Compliance will be one of the more unlikely buzzwords of marketing in 2018.

Yes, data protection has always been extremely important, but the GDPR in Europe affords individuals more rights and demands customer-centric companies put their money where their mouths are.

With that in mind, we have a very apposite Day in the Life profile this week. David Fowler is head of digital compliance at Act-On, a US-based marketing automation provider. Here’s what he does with his day….

(As usual, a quick reminder to look in on the Econsultancy jobs board if you’re looking for a new digital marketing role yourself.)

Econsultancy: Please describe your job: What do you do?

David Fowler: I help our clients navigate the digital compliance roadmap in terms of their obligations under local, state, federal, and international laws as it relates to digital marketing. It’s my responsibility to ensure that when our clients hit the “send” button for their email campaigns, or conduct other digital marketing strategies, their messages have every opportunity to get to the inbox and ultimately provide ROI. 

Digital compliance in 2017 is a very deep and wide field and can be complex to understand. If you’re a marketer in the US mailing to the EU, for example, your compliance obligations are going to be different than if you’re a marketer in the US mailing to Canada. It’s on us as an email-driven business – and on me as our head of compliance and deliverability – to keep customers informed of their obligations in this new, fast-changing legal landscape.

E: Whereabouts do you sit within the organisation? Who do you report to?

DF: My role is largely cross-functional – compliance and deliverability being things that affect and influence our entire organisation – which means I’ve worked with executives across multiple departments: marketing, sales, service, support. I work most closely with and report into our company’s General Counsel and SVP of business development.

david fowler 

E: What kind of skills do you need to be effective in your role?

DF: You need a deep understanding of email regulations and compliance obligations. Having entered the industry in 2003, I have seen and been on the cusp of the digital market transformation from a compliance perspective – working with privacy resources, industry associations, networking groups and following the endless amount of privacy and compliance related content.

You also need good presentation skills as I present at many industry conferences and publish blog posts and other industry related content.

E: Tell us about a typical working day…

DF: As my responsibilities are cross functional, days are different, one moment you could be writing an article and the next meeting you have will be to review a customer compliance escalation ensuring business continuity.

Currently, my team and I have been hard at work for May 2018’s General Data Protection Regulation (GDPR), the law affecting and rewriting rules for engagement across the EU. This has meant completing a third-party assessment of our general preparedness; training employees on (and generating awareness around GDPR’s unique mandates); assessing our own product and functionalities for possible GDPR enhancements; and proactively working with industry players, clients, and partners to promote broader GDPR awareness.

E: What do you love about your job? What sucks?

DF: Having seen first hand the evolution of our space it’s been exciting to see the development and adoption of digital regulations and consumer protection. It’s a fast paced environment and as our industry continues to evolve I have no doubt that will present additional opportunities to learn and develop my knowledge base.

What is disappointing is when you advise a client to embrace a strategy that you know will work to improve their performance and they don’t adopt your recommendation.

E: What kind of goals do you have? What are the most useful metrics and KPIs for measuring success?

DF: Our immediate organisational goal is preparing for the GDPR and ensuring our compliance with the pending legislation. We have worked hard internally to ensure that we are positioned to comply. As we have a large portion of our client base in the EU it really is becoming a hot topic the closer we get to May. 

E: What are your favourite tools to help you to get the job done?

DF: As with any change or update to laws or compliance requirements, industry has innovated and there are many tools now available to ensure compliance obligations. The reality is that not one solution fits all requirements. For the business we have secured Privacy Shield certification, our TRUSTe certification demonstrates our privacy and commitment to data management.

We also follow groups like the International Association of Privacy Professionals (IAPP), the UK Information Commissioner’s Office (ICO), the DMA-UK to ensure that we keep up with the latest guidance on all compliance related issues.

E: How did you get into compliance, and where might you go from here?

DF: I entered into compliance in 2003 when the digital market here in the US was in its early stages, we were faced at that time with commercial email legislation (CAN-SPAM) to be implemented with our industry. I can tell you that the compliance market is rich with opportunity, as we become more data driven laws like the GDPR have created compliance career opportunities as a tenant of their overreach.

E: Which brands do you think are truly customer-centric?

DF: I think brands that are transparent with compliance policies are more in tune with customer expectations. As not a day goes by without some brand disclosing a breech, it’s the response to the incident that will ensure consumer trust.

I am not convinced that we are there yet but the security and proactive management of consumer data should always be the top priority.

E: Do you have any advice for people who don’t know where to start with the GDPR?

DF: The GDPR is a herculean piece of legislation and many companies will struggle to understand and implement the requirements. More than anything, marketers should look to next May’s legislation as an opportunity, rather than a chore; a chance to ensure they have the technologies and processes in place to best serve and support their customers. 

If a business can’t be sure of how it collects, stores, secures, and uses data – the precise kind of data gathers, the methods it uses to gather data, the time it keeps data for – it faces many more challenges than any one law could pose.

Short term, marketers need to review their existing practices for list consent and proactive management in relation to the data subject (areas facing the most scrutiny under the law). Longer term, they need to take stock of their policies for privacy and compliance, and see to it consent is prioritised in every interaction and transaction with buyers – written into contracts, third party relationships even, as needed.

As the burden of proof of consent relies with the company, next May any data an organisation has will be required to be permissioned. 

Further reading: