Panasonic Business takes ‘marketing-first’ approach to GDPR

Profile picture for user jtwentyman By Jessica Twentyman May 23, 2018
European marketing director Stephen Yeo outlines the role that Marketo’s marketing engagement platform has played in getting the electronics giant GDPR-ready.

Panasonic Business CMO
Panasonic's Yeo

In his 27 years as a business-to-business marketing professional, Panasonic Business’s European marketing director Stephen Yeo says preparing for GDPR is probably the biggest challenge that he and his team have ever faced.

At the same time, he sees the regulation’s introduction as a change for the good, and a big opportunity for all B2B marketing functions to up their game, building stronger relationships with commercial customers through relevant, valuable marketing content.

Yeo explains that Panasonic Business has put the Marketo  marketing engagement platform at the heart of its compliance efforts. The company first implemented Marketo seven years ago, but since then:

It has become the backbone for how we’ve implemented GDPR. Without it, we’d be stuffed.

Better marketing, happier customers

Yeo sees a strong overlap between good marketing practice, focused on delivering engaging customer journeys, and utmost respect for customer data - and Marketo, he said, has provided a platform for what he terms ‘compliance automation’, putting in the processes and safeguards that make that overlap explicit. Panasonic Business has achieved this in three main ways:

First, Marketo has been established as the company’s official ‘system of record’ for the marketing preferences of its customers. Like most B2B companies, that data arrives at a brisk clip through a wide range of different routes and systems, including CRM, ERP and warranty registration databases - but all those systems at Panasonic Business now feed that data into Marketo, with details of whether that customer has opted in or out of various communications.

In other words, if an enterprise customer chooses to opt out of communications after the 25th May enforcement date, or asks Panasonic to reveal all the data it holds on them, tracking that down and putting an end to communications will not be a headache.

Second, Marketo is now used to enforce strict data retention policies, in accordance with GDPR. If a customer enters a competition, for example, or submits an sales enquiry via a web form, their details will be kept for one year only and then deleted.

If they are an existing customer or partner, it will be kept for six years after the last time Panasonic Business engaged with them, whether that was via a conversation, an email exchange or a business meeting. Details of all engagements are automatically timestamped in Marketo and customer data automatically flagged up for deletion where appropriate, including in the originating databases. Says Yeo:

That, in itself, is a huge, huge, huge task. No human could do it, which is why it needs to be automated.

Finally, Panasonic Business is using Marketo to enforce GDPR-compliant marketing processes, enforcing the rule of ‘double opt-in’, for example, whereby when any piece of customer data comes into Marketo, the contact is sent a confirmation email with a button to confirm who they are and that they want to hear from the company. Customer data is also encrypted and internal access to it is limited through a strict hierarchy of user rights.

In a good place

It’s been a big challenge, says Yeo, and more work lies ahead:

We’re in a good place and, on the 25th May, we’ll be ready – but this is a much bigger project, because we’ll be working for the next one to two years on making sure that data held in every single database in the company - including the Outlook contacts on the PCs of salespeople - is deleted in accordance with our data retention policy.

Peter Bell, Marketo’s senior director for marketing in EMEA and company lead on GDPR, praised Panasonic’s work as being:

...quite remarkable and putting it definitely in the minority in terms of being thoroughly prepared for GDPR. 

Panasonic Business is a good example, he argues, of an organization that has gone beyond a ‘legal-first’ approach to GDPR, focusing simply on doing the necessary to achieve compliance, and favouring instead the kind of positive, ‘marketing-first’ approach that will be needed for any company to be successful in the longer term, as both commercial customers and consumers become more confident about their new rights under GDPR.