Marvel Marketing Minute – The GDPR-Safe Way to Share Lists Outside of Marketo

In just a few weeks, your company will be hosting the world’s most exclusive conference, #Hoolicon2019, and you are responsible for the email campaign to promote it. You were already given the exact audience criteria, so you build your smart list accordingly, ensure your smart list produces the desired results, and prepare to add it to your Marketo send campaign.

What could go wrong?

Uh oh! Meticulous Matt, your company’s new Director of Regional Sales, needs to sign off on your smart list, and he refuses to approve it before he’s looked over every single name on that list. Since Meticulous Matt doesn’t have Marketo access, he suggests that you export the smart list and send the CSV file over to his personal email so he can review it when he gets home tonight. Little does Meticulous Matt know that he has just become Massively Mistaken Matt.

Luckily, he works with you—a Marketo-using, GDPR-complying, privacy-savvy marketer.

You know that Matt’s proposed method of sharing data is not GDPR compliant since you are dealing with PII, or Personal Identifiable Information. But now what do you do?

Here are 3 ways to share lists from Marketo the GDPR-compliant way:

1. Give team members “Read-Only” access to smart lists

If you have admin access, give read-only access to specific team members, like sales leaders or other members who typically have to approve your email send campaigns.

2. Meet in-person or via video conference

Discuss your list directly with the person in a meeting. This is a great solution as you often get approvals or feedback in real-time. However, this process requires that you and the reviewer are available at the same time. Depending on the nature of your organization, this may prove to be quite challenging.

3. Share it securely and dispose of it immediately

If your cloud environment is GDPR compliant: You can simply share an exported list within your cloud environment, however, it’s always best to limit the fields you share. Also, set up an expiration date. Tip: Set a calendar reminder for yourself to delete the sheet before the end of the day.

If your cloud environment is not GDPR compliant, or you’re not sure if it is:  All hope is not lost! If you get permission from your compliance team, a good workaround can be to only export a list of “job titles” and “company names.” As another precautionary step, it would be best to split job titles and company names into 2 separate tabs and de-dupe both lists.  

This is a screenshot of the data exported directly from Marketo:

And this is what it looks like when you split the data into 2 columns by “job titles” and “company names”, then de-dupe:

Tip:  It’s important that you do not keep “job titles” and “company names” in 2 columns side-by-side as that may be considered PII.  Again, set an expiration date for the sheet, and be sure to dispose of it as soon as possible.

Now everyone is informed AND your organization is still as GDPR compliant as ever!

Janice Lee

Posted by Janice Lee

I’m a passionate marketing ops problem solver, food and wine appreciator, serious dog lover, Brazilian Jiu Jitsu practitioner, and a huge believer in finding your inner peace through periodic Netflix-fueled weekend binges.