We are less than a year away from the enforcement of the EU’s General Data Protection Regulation (GDPR). It may seem like there’s no urgent need to pay attention to it but to look into what exactly it entails is also to realise the scale and impact that it will have on the availability, protection and appropriation of data.
GDPR has enormous ramifications for nearly all industries which are relying more and more on the use of data to streamline their operations, reduce costs, improve engagement and remain competitive in the digital age.
Marketing is by no means exempt. Staying unprepared can not only damage your reputation but also your bottom line.
Today, marketing and data are two sides of the same coin. A marketer cannot achieve much without the knowledge and insight that data provides, much of which is easily accessible or can be easily produced. It is surprising then that, according to The Chartered Institute of Marketing (CIM), only 11% of UK marketers have provisions in place to ensure that they will not be in breach of clauses in the 200-paged GDPR. What’s even more worrying is that 16% of those surveyed don’t think it’s even relevant to their business.
The regulations, which came about as the result of determining a need to improve and simplify data protection for consumers and organisations, address issues such as data breach accountability, data transferability and individual consent. They also add some much-needed transparency to how companies capture, store and use data.
One needn’t dig deep then to see how GDPR would affect marketing, particularly in the areas of consent (clear affirmative opt-in and opt-outs by individuals), the ‘right to be forgotten’ (individuals being able to access and remove their data if they so desire) and the legalities around processing personal data (not collecting data that is above and beyond what is needed for a defined and specific purpose).
These rules may sound overly stringent and potentially threatening to the evolution of marketing as a practice, but we shouldn’t fall prey to the scaremongering that has infiltrated the GDPR conversation. Marketers simply need to start preparing in order to continue operating and growing within certain legal parameters. And there are a few good places to start.
Firstly, the process of collecting data can still be achieved for a marketer’s benefit. The only difference is that a new approach must be adopted. The focus should be on gathering only that data which is useful and legally compliant. With 42% of B2B marketers and 51% of email marketers believing that the biggest hindrance to generating leads is a lack of good quality contact data, the rules may actually incentivise taking a more targeted method of data collection.
Secondly, with data now being so integral to business decision-making and the increasing demand for data specialists, many companies have already taken on or created the role of Data Protection Officer to make sense of GDPR. These individuals can be tasked to conduct regular audits, working in conjunction with the company’s IT function, and raise any flags on potential noncompliant activity.
Thirdly, the transition to becoming GDPR compliant will not be an overnight process. The process itself will require managers and executives to allocate sufficient time and resources to training employees on the basics of the regulations, as well as making sure that legacy systems are not programmed in any such way so as to be automatically extracting any kind of data which has not be pre-authorised.
There is still a great deal of confusion however around how companies will be held accountable, with some ambiguity persisting around who will be charged first for non-compliance, what these charges will be for and how the fines will be determined. For the avoidance of doubt, it would be wise for marketers to have all their bases covered. This means having an opt-in list readily available and being in a position to present data capture and management systems when called upon to do so.
It is high time that marketers paid attention. If the penalties are not enough to make your eyes water and take action (20 million or 4% of annual turnover), we’re not sure what will. GDPR, however burdensome it is perceived to be, is simply making companies more aware about the risks that they may inadvertently be creating for others and providing a framework to mitigate those risks. The regulation is not a threat, but an opportunity to establish fairer ground for marketers and their data sources.
By Mungo Park, co-founder of blueprint.tv
GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/
comments powered by Disqus