Research LibraryPodcastsIMPACT AwardsEditorial CalendarAdvertising
MarTech and GDPR Data Requirements - Privacy
Editorial

11 MarTech Vendors Reveal GDPR Compliance Plans

8 minute read
Dom Nicastro avatar
October 11, 2017
Digital Marketing
SAVED
The GDPR deadline is coming up fast. Is your organization ready?

Are marketing technology vendors invested in compliance readiness for the General Data Protection Rule (GDPR)? Or have they taken the casual, toss-up-a-few-blog-posts kinda approach? Tim Walters, partner and privacy lead with New York City-based Digital Clarity Group and a GDPR analyst, told CMSWire the commitment from MarTech vendors is all over the map. Taking an informal survey on MarTech vendor websites, he was surprised to see a lack of GDPR insight given the GDPR will "fundamentally affect the way most companies do business around any kind of personal data." Walters called the lack of information suspicious and problematic, adding lately he has seen some vendors “getting on the bandwagon.”

They surely have a lot of work to do, as we discussed in this week's report on MarTech vendors and GDPR compliance.

Beyond GDPR Whitepapers?

Walters is not alone in his thinking. "Vendor responses to the 'preparation for GDPR' question range from detailed, dedicated GDPR website pages to the offer of generic 'here's how you prepare' themed whitepapers," said Lisa Loftis, principal consultant for CI Advisory Services for SAS Best Practices. “And frankly, given the compliance deadline of May 2018, I believe that any vendor who is not deep in the throes of formulating solutions for this has already missed the boat.”

Zachary Paruch, product manager and legal analyst at Termly, where he works to build legal policies for American companies and vendors, thinks most MarTech vendors are only vaguely aware of GDPR. "As it is EU legislation, those of us in the US are skeptical of its scope and efficacy, particularly here in the states," he said. "MarTech vendors do not recognize the extent of the overhauls they need to make, and are waiting for the legislation to take effect in May to see what pans out."

Anne P. Mitchell, attorney and CEO/President of SuretyMail, believes far too many are behind the curve, and very few are ahead of it."In the industry groups to which we belong," she told CMSWire, "we're only just starting to see the panicked questions."

MarTech Vendors on GDPR

Let's crack the vendor code, shall we? We caught up with a few MarTech providers about their GDPR compliance plans.

Related Story: The GDPR Deadline is Looming: Here is How To Get On The Road To Compliance

Janrain

Headshot of Lewis Barr of Janrain, who discussed Janrain's compliance with the GDPR.
Lewis Barr
Lewis Barr, general counsel and vice president of privacy at Janrain, told CMSWire that the Portland, Ore.-based company conducted a gap analysis to determine the work it would need to do in separate roles as a data controller and a data processor. "We are a data controller with respect to the personal data we collect from business prospects and other individuals, such as those submitting their data on our website to request a whitepaper or sign up for a webinar, and we are a data processor with respect to the personal data we receive from our customers' online properties and store for our customers as part of our services," he said.

Janrain had already implemented EU-U.S. Privacy Shield self-certification and third-party audits and security controls for compliance with ISO 27001:2013 and the SOC 2 Type 2 Availability, Security and Confidentiality Trust Principles.

On Tuesday, Janrain formally announced two cloud security certifications, including one specifically for PII handling, which is a central part of the GDPR legislation, company officials said.

Sitecore

Ryan Donovan, SVP of product management for, Copenhagen-based Sitecore said the company is reviewing its internal practices and product features. "In the upcoming versions of Sitecore we will add new features to help our customers address GDPR compliance, including a renewed focus on personally identifiable information (PII)," Donovan said. "We are improving encryption (data at rest encryption) to personal data in the Sitecore Experience Database (xDB), and ensuring that specific features our customers may choose to implement in response to GDPR, such as Right to be Forgotten and Data Portability, are supported."

Campaigner

EJ McGowan, general manager at Campaigner, a j2 Global company, said Campaigner supports both single and double opt-in formats, provides forms to ensure acceptance and confirmation and permanently stores the IP address and timestamp of the confirmation.

"The platform will not send to customers who are in the 'pending' state of opt-in," McGowan said. "For customers who may not have opt-in information, we currently provide all the tools necessary to reengage them. We are considering wrapping these tools into a specific feature for reengagement if we find it something that will help them in their businesses."

Acquia

A spokesperson for Boston-based Acquia said the company is building on work it's done to obtain and maintain its EU-U.S. Privacy Shield framework certification, as well as work with customers around the EU model clauses that Acquia has also implemented. "We're focused not only on meeting our own obligations, but also on providing the tools that our customers will need to help them meet their obligations under GDPR as well," the spokesperson said.

Learning Opportunities

Webinar
Gain insights from the Talkdesk customer CAI
Apr
30
Supercharge Contact Center Efficiency with Generative AI
Learn practical strategies to reduce post-call documentation time by over 8 minutes.
Register
Conference
May
1
Qualtrics X4 Salt Lake City 2024
Register
Webinar
Brand’s reputation is one of its most valuable assets
May
2
Unleash AI for Crisis Management: Transform Threats into Triumphs
Learn how Sprinklr Insights provides real-time insights on current events, trends, and brand crises to empower your team.
Register
Webinar
financial industry
May
9
Driving Customer-Centricity in the Financial Services Industry
Discover how financial organizations are leveraging generative AI technologies.
Register
Conference
stanford university image
May
9
An Irish Roundtable in the Valley: The Economic Impact of AI on the World of Work Stanford 2024
Exploring the Impact of AI On the World of Work with Irish diaspora leaders and tech business champions from the North of Ireland
Register
Conference
London
May
13
Gartner Marketing Symposium/Xpo Conference London 2024
Register
Webinar
Gain insights from the Talkdesk customer CAI
Apr
30
Supercharge Contact Center Efficiency with Generative AI
Learn practical strategies to reduce post-call documentation time by over 8 minutes.
Register
Conference
May
1
Qualtrics X4 Salt Lake City 2024
Register
Webinar
Brand’s reputation is one of its most valuable assets
May
2
Unleash AI for Crisis Management: Transform Threats into Triumphs
Learn how Sprinklr Insights provides real-time insights on current events, trends, and brand crises to empower your team.
Register

BloomReach

Headshot of Irina Guseva of BloomReach, who discussed GDPR compliance in the BloomReach marketing technology toolset.
Irina Guseva
Mountain View, Calif.-based BloomReach started its GDPR-compliance work one version ago for its web content management offering.

It continued to stress GDPR compliance in a release on it BloomReach Experience web content management platform last month.

"As a result, we have built out an end-to-end, privacy-by-design framework to help organizations comply with their GDPR obligations with out-of-the box tools available as part of the Bloomreach Experience platform," said Irina Guseva, senior director, product marketing.

BloomReach has built out custom data collectors, consent cookies and forms, the right to be forgotten and deleted upon request, ability for customers to specify what types of personal data they are allowing to collect and how it should be used, etc. All of that is already available directly in the BloomReach Experience solution, Guseva said.

Oracle

Redwood City, Calif.-based Oracle is working to operationalize the new data protection requirements applicable to Oracle's processing of online marketing and advertising data throughout the entire Oracle Marketing Cloud and Oracle Data Cloud service data lifecycle, a spokesperson told CMSWire. With the GDPR's focus on pseudonymization, data science, analytics and related technologies, Oracle intends to continue enhancing its current data handling practices toward that goal.

Oracle Marketing Cloud and Oracle Data Cloud priorities for GDPR readiness are:

  • Reviewing the systems and processes that handle personal data
  • Assessing the GDPR's enhanced privacy and security requirements
  • Enhancing the diligence process surrounding the Oracle Data Cloud's data sources and Oracle's service providers
  • Creating trainings and guidance for employees
  • Monitoring developments and guidance provided by data protection authorities
  • Updating contracts and privacy policies before May 25, 2018

Acxiom

Headshot of Sheila Colclasure of Axciom, who discussed GDPR compliance.
Sheila Colclasure
Sheila Colclasure, chief privacy officer and global executive for privacy and public policy at Conway, Ark.-based Acxiom, said Acxiom has a mature robust data protection and data governance program built on Ethical Data Use (EDU). "We are using the GDPR as a catalyst to improve and strengthen our program," she said. She went on to note that Axciom is focuing on the Data Privacy Impact Assessment (DPIA) requirement under GDPR. "We are actually deploying our own 'compliance tech' to help us meet GDPR compliance obligations, including helping us make our DPIA process faster and more agile," she said.

Episerver

Episerver's recent EU-U.S. Privacy Shield certification and Peter Yeung's appointment as global data protection officer are part of a larger security and compliance initiative at Episerver to ensure comprehensive preparation for GDPR legislation.

Stockholm-based Episerver's Privacy Shield Certification is just one of many ongoing initiatives to reinforce its commitment to data protection and privacy and market leadership in cloud security, Yeung told CMSWire.

Episerver's focusing on privacy by design, affirmative consent, data encryption, retention, deletion and pseudonymization policies and procedures.

Demandbase

Dom Lindars, VP, product and marketing solutions at San Francisco-based Demandbase, said Demandbase has not historically captured or stored PII, but data protection and privacy is becoming a serious part of how they "manage data and work with customers and individuals." The organization is currently in the process of hiring a chief privacy officer.

SDL

UK-based SDL is getting ready for GDPR by using not only guidance from the Article 29 Working Party and Supervisory Authorities, but interactions with worldwide customers. "As SDL is a potential data processor — for a range of customers both in the regulated and non-regulated industries — we learn from our customers' interpretation of the GDPR requirements, which helps us develop commercially pragmatic solutions for GDPR compliance," an SDL spokesperson said. "We are monitoring progress with the promised UK Data Protection Act as it will be a key factor in considering the likely situation post-Brexit for processing personal data in our global business."

Act-On

David Fowler, head of digital compliance at Act-On Software, said it's "all hands-on deck" for GDPR compliance. 

"We have evaluated all aspects of our business that may be impacted by GDPR," he said, "and have conducted both internal and external analysis of any gaps that we may need to address."

fa-solid fa-hand-paper Learn how you can join our contributor community.

About the Author

Dom Nicastro

Dom Nicastro is managing editor of CMSWire and an award-winning journalist with a passion for technology, customer experience and marketing. With more than 20 years of experience, he has written for various publications, like the Gloucester Daily Times and Boston Magazine. He has a proven track record of delivering high-quality, informative, and engaging content to his readers. Dom works tirelessly to stay up-to-date with the latest trends in the industry to provide readers with accurate, trustworthy information to help them make informed decisions. Connect with Dom Nicastro:

Tags

privacysecuritymarketing technology#martechgdprgeneral data protection regulationmartech vendors

Featured Research

Featured research
Guide
4 Smart-Mover Strategies for Dominating Digital Moments
Explore 4 strategic areas to stand out and stay ahead of the competition
Read now
Featured research
White Paper
Unlock the Future of Outsourcing: Navigating Cost, Quality and AI Integration
Discover how trends like AI are reshaping the outsourcing landscape and how tech companies are approaching outsourcing decisions differently.
Read now
Featured research
Market Guide
Customer Data Platforms Market Guide
Get the help you need when choosing a CDP
Read now
Featured research
Research Report
Optimizely Named a Leader in the 2024 Gartner® Magic Quadrant™ for DXP for the Fifth Consecutive Year
Read now
Featured research
Guide
Streamline Digital CX With Conversational AI
Conversational AI Unveiled
Read now
Featured research
White Paper
The Business Value of Adobe Experience Manager Guides
Optimize Your Content Management
Read now
Featured research
eBook
Bridging Technology and Human Connection for Increased Sales and Lasting Loyalty
Driving CX Excellence
Read now
Featured research
Research Report
The State of the CMO
Insights from the Annual Chief Marketing Officer Survey
Read now