Skip to main content
Newspaper illustration

Where Marketing Automation Platforms Fail at Privacy Compliance


Over the past several years, data privacy has bubbled to the forefront – but many companies are still figuring out how to ensure their marketing data is being used properly. Developing a privacy compliance workflow can be complex, but it is critical to get it right to protect an organization. Marketing operations team members can read ahead to stay informed on best practices.

Privacy Compliance Is a Foundational Data Workflow

There are dozens, if not hundreds, of laws around the globe regarding the use of personal data. For example, various regulations require an organization have consent from a person before:

  • Sending marketing communications to the person
  • Collecting and storing data about the person
  • Processing and using data about the person

Additionally, there are nuances within each, such as communication channel and content, certain data points being more sensitive than others, and more. It’s an organization’s responsibility to maintain proof that consent was collected.

Privacy Compliance work processes aid organizations in systematically managing their data input and processing and recording the necessary data points. Because Marketing is often responsible for lead generation, related workflow automations may be built in a marketing automation platform to provide consistent data capture and enforcement to help marketers and others at the organization comply with relevant regulations. However, it is important to note that many aspects of privacy regulations apply to all kinds of data and usage throughout an organization that are outside the purview of Marketing.

At the end of the day, privacy compliance is about risk management. It’s an organization’s responsibility to have documented proof that they are complying with consent requirements.

Millions of Dollars at Stake

The biggest risk to companies is the threat of lawsuits and fines from government enforcers. Companies have already been fined up to hundreds of millions of dollars1. While each organization has its own level of risk it’s willing to take, it seems unlikely that they would want to jeopardize their valuable time, resources and data by ignoring privacy compliance concerns.

But even if a company doesn’t get sued or fined, failing to pay attention to Privacy Compliance has a cost to the business. People lose trust in companies that misuse their data, such as those sending marketing messages without getting permission first or those using personal data in an unexpected way. Prospects and customers may avoid doing business with a company that they don’t trust with their data.

It isn’t just internet scammers and spammers that will turn away potential revenue. Companies can inadvertently mishandle data by failing to build a comprehensive privacy compliance workflow, and this will have the same impact on constituent attitudes.

Address Compliance Issues Today

The best course of action is to set up privacy compliance processes correctly from the start. This is easier to do for companies that are new and are setting up a website, CRM, MAP and other business systems from scratch. However, even this scenario will require monitoring and maintenance over time, as new legislation and business practices come to light.

It would be rare that a company should not prioritize privacy compliance. As team members join an organization, it would be good to review practices and ask questions. This may bring to light current business practices that need reevaluation.

While the United States is fairly lax in comparison when it comes to email marketing and consent requirements, the times are changing. States such as California have already implemented additional legislation to protect consumer data and give them more options for controlling information. Additionally, many companies do business globally and are subject to the regulations of their target audience’s location.

Comprehensive, Adaptable Workflow Automations

Typically, marketing automation platforms automatically filter out from email marketing campaigns any unsubscribed records and possibly those who have otherwise been flagged as unmarketable.

However, this addresses only the bare minimum scenarios – most regulations require much more. Additional workflow automation should be set up to capture and process incoming data to take advantage of this automated functionality. This will reduce the chance of human error when setting up an email marketing campaign and make it clear which records it can be sent to. The Etumos Marketing Technology Privacy Compliance framework, for example, automates the checking of a record’s consent against the requirements for their location to set their marketability. This requires no additional manual steps on the part of the marketing campaign manager, saving time and reducing mistakes. However, it relies on the communication being properly tagged as containing marketing content (vs. tagged as purely transactional). This should be the default setting and only limited users should have the ability to override.

Consistent data collection will be critical. If you collect consent from only some forms and/or don’t have location information consistently and accurately entered, it will be very difficult to ensure records are processed correctly and to retain proof of consent to protect your company. Etumos has extensive experience in form best practices. Of course, source all of your database records legally and ethically and ensure you are importing quality data when it is not automatically.

A record’s data is inevitably going to change over time – they may change locations, enter a different relationship with the organization, provide consent or revoke consent. Failing to reassess the record in relation to relevant requirements will cause data to be mislabeled and misused. A thorough workflow automation should automatically reprocess the record taking into consideration their new data points. The Etumos Privacy Compliance framework automatically reevaluates the record when relevant data changes.

The last several years have proved that regulations are inevitably going to grow and change. Organizations must be responding to the changes in the environment and adapting their workflow automations to address the new requirements, otherwise they will fall out of compliance. The Etumos Privacy Compliance framework is built in a robust way, allowing marketing operations managers to make adjustments without having to rebuild the entire workflow automation. This allows the team to be efficient and not spend significant time on rework.

Marketing’s Role in Privacy Compliance

Of course marketing is not solely responsible for compliance of all data at the company. But they can certainly take the initiative to start the conversation at their organization. A collaborative team composed of representatives from marketing, sales, IT and operations should work with the company’s legal counsel to discuss compliance when it comes to marketing communications. This is because there are many marketing-related systems and databases involved that may be managed by these different teams within the organization. Ultimately, the organization’s legal counsel will make decisions regarding work processes, requirements and appropriate data procedures. The marketing team can then implement a privacy compliance workflow, reviewing with the legal team along the way.

Enterprise companies may already have a data protection officer, chief privacy officer or similar role responsible for data privacy and security. These individuals will be overseeing compliance efforts throughout the entire organization – not just within the marketing function. In this case marketing may not need to develop a working group themselves, but would still be in conversation with a variety of business stakeholders.


A solid Privacy Compliance workflow automation reduces risk for an organization. When a marketing operations team leverages the features readily available within their marketing automation platform, they are a key contributor to the business’s compliance in an efficient and effective way.

1Forbes: GDPR Fines Reach Record Level

Get in Touch with Us

At Etumos, we love what we do and we love to share what we know. Call us, email us, or set up a meeting and let's chat!

Contact Us