Ops Cast | The Intersection of Privacy & Data/Analytics; What does Marketing Ops need to know?

Michael Hartmann: [00:00:00] Hello, everyone. Welcome to another episode of OpsCast brought to you by the MO Pros I’m Michael Hartmann joined today by both co-hosts Naomi Liu, and Mike Rizzo, please say hello?

Mike Rizzo: Hello. Hey everybody. It’s the year of the MO Pro. It is the year of the MO Pro.

Michael Hartmann: Always different. All right. So today, We’re covering something a little different.

The intersection of two topics relate privacy in data slash analytics, and to help us with that conversation. And and this topic is Damon Gudaitis analytics manager at three ventures, technology Inc, and Carrot Juice Marketing his consulting companies prior to that, Damon wa has worked in several marketing and digital marketing roles as well as having started multiple other consulting companies.

And he has also been involved in various capacities with the digital analytics association, Damon. Thanks for joining us today. Thank you for

Damon Gudaitis: having look forward to this for having me Mike or Michael.

Michael Hartmann: Yeah. That’s okay. That happens all the time. I think we, we had we recorded an episode recently [00:01:00] where there was two Michaels and a Mike.

Yeah. So

Damon Gudaitis: I had this, so I had the one, one, the client we were had A Jen on my side and a Jen on the client side and a Greg on my side and a Greg on the client side, I was the only one with the unique names. Five falls.

Michael Hartmann: All that be hard. Wait, anyway, someday we need to just make up names. We need to have our OpsCast names. People do code names, like call signs. I’m

Naomi Liu: I’ve never been in a meeting with two Naomi’s. So I dunno what that’s I

Mike Rizzo: think you’re fine. Although if I had to pick we’re like based on today’s video feed, Naomi’s nickname is now Sox.

Damon Gudaitis: Sox.

Michael Hartmann: Yes, that’s good. Cause you have

Naomi Liu: the hat. Okay. My Boston red Sox hat, your red

Mike Rizzo: Sox hat

Michael Hartmann: Yes. You wear that occasionally and we’re gonna have to talk about that some other time, figure out what that all

Damon Gudaitis: Mike Rizzo . There’s a story behind it because of that big, bright, audacious Mike that he has.

Oh,

Mike Rizzo: just the mic. Mike [00:02:00] Rizzo. This big red audacious mic

Michael Hartmann: lip. Yeah.

That’s right. Good. All right. So Damon, let’s get this going. So you and I has talked a little while ago and talking about how these topics were connected and, I think I was probably a little skeptical that these things went together. Not like chocolate peanut butter, but so let’s start out with the why, like, why do see a connection between privacy.

And data slash analytics. Can you walk through the, the thought process?

Damon Gudaitis: Privacy on the one hand, you’ve got all these privacy laws that once comply with, or has to comply with in some cases, and that’s clearly legal, but the actual nuts in bolts of compliance is on the data side. So things like Getting making sure that you have permission before you use data a certain way, making sure you have permission before you collect it to lawyers, they can’t really do anything about [00:03:00] that.

That’s a data thing. So the lawyers, they make the decisions, but we on the data and analytics sides, we have to actually implement it.

Michael Hartmann: All right. So let me follow question a little bit. So should we be separating. Maybe you can help define, like, when you say data, does that have a specific meaning to you? And when you say analytics does a different meaning to you or maybe just let’s define what these, data is,

Damon Gudaitis: how about that data is more general is a more general term.

Like all companies have data. Any data typically involves a database, even if that database happens to be Excel. That’s all data. You might not see the data. It might be in Marketo and a database that Marketo owns and you’re using it by using Marketo, but that’s still data. Whereas analytics are typically more tooling for measurement.

Cause you’ve got all [00:04:00] right business intelligence on one side, which is, a lot of sequel queries. Run against a whole bunch of databases, usually in a data warehouse, whereas analytics is more task plus insight based. Google analytics being the prime example, but also product analytics.

So you instrument your analytics tools as standalone get a bunch of reporting when you instrument them properly, often, very easily at the basic level of, web analytics. But So you get the package of reporting in with the instrumentation that’s analytics, as opposed to data encompasses all, maybe.

Michael Hartmann: So when you’re talking about data, then is it it’s not necessarily just the data, it’s the way that the systems are using it, how we’re apply, how much we’re sharing it, all that kind of stuff. The controls

Damon Gudaitis: that go around it dealing with the digital age. They’re newer than the tools, which is hard to believe.

Cuz analytics is a new dis is a fairly new discipline marketing [00:05:00] operations and revenue operations, even newer, but HubSpot, Marketo, they’re they predate these privacy laws. And so they’re implemented without any need to control data flows to respect, not not just the marketing end user pro, but the actual customer of the company to respect their.

Preferences with respect to how their data is used and data being so nebulous. It is quite a big challenge bolting this on.

Michael Hartmann: Sure. I think one of the, this is one of the things that both attracted me and I think makes it interesting to be in marketing as I contrast it to where I used to work in. Doing financial systems and financial data warehousing, where there’s a lot of structure there’s controls about access and how you can manipulate things and things like that, where [00:06:00] there’s a whole lot less of that.

Generally speaking in both in terms of. People in process, but also the, I think your point, right? The systems were never really designed to support that level of control and management of who has access and visibility into the data to make,

Damon Gudaitis: like we’re not mature the way financial systems are. Like even financial systems like accounting, It hasn’t changed.

I’ve worked with accounting. I’ve worked for accounting software for companies, E P companies. They, that, that doesn’t change really. Innovation, they have innovation, but it’s not the same way that marketing has innovation marketing technology.

Michael Hartmann: Yeah. There’s only so many ways you can meet gap standards. So that’s really interesting though. I’d never really thought about. Thought about the limits part of the challenge for people in marketing [00:07:00] ops in particular, I think where we were expected to at least I think is a part of our role should be the ones to advocate for the customers and their.

Their desires about how much and how little their information is shared and used, but I never really thought about it in terms of the systems being part of the challenge and that they were never really designed to support that kind of management of those rights and restrictions.

Do you think that is, two kind of two questions, do you think that’s going, do you expect that to change or is it already changing that of, companies or people that are affecting that throughout the

Damon Gudaitis: market tech ecosystem? It’s slowly, you’ve got new tools designed to manage private and personal data that are meant to manage it bolt on, on top of the rest of your tech stack and Like C CDPs, for example, customer data platforms.

Those are quite a good place to manage it. Cause the idea, if you implement them properly, is everything goes through the CDP first and then it goes out everywhere. And so you have an audit log. So [00:08:00] if somebody somebody has the right to have their data erased, you have this audit log and you can go, okay, they’re in these systems.

We erase them. Whereas. If you don’t have these systems set up yet, which most, probably most of the people listening, don’t have these set up. Then, you’ve gotta guess which systems that the data has flown into between your marketing and sales and product orgs and extract that.

But as we move forward, And privacy laws are spreading. Like I don’t like. The us and Canada are a bit behind more. Obviously the EU, but also Japan, China, India. But they’re definitely spreading. They’re not going away. And the tools are improving, making it easier for clients in those countries, especially to comply with the [00:09:00] various laws.

Mike Rizzo: I think I, yeah. When you say the tools are improving,

Damon Gudaitis: you mean yeah. So it can be analytics technologies that

Mike Rizzo: they’re deploying like Google analytics in the world has. And

Damon Gudaitis: that kind of thing has released a lot of privacy features in Google analytics and Google tag manager to make compliance easier.

So stuff like they’ve got flags for this individuals who don’t have permission to use certain I guess it’s AI in the background, but they don’t have permissions for those. So you can set that flag up so that, that doesn’t get processed, for example I believe right.

Mike Rizzo: Yeah. Yeah. I think the tools are doing a better job of it. I think what’s becoming more clear, at least in some of the content you shared in the community recently, right? Is that Hey, you know where these servers are located matters. And as you as you’re going to [00:10:00] purchase your.

Tech stack, depending on where you reside and where your customers reside, you have to ensure that those vendors are going to be compliant on behalf of where those customers reside. And so you see organizations like HubSpot or whoever, right? Adobe, all of those folks that end up having their servers located now in.

The EU proper. And so that’s a whole like compliance journey that we have to go on as marketing operations professionals during a procurement sort of vendor analysis thing, period. And then you’re thinking, how does that apply down the chain? The Daisy chain of. Where else do I need to ensure that those things are safe inside the text tech?

And so I, I see vendors making those strides because in that article, you shared where someone was successfully able to Sue for, Hey, Google fonts was being used on a website. And the server that those fonts were being pulled from were not. This country. And so that’s

Michael Hartmann: crazy.

like who, who [00:11:00] has time to figure that out? I don’t know. I guess somebody who wants to Sue Google

Mike Rizzo: some class action. I don’t know. But the, so the question that, sorry, Damon. I I do want to, I want you to jump in on that, on whatever it is that you wanna share there. But I also want to come back to this question is whose responsibility is this?

Is it the, is it like I am the community, right? We have the MO Pros.com. Is it the MO Pros dot com’s responsibility? If you’re talking to

Damon Gudaitis: people, visit the MO Pros do com are not told from the wrong place it’s your responsibility. But but.

Mike Rizzo: And so now I have to literally go rip out product tools ensure.

ones, if you don’t have a server in the right place, I gotta take that thing out

Damon Gudaitis: yet. Okay. We’ve gotta, okay. We’ll look at it like two different. You’ve got the you’ve got the various thankfully the various authorities stock on wood governing authorities in different countries.

They’re and alright you have this discussion with legal, but they’re not generally going [00:12:00] after. Small and medium sized businesses. They don’t have the budget to police every single violation. So you need to have this discussion about risk versus effort a mature discussion and you have that with legal.

So that’s, and then on the civil side, that’s that why I shared the, that Google font that Google font. Ruling is that was a civil case. So that was GDPR related and that was just some guy sued, not Google, but the site owner for using Google fonts, Sarah from Google when they had the option to embed it on their site and they want a hundred dollars.

And that’s another risk conversation you might have. Is it worth the effort? But is somebody going to actually Sue us, but then also it’s a civil case. Each individual EU country, they each like GDPR is one [00:13:00] law, but each country has its own mechanisms for they have to enforce it, but they have their own mechanisms for enforcement.

So if there’s a say class action law, in one country you could potentially be sued as a class action. I have no idea if you’re a PE class action lawsuits. I like, I don’t know, but that is, the potential. But you don’t panic cause you broke a law somewhere yes. Yes. .

Mike Rizzo: Yeah, we probably all have at this point, like Jay walking

Damon Gudaitis: to coffees, not, I know I was reading earlier the, but I didn’t panic jaywalk this morning to my coffee.

Did

Mike Rizzo: you know me?

It’s an necessity survival

Michael Hartmann: mechanism.

Mike Rizzo: I actually didn’t know I was jaywalking cuz I hadn’t had my coffee. Yeah,

Naomi Liu: exactly. I’m gonna

Mike Rizzo: go with

Michael Hartmann: that. Naomi, I, oh, sorry. Naomi. I’m just curious especially since you’re in Canada to Dami you’re in Canada, right? [00:14:00] know you said Canada and the us are behind, and I’m putting air quotes around that.

I think that’s I don’t know what ahead is in this space. I think that’s what I’m struggling with a little bit, but like I how much of a thing, how much of a focus or your time do you look at this kind of stuff when you’re looking at vendors or when you’re talking to people internally?

I know cuz you’re at a bigger company, I’m at a bigger company and it’s something I like on a regular basis. It comes up, but it’s not every day I’m thinking about, oh, are we in compliance?

Naomi Liu: At I can’t speak for Damon, but at least for us at EFI, it’s definitely something that comes up almost every day.

And. Partly, I think due to the fact that we have a very we have a culture where this, where privacy and data security comes from the top down, right? Our CIO is very has it at the forefront of her mind. And it’s something that’s constantly being reiterated and discussed within even employees, that, Hey, if you touch customer data that you have. Responsibility to protect it because laws will continue to expand, not contract, Canada and Europe, for example, [00:15:00] won’t one day say Hey, do you remember that law? We put into place castle, GDPR, don’t worry about it anymore.

It’s it’s not like if anything, laws that are currently in place will continue to become more and more restrictive. I, and I, when I heard Damon, when I hear you say that, Canada and the us are a bit behind the curve, how I interpret that if we’re gonna take the us as an example, I interpret that as, for example, the us has many different privacy laws, right?

Because it follows. A segmented approach to privacy regulation. So this means that, for example, the us has implemented laws that focus on certain industries or data types that are particularly sensitive, right? So those types of things require more protection. So things like. In the healthcare space like HIPAA or things like the financial privacy act and the financial services space.

Those are all like very siloed laws where as opposed to like in contrast, the European union has implemented GDPR, which is like, Way more broad and applies to all [00:16:00] industries and all data types. So that’s my takeaway, like when I hear you say that, north America’s behind the curve.

Yeah. I definitely interpret that as however, because we don’t have something

Damon Gudaitis: that just everything, an evolutionary terms, Europe, like financial and health data. And information, the there’s so much more that can go wrong than with your marketing data. There’s so much more at stake. So you I don’t know you laws, but I’d be very surprised if you or each individual country Didn’t already have very equivalent HIPAA equivalents enacted.

They’re not relying on GDPR to cover the financial and the health. So it’s an evolution they’ve like that financial and health markets needed to be governed. Like the need was a lot higher. So that got done first and now, and Europe’s moved ahead. And and Canada and the us are follow following along [00:17:00] coming along slowly.

And that’s yeah, to the more general need to govern privacy,

Mike Rizzo: right?

Michael Hartmann: Yeah. So this is, this brings me back to one of the struggles I have because pretty much the last few companies I’ve worked with have global footprint. And so if we didn’t have global footprint in terms of delivery, we had it in clients and customers and prospects is things like, should we comply with the again, air quote, strictest privacy type laws, or should we be do it on a market, my market basis.

And then if we do that, how do we keep up with that and make sure that. Keep up with the changes. Like how do you, I would say what’s, is there like, is there a best practice you there people PO that we should be looking at for, in terms of compliance with privacy laws, say its practice.

Damon Gudaitis: But if we have that the conversation you [00:18:00] have is.

do we want to customize for every country? Or do we want to go with the strictest interpretation? And that’s the conversation that you have? If you’re, if the company you work with has local offices, local websites, local legal teams, then yeah. Go scattershot. If you’re a sauce startup, then it’s the risk of.

And you’re selling globally. You can either, if you’re very conservative or legally most startups aren’t, but for argument’s sake, if you’re very conservative, you would say, okay we’ll do the strictest standard and that should cover us. And if you’re. At the opposite end, you’d be like, okay, we’ll we’re not gonna bother with this until we get told we have to by some governing body.

And then we’ll say, sorry, and sort things out.

Michael Hartmann: Yeah, what you bring up an interesting point that I’ve get back to is there’s gotta [00:19:00] be a little bit of a risk reward assessment cuz complying and making sure you’re well, I’m not even sure you can get to a hundred percent compliance cuz to some degree you’re relying on those people to be truthful about saying where they’re from.

Not that there are people that would. intentionally put like a different country than they’re really at, and that kind of stuff, but even accidentally, you’re yeah, you could get. but I think I, I think that’s one of the other things I struggle with, but I would tend to go towards, it’s also one of the nice things in Canada, it gets really complex very quickly.

As soon as you go down the path of trying

Damon Gudaitis: to be very TDR market that actually recognizes this, you don’t have to be perfect. As long as you can show that you made the effort then the commissioner in charge will have the right to say, oh, you made the effort. Go, do these things to comply, but we’re not gonna find you.

And that’s actually written in there. And honestly, practically, it’s Al already in [00:20:00] there just because the various authorities don’t have the resources to go after anyone. Just complying in spirit, making good faith effort. And another way to look at this is. am I complying with the law?

So you can have that talk about law and risk, but also have a talk about how much do our users appreciate being respected? Especially if you’re selling to developers hate giving their email addresses, they do everything to avoid it because the,

Mike Rizzo: Yeah. Yeah. It’s so true. To be fair a lot of marketing house people are fall into that bucket too. There’s this expectation. Just give me the undated resource. I expect I’m tired of it. And oh, show me your pricing. You’re going

Damon Gudaitis: talk to you, respect them. And you can show that you respect them by giving them control over how the data flows, even if there’s no law requiring you to do that.

So that. Two different ways of having that conversation within your marketing org or[00:21:00]

Mike Rizzo: your

leadership. I think those are all, yeah. I think those are really important things to be talking about. I want to ask you something. Damon that, so I posted a poll, not I did. I posted a poll on LinkedIn the other day and I was asking, I don’t know if you voted on it or not, but I was asking about whether or not marketing operations professionals should be responsible for data governance.

And then this other term is coming up that sort of like runs parallel to it that I’m seeing a lot more of and it’s operational analytics. And there’s actually now for those of you that are interested in that there’s a community run by census called operational analytics.

And I just talked to those folks too. And so I was just curious what are your thoughts on like the. I don’t know if you’re familiar with those terms or you think those terms mean, this question got asked for, I think it falls into the marketing operations

Damon Gudaitis: professional to be one of the answers I wanted to owning a piece of is data.

[00:22:00] Governance’s really a collective what’s responsibility. Like now only talked earlier about about having that kind of team. Team culture with security and privacy. And I know I’ve worked with companies that have that culture baked in, but they took the effort to have that culture.

You can tell that it was a deliberate choice. And they add the leadership, but to build that culture, it’s not your responsibility. It’s not your listener’s responsibility alone to build that culture, it’s a collective responsibility, especially if the leadership isn’t coming out and saying, Immediate this is how we’re going to treat privacy and security.

If that doesn’t come from the top, then it’s a collective responsibility with all of the, either legal obviously, and anyone technical who understands some part of how data’s flowing within the company.[00:23:00]

Mike Rizzo: Yeah, that, that seems to be the general sort of consensus around the feedback on the commentary, on the poll as well on LinkedIn. I agree. I think that you’re a part of the whole and see something, say something and even on a prior episode of OpsCast, we talked about how you can, as a marketing operations professional, you can hone in on something that is a value add to the security and safety of.

Your clients, your customers that you’re serving, as you said, like you’re building trust, right? You didn’t say that you did say that. And so you’re building trust with your clients and your customers by providing them these options. And then by ensuring that those practices are in place your.

You’re protecting the business in a way that frankly, like most people don’t want to think about. Like they don’t. Yeah. Like none of [00:24:00] us sit all day long

Michael Hartmann: and think about this stuff. It’s not just, and it’s not just the legal one. I think you’re touching it. It’s the reputation. It was just maybe the it’s both more difficult to measure.

And it’s probably the one that has the bigger downside. Yeah. The legal part can, if you’ve got deep pockets, but if you’re not a deep pocket, then they can shame you.

Mike Rizzo: Yeah, totally. So question for you dam. Or anyone really Naomi too, like how today? So we’ve got all this, stuff happening in the world around data governance and compliance and all of that stuff.

Do you guarantee that it’s working? How can our listeners think about testing and validating and ensuring that those practices are in fact actually working that this is the way expectations, I would say. How do you

Damon Gudaitis: do that? Getting permiss. Making sure that you have permission, like where is permission saved?

No, just

Mike Rizzo: like, how do you validate that there’s stuff in place? Like how do you do it? What is your

Damon Gudaitis: system of record for permissions? What would be [00:25:00] a starter? A starters. And usually that will be a third. Third party tool. So you’ve seen all the cookie popups and at first, everyone thinks GDPR and cookies, but those popups are they’ve moved to compliance with GDPR and privacy, like privacy policies or not privacy laws.

They like they’re asking, can we use data? This way. And then they’re saving that in the background, saving those permissions in the background, saving the cookie on the machine of the visitor. Who’s giving permissions to remember those and also stopping. So I start stopping the data from being collected by denying cookies, but also.

Then, as these laws get more complex, when they start talking about how you can use AI and machine learning, you’ll need to save those and operationalize those in, data warehouse or wherever. Can [00:26:00] I use this? It’s not here yet, but it will come. Can I use this person’s data in a machine learning algorithm?

And I use private data from them. And how can it be used? Because a lot of these, like the technology isn’t ready for it yet, but the, but. You’ve heard of, I, I trust most of you have heard of problems with bias. That’ll be I system that’s mild, they’re trained on white middle class guys. And so they tend to like white middle class guys.

even though it doesn’t ask, are you a white middle class guy? And that’s enough of a problem that the politicians are recognizing it. The technology is not ready yet to get rid of that bias. So that’s a coming challenge. Yes. That we face. But the other thing, I think another way. Is just like good data.

Hygiene is a good start. Start having the conversations in your group, in your sales and marketing group. [00:27:00] Do we really need nine year old records in our CR CRM? Do we like.

Yeah. So have those conversations and, delete stuff. The

Michael Hartmann: answer’s no, just in case anybody’s wondering it was waffling. The answer is no data. Yeah. The answers. No unless they bought in the last

Damon Gudaitis: home address, when there’s, when they’re getting a white downloading a white paper. No, no. And yeah, the more you minimize.

What data you collect, the less problems you’re gonna have, even when you do have problems or even when you’re fixing them.

Mike Rizzo: Yeah.

Michael Hartmann: Yeah. I, [00:28:00] all, this is like making. Like I’m having flashbacks, but I’m also like, this is gonna be so expensive if you really try to do it. And that’s one of my, one of my beefs against all these sort of privacy laws is they almost have gone to, they’ve gone to an extreme. Or they’re moving to an extreme because of a really, probably a small, relatively small handful of bad actors, that is causing problems for the people we’re gonna comply anyway, or trying to, or at least generally are trying to do the right thing. That’s my sense. I don’t have any data whatsoever to prep back that up. But I remember I, I walked, I was in a company where I inherited some stuff. And when I realized that our sales force, our sales people could actually honestly, even harder than that subscription status.

So this is contexts something.

Damon Gudaitis: What a mistake I didn’t make. I

Naomi Liu: uncovered it. Yeah. Weve had that too. I locked that down. We had

Damon Gudaitis: privacy policies. I locked that down company lock that down. We don’t share your data with outside parties. Yeah. That’s, fairly common fair, fairly [00:29:00] common. And some sales guys, they installed clear bit.

I’m not even sure if they still have this, but clear bit used to have a free tier on one of their, on their data product that would look up email addresses and get a bunch information on them. Perfect. Perfect. And this extens. It on the free tier to go on the free tier. You had to give them your address book to populate their database.

You’d have these sales guys coming in and installing an extension. That violated the privacy policy. Now, maybe nobody reads the privacy policy. Nobody is most people. And the people that do the read the privacy policy, a large proportion of them. Aren’t gonna be contacted by sales, but it’s, it can happen fetch all the data accidentally and it’s going to, it’s such a challenge and this is you understand why it can be difficult at times.

Like they’ve been around longer. Data analytics guys they’ve been around longer than your marketing ops people. They, like [00:30:00] they’re not just, they’re not, they are jaded, but they’re not just jaded. They’re also used to talking to legal and maybe okay, yeah, we gotta lock this stuff down and not let you install browser extensions about our permission, which unfortunately takes too long.

Mike Rizzo: Yeah, but it’s stories like that where I. It gives me an appreciation for someone I was on a call with a couple months ago and they’re like, yeah, I can’t join the call. I have to reschedule. And it was like the third time. And it’s oh, I finally got my machine set up by it. Cause they couldn’t

Damon Gudaitis: install.

Also don’t wanna have couldn’t do anything, a unresponsive it organization or a unresponsive market populations,

Mike Rizzo: situations like that. You wanna be responsive. You don’t realize that something bad can happen. Literally. [00:31:00]

Damon Gudaitis: Giving up a bunch of data, otherwise, you’re just gonna be obstructionist and you’re gonna be difficult and you’re not gonna be helping the business.

And you’re probably not gonna be making things better for end users who appreciate their privacy being protected.

Michael Hartmann: So I know I Al I had another story similar where I was basically asked to Help a, I guess I would call it a partner organization to the company I was working for to help them. It happened to be a, like a media entity. So to help them try to grow their subscription base by sharing our, some of our contacts and our database.

And I was like, I went back to the, our privacy policy. So like it says here, that we don’t do that. I said, if we said that we would, might do that. Okay. But we didn’t say that. Yeah. And I had very senior leadership was pushing for that. And I was like, okay I was like, this is a business decision.

But my pay grade, but here are the risks. And if we move forward, I went, this is how I would like, this is how I would be comfortable supporting that. And I put a lot of [00:32:00] things in place. Like we do it through a third party, they have to commit that they’re gonna destroy the data afterwards.

Damon Gudaitis: They give you the emails and you send them

Michael Hartmann: on their behalf. Ultimately, I don’t think we should do it. Okay. The decision was made before, ultimately though became so complicated that we never did it. So I was like

Damon Gudaitis: Yeah. And yeah, the kind of The

Michael Hartmann: we also had in our terms and conditions that we wouldn’t do that kind of stuff either. So we put it ourselves in a box a little bit.

Damon Gudaitis: Totally.

Michael Hartmann: I actually, so I’ll, maybe I’ll get you going here. So what, this is brings up another point to me, like we just talked about privacy policy terms and conditions, right? You like our internal sort of own policies. This is another part that makes it really complicated to me is you’ve got the legal part of it, which is different in all these different marketplaces, right?

In the us it’s even different in different states and sometimes municipalities. And then internally, right? If we’re not careful about what we put on our forms, what we put in our, privacy [00:33:00] policy, what we put in our terms and conditions, like all those things what we do with cookies, right?

Cookie policy. we that plays a part in this too. So like again I hate the term best practice. I can’t believe I used it actually earlier, but yeah. I think, yeah. Do you have any suggestions on where people can just being clear on or how people can think

Damon Gudaitis: about like you’re

Michael Hartmann: not, they should be doing with those components of it.

In addition to all the compliance pieces they’re trying to do with, through technology,

Damon Gudaitis: the process, citizen, things, that website. And you do stuff that violates GDPR they’re if you’re selling medical equipment in the us market, they’re not going to, they’re not allowed to touch you.

It’s part of the, part of that law. When someone talking about this, when asking for advice is where I wanted to go is you wanna specify. All right. What laws are you trying to comply with? What, like, where are you? Where are you? Where’s your market? [00:34:00] And a lot of the times, like you see in the marketing op slack, slack group, other slack groups, is this okay?

That’s not the question. Is this okay, given that we’re, our business is here and we serve this market, that’s where, that’s how you start having those conversations. But. Again, I just think I prefer step one, just be respectful.

Mike Rizzo: That’s the foundation right now. .. Yeah.

Michael Hartmann: Yeah, totally agree. So Damon, I’m sure we could go on for a while. Cause there’s so different tentacles too.

Damon Gudaitis: Haven’t seen, do you have Google analytics? Is

Michael Hartmann: there anything that you wanna make sure if our listeners that’s headline listen, there’s anything we haven’t touched on that you think is an important topic, lots and bolts behind it.

Wanna make sure they,[00:35:00]

Damon Gudaitis: the IP address and a few, some other points of data were sent to a us based server. And us has this cloud act. After implemented after nine 11, that says we can ask any company, any us company to give data, force them to give us data without any notice. And it doesn’t even have to be data in the us.

So like they might have served Google fonts from. From an E they probably did. Cuz it’s probably through a CDN and us based CDNs if you use a us CDN. So when you’re looking at that, like from a regular sauce company that I’m sure a lot of your listeners. work at SA companies and it’s oh, we’re and a lot of them are us companies.

Oh, we’re a us company. Or we use a us [00:36:00] CBN. Like that’s the really big challenge going forward. Like you if you are in, if you have a European entity and you’re using European servers Then you’re clear there. So if that, and the us and the EU will probably negotiate some sort of agreement where to govern this better, cuz this is going to be a nightmare, but that’s the thing you need to be watching, like setting up a separate company for a

Mike Rizzo: startup.

Yeah,

Michael Hartmann: I think it . I think it already is a nightmare. It is a nightmare.

Mike Rizzo: it makes me like, if I’m listening, there’s this episode I’m going, gosh, I don’t even know

Damon Gudaitis: where cloud

Mike Rizzo: CDN. Like some. Person, what is our right?

Michael Hartmann: I feel like I’m feeling more stressed out, right? It’s not just than I was before.

I like having your anxiety,

Mike Rizzo: You’re you use

Damon Gudaitis: Google cloud, like you or Amazon cloud, AWS and EU, and you’re fine. No, you’re not. And so there’s so [00:37:00] many tools out there and so much, and just an IP address, which is essential for. serving anything on the web it’s a mess, big mess. So very hopeful.

Mike Rizzo: No.

Michael Hartmann: Yeah. Yeah. Yeah. So I think at the end of the day, I think what we’ve realized, yeah. This is a this is a whole sort of complex set. It’s actually multiple things, it’s not just one thing and it’s complicated and. Sounds like though. And what I’m hearing is like in general, right? If we’re trying to if we demonstrate that we’re trying to do what we can to comply and all that, we’re gonna be in good shape.

So Damon, thanks for that. If folks wanna keep up with you and you’re, you know what you’re doing out there and all that, what’s the best place for them to do that.[00:38:00]

All right. The MO Pros.com. There you go. Bring it on. Perfect. Damon. Thank you so much, Mike. Naomi. Thank you. Yeah. Thanks dam. Appreciate our listeners. Thanks to our listeners out there. Thank you. And we will continue to, I think, I don’t know if we’re gonna go down this rabbit hole again, cuz I think I really am like stressed out now, but oh, by the way, I gotta

Mike Rizzo: introduce you to a lawyer who knows all this stuff we’re gonna do?

No, I’m just kidding. I’m just kidding. Yeah. We’re not that.

Michael Hartmann: I’ve been fortunate enough to work with good attorneys. But anyway, so thanks everyone for listening. Continue to send us your feedback suggestions or if you wanna volunteer to be a guest, please let us know. You can reach out to Mike Naomi or me, and with that, we’ll see you next time.

Bye. Bye.

Mike Rizzo: Bye.