365 Marketing. In instances of deletion requests, simple searches and deletion of the records can be done. Custom fields may require some additional steps to ensure they are fully removed. Data update requests are best handled through a landing page with a form or a similar subscription center. Includes fields for all editable contact fields that are safe to include.