5 Ways CMOs and DPOs Can Work Together

In many ways, Chief Marketing Officers (CMOs) and Data Protection Officers (DPOs) exist at opposite ends of a spectrum. 

For one, gathering, analyzing, and tracking consumer data lies at the core of what it means to perform their role well. For the other, putting a stop to wanton data collection and processing feels like cutting the heads off a hydra.

But marketing and privacy professionals can collaborate in a way that achieves both of their goals while simultaneously protecting the organization and respecting consumers’ data privacy rights. Here are five ways CMOs and DPOs can be better coworkers toward one another.

1. DPOs: Make Education and Communication a Priority

For many privacy professionals, it might seem like conducting audits or reviewing contracts are more urgent than educating their colleagues about data privacy. And sometimes, that will be true. But in most cases, keeping colleagues informed — and especially those in the marketing department — has a positive spillover effect on the rest of your duties.

Every aspect of a DPO’s job can be made easier when their marketing colleagues understand why they need to: 

• Be careful about which vendors they use for their martech stack
• Know where consumer data lives and how it flows throughout the organization
• Act quickly on DSAR requests
• Support their coworkers in the data privacy department

That means a reduced risk from and the likelihood of a breach, fewer remediation tasks after security audits, faster contract reviews, more effective impact assessment with greater follow-through, and more.

The bottom line is that DPOs are the data privacy experts at an organization; it’s unreasonable to expect other professionals to understand the importance of data privacy unless the resident expert takes the time to educate them.

2. CMOs: Take the Time to Learn How Your Work Relates to Privacy Risk

Education is a two-way street; marketing professionals need to make the time to ingest the resources their privacy colleagues send them and explore external sources.

Many marketing professionals are shocked to learn just how much overlap there is between their role and data privacy. (It’s part of why we’re writing this blog post!) 

Modern data privacy regulations focus on protecting consumers' rights over their data. It’s not a stretch to say that marketers handle the most consumer data in a typical organization. Learning how to respect consumer data privacy rights is just part of what it means to be a modern digital marketer.

Because marketing and data privacy are so closely linked, the Osano team spends a lot of time developing educational resources specifically for marketers. Here are some resources you can explore to get started:

• The anatomy of a data privacy law: Demystifying privacy
• What is privacy-first marketing?
• GDPR in marketing: Strategies to stay compliant
• The Osano email newsletter

3. DPOs: Bring Marketers to the Table When Evaluating Compliance Solutions

We mentioned above that marketers generally handle the most consumer data at a typical organization. That also means their role is going to be the most impacted by solutions that manage consumer data, like compliance solutions.

When an organization evaluates a software solution, it might lean on the legal team, developers, and operations professionals to identify the optimal product for its needs. Sometimes, the people that the solution impacts the most are left out of that evaluation process. That’s especially true when it comes to compliance solutions. 

Compliance seems like it's the sole purview of the organization’s privacy professionals. But as we’ve discussed, marketing is heavily impacted by compliance — and they need to have a seat at the table when it comes to evaluating compliance solutions.

Specifically, privacy professionals should consult with their colleagues in marketing on solutions that impact:

• Consent management
• Third-party scripts and cookies
• Website experience
• Customer relationship management (CRMs) platforms, customer data platforms (CDPs), email tools, and other stores of consumer data

When in doubt, the best approach for privacy professionals is to simply ask their colleagues in marketing whether they’d be interested in contributing to the evaluation process.

4. CMOs: Be Active Participants in Your Organization’s Data Inventory

Whether you call it a Record of Processing Activity (RoPA), data mapping, or a data inventory, compliance with modern data privacy regulations often requires (and always benefits from) knowing where your data lives.

Privacy professionals are well acquainted with the need for a robust data inventory, but creating a data inventory depends upon multiple stakeholders in the organization. As the largest steward of consumer data, marketing professionals need to be familiar with this exercise.

This can be tricky. Marketers are busy, so finding the time to execute a data inventory can be difficult. It doesn’t help that keeping a data inventory is an ongoing exercise, too. It can be beneficial to align with any privacy professionals in your organization about how frequently you should update your inventory. 

Make sure to include information like:

• The reason why you’re collecting consumer data
• The categories of people from which you collect data, such as visitors, prospects, customers, and the like. 
• The categories of data you collect, such as analytics, marketing, personalization, and the like.
• The categories of recipients of the data, such as suppliers, other vendors, government agencies, and the like.
• When you’ll erase different categories of data
• What security measures you employ to protect the data
• Where different data is stored
• And any other details your data privacy professional asks for

Keeping an accurate data inventory is the key to effective compliance down the line. That means privacy professionals get to do their job more efficiently, and marketing professionals suffer less of a disruption from their core tasks.

5. DPOs: Be Sensitive to the Impact Compliance Solutions Have on Marketing

Implementing compliance solutions can result in significant changes for the marketing department. Take consent management, for example. When implementing a consent management platform (CMP), marketers will lose a substantial chunk of web data — data that they were using to do their jobs.

This will vary depending on whether your organization is subject to an opt-in consent regulation like the GDPR or an opt-out consent regulation like the CPRA, with opt-in consent regimes creating a bigger impact on web data. In fact, an organization that had no CMP in the EU one day and implemented a CMP the next might see something like half of its web data disappear.

If a privacy professional follows the advice in this article by proactively communicating and educating their peers and by consulting with marketing before selecting a compliance solution, then they’ll have gone a long way to preventing a panic. Without any forewarning, however, the marketing department will be in for quite a shock.

Privacy and Marketing Are More Intertwined Than You Might Think

When marketing and privacy operate in silos, it becomes a recipe for disaster. Marketing doesn’t understand the importance of following through on the privacy team’s recommendations; the privacy team doesn’t see its hard work translate into outcomes; and the organization’s risk level increases.

Following the guidance in this article will be a big step toward breaking those silos down. Privacy and marketing should be in regular communication with one another. Learning about each others’ roles and responsibilities will empower both departments.

As an example, check out our case study with Mailgun. See if you can spot which of these five pieces of advice was the most impactful when it came to Mailgun’s compliance needs.