Marketing Privacy Compliance

For when your marketing team wants to catch your audience’s attention, but not fees or fines.

Marketing with compliance in mind

Your marketing team knows your business and products. They also know your customer.

Getting the right message out should be straightforward, right? But is your marketing team:

Aware of email marketing requirements for customer privacy and data security?
Up to speed on cookie requirements, cookie consents, and appropriate notices?
Safely managing consumer data from your website, emails, social media, and other digital sources?
Implementing a martech stack with a privacy- and- security-forward approach?
Current on best practices for data security and privacy regulations?

Build customer trust through compliance

At Red Clover Advisors, we’ve been collaborating with clients on data security and privacy strategies since Day 1. It’s our goal to make privacy, clear and actionable for your business without the cost of doing the work in-house.

We bring a client-centered approach to helping you find the right approach for your business. Our services are robust, customizable, and always at the forefront of compliance needs.

See our Full List of Services

Marketing made marketable

When done right, your marketing strategy can be something to shout from the rooftops. That’s because you’re putting your customer’s privacy and security needs front and center. We help you do that.

Compliance strategies

Compliance is a broad field. We help you address the two biggies, General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), but we can also navigate CAN-SPAM, Canada Anti-Spam Law (CASL), Telephone Consumer Protection Act (TCPA), and more.

When it comes to your marketing practices, we help you navigate:

Integrating privacy and marketing strategies
Data strategies for determining your most effective approach to collecting, storing, and managing your customer data
Running effective data inventories
Creating and updating privacy notices, cookie notices, and opt-out requirements
Addressing individual rights
Developing plans to prevent data breaches

Cookie banner compliance

Whether you’re a B2B marketer, direct-to-consumer, or a marketing generalist, you rely heavily on consumer data drawn from cookies. But how do you know you’re implementing them in a compliance-friendly way? We walk clients through questions like:

Do your cookies need to be opt-in? Opt-out? What do those options mean for your business practices?
When does the banner need to say and where does it need to go?
Which cookies need to be categorized – and how do you determine that?
How do you incorporate your cookie policy into your privacy notice?

Preference center optimization

Everyone loves an easy unsubscribe option, but since your email list can be one of your most valuable marketing tools those unsubscribes can limit your reach. What if you gave people options instead of making it all or nothing? We help you retain subscribers with the ideal selection of unsubscribe options, letting them choose how often and why they want to hear from you.

Vendor risk management consulting

Vendors can help your marketing department shine. After all, they’re the source for your CRMs, email service providers, social media management systems, digital advertising, and more. They’re also also a privacy and security risk. We make sure you have a plan in place to evaluate that risk and keep it under control.

Privacy training

The average digital marketer has access to lots of personal information in the course of their work. Make sure your team is trained to handle and protect that information.

In-person and virtual group trainings
Big picture training on Information security and privacy awareness
Regulation-specific training

Book a Free Consultation

Protect your marketing strategy

Data security and privacy can’t be ignored, least of all when it comes to your marketing. Working with experienced information security professionals helps marketing teams get the results they want while protecting your business and your customers from security risks.

Reach out to our team at Red Clover Advisors today to start with your free consultation.

Book a Free Consultation

FAQ

What are the risks we face if our marketing team doesn’t meet compliance standards and regulations?

Marketing needs creativity, but it also needs data. When it comes to the data side of things, you’ve got to start from a place of compliance. Failing to do so costs you money, your reputation, and customer relationships.

The financial costs of compliance alone are devastating. Regulator audits are massively expensive and fines and fees aren’t any better. While large corporations can take these kinds of hits, small and midsize businesses aren’t always prepared to incur these costs.

There are also financial costs that result from losing your hard-earned customers. When customers feel they can’t trust you, they’ll quickly take their business elsewhere.

And there is the risk of reputational damage that cannot be overlooked. A compliance violation inflicts a serious blow to any company that wants to be seen as trustworthy. (I.e., most of us.) It tells your customers, your stakeholders, and your industry that you don’t take your responsibility as protector of sensitive personal information seriously. In stark terms, it’s a major failing for businesses.

What are the main regulations that impact marketing departments?

There are data security and privacy regulations at the state, federal, and international levels that impact marketing departments. There are regulations that impact the email, digital advertising, and texting practices that marketers rely on (like CAN-SPAM, TCPA, CASL that we always need to consider). The two big comprehensive ones we will address here are the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). What do you need to know about them?

General Data Protection Regulation (GDPR)

GDPR is the EU’s landmark privacy legislation. GDPR created regulatory guidelines for any businesses, organizations, or non-profits that interacts with an EU resident’s personal information in the course of providing goods or services to them.

One of the major highlights of GDPR is its definition of an individual’s rights over their personal data. GDPR gives EU residents significant controls over their information, including:

The right to be informed
The right to access
The right to rectification
The right to erasure/to be forgotten
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

GDPR also defines special categories of sensitive data, which includes:

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs
Trade-union membership
Genetic data, biometric data processed solely to identify a human being
Health-related data
Data concerning a person’s sex life or sexual orientation

In short, these rights key EU residents in on how their personal data is being collected, stored, and used by companies. It gives them the right to consent, object, and delete their information.

Looking for more insight on GDPR compliance? Look no further.

California Consumer Protection Act (CCPA)

There are no current comprehensive federal laws regulating data security and privacy like GDPR, but rather a patchwork system of laws. However, CCPA has taken the stage as the law for states to emulate. CCPA is the largest state-level privacy regulation in the United States. It’s newer than the GDPR, having just recently become enforceable in July of 2020, but it’s been a compliance target for businesses since it was first announced in 2018.

Unlike GDPR, CCPA only applies to California residents. More specifically, you need to keep CCPA compliance top-of-mind if you are:

You’re a for-profit business that:
- Collects and controls California residents’ personal information AND
- Does business in California AND
Has one of the following:
- Annual gross revenues in excess of $25 million
- Annually receives or discloses the personal information of 50,000 or more California residents, households, or devices on an annual basis
- Derives 50% or more of your annual revenue from selling California residents’ personal information

Under CCPA, consumers have a defined set of individual rights. These include:

The right to notice
The right to access personal data and information
The right to know if their personal data is being shared (and with whom)
The right to deletion
The right to know whether their data is being sold and the option to opt-out of the sale
The right to equal rights and services

Take a closer look at individual rights here.

In the CCPA universe, your team has to be ready to uphold these individual rights through addressing consumer requests. You’ve got to meet deadlines for responses and appropriately verify their information. And, critically, your privacy notices need to be up-to-date.

Fines and fees are part of CCPA, as is the potential for legal action either via the state attorney general or from individual lawsuits.

Learn more about CCPA and where it might be going.

What does my marketing team need to know about…?

Cookies

Cookies are used for all sorts of purposes on a website or an app, but for marketing teams, they provide valuable data for understanding consumer activity and behavior. Because nothing in compliance is one-size-fits-all, though, no one data security and privacy regulation treats cookies the same.

If this feels nebulous, that’s because it kind of is. But here are three reasonably solid takeaways about marketing and cookies.

You’ve got to stay up-to-date on rules and regulations across multiple countries and geographic regions
Preference management software can be your best friend
When it comes to data collection, consent is everything

Want a big ol’ plate of cookie goodness? We deliver all that plus a glass of milk.

Data inventory

Data inventorying is mission-critical for data security and privacy. It’s a key element of GDPR compliance; it’s necessary for privacy notices; you need it for facilitating individual rights requests. (And from a functional standpoint, you can’t be sure your data is secure if you don’t know what you have, after all.) Data inventorying helps you get a bird’s eye view of the data you have and ask important questions like:

Why are we collecting it?
Who is accessing or using the data?
Where is it being stored?
How is it being used, shared, and secured?

Data inventorying helps you identify map your vendors and ensure they’re complying as well.

Do we need a privacy officer?

Compliance is an ever-moving target. Who helps you keep track of it? For small and midsize businesses, the responsibility falls on the marketing or legal teams. After all, compliance heavily impacts these departments and it can help keep costs down. This can be a good option for some companies, but others can seriously benefit from a third option: the fractional privacy or compliance officer.

Fractional privacy officers help you focus on the issues at hand: data security, privacy, and compliance. They’re specialists with an ear to the ground on regulations, changes in the industry, and the most up-to-date best practices. This leaves your marketing and legal teams free to do the work they’re passionate about while still guarding against non-compliance (and all the associated costs).

Let’s look at a common example: announcing a product launch. Your marketing department might consider putting together a new landing page and sending out a celebratory email blast to your email list. You put together some copy, find a template for your landing page and email, and presto! Ready to go.

However, a fractional privacy officer can help you make deliberate and informed decisions about how you approach these projects. While they may seem like small potatoes, there are important compliance questions to consider.

What needs to go on the landing page?
Do you need a privacy notice? Where should it go and what should it say?
Who can you email about this?
Are we covering all our bases?

Fractional privacy officers can have a big impact on an organizational level as well. Privacy and security start with your workplace culture, but if you’re not up to speed on best practices and policies, it’s all too easy to let it slide. However, fractional privacy officers also can help you establish a culture of compliance at your business, providing support for training, strategies, and communications.