The fear of GDPR is a misguided. Instead, you should choose to see GDPR as an opportunity to level the playing field for marketers
In the last series of GDPR posts, I've covered ten key considerations:
We'll continue to discuss in detail some key considerations for Marketers as they march towards GDPR compliance, as its implications for marketing departments are significant and far-reaching.
Remember that fear of how GDPR will “change everything” or “make things too difficult”, is wasting time and energy on the inevitable. Instead, you should choose to see GDPR as an opportunity, as it levels the playing field for everybody, and the benefits will include better interactions, with the right message to the right people at the right time. The goals to improve and simplify data protection for EU data, citizens, residents, and businesses are all well and good, but what does it mean for marketers, and what can they do to adjust to it?
For most marketers and marketing departments, GDPR will likely have three primary effects. Please bear in mind, it is not quite as inflexible or rigorous as some fear, particularly for well seasoned marketers who are already running effective marketing campaigns, engagements and activities.
Top of mind for most marketers is the much-highlighted “right to be forgotten”. One of the core value of GDPR is to give individuals control, access, notice and the opportunity to decline how their data is collected and used. Most people seem to focus on the individual’s right to delete that data, rather than the other tenets of transparency and access. Remember, those individuals can exercise those rights under GDPR when there is no legitimate reason or interest to process their data, when they withdraw consent for it to be used on the original terms, and when it’s been unlawfully processed – but if that is the case, why would a marketer want that person’s information anyway?
The second major GDPR tenet is the requirement for a legal basis for processing an individual’s personal data. That means that marketing departments will have to do better “housekeeping”. Only collect data that you have a legitimate interest of, gotten consent to collect, and keep that data only for as long as necessary – remember that this activity will lead to ensuring that you have a better suited audience, an incentive to make sure such communication and data is relevant, and ultimately a better funnel of qualified leads and opportunities.
Finally, and this will have an effect on less-mature marketing departments, opt-ins, opt-outs, and consent regarding communications. GDPR states clearly that consent must be ‘freely given, specific, informed, and unambiguous’, which such consent must be done through a ‘clear affirmative action’. Consent based on inactivity is no longer allowed, and that a pre-checked box for allowing consent will no longer be acceptable. Customers, opportunities, prospects and leads must all be made aware of how their data is to be used, affirmatively agree that their data can be used, and their rights to rescind that consent.
We’ve discussed some of the concepts of consent, opt-in and opt-outs above, but there are some other GDPR concepts, such as transparency, “right to be forgotten”, data portability, and data retention, that should be addressed by savvy-marketers. Data subjects (the people that marketers reach out to and communicate with) will have a legal right to view all the data marketers have on them, make necessary amendments upon request from the data subject, ask their data in format that they can transport elsewhere, or under the “right to be forgotten” concept, have that data deleted everywhere the marketer stores that data. As leads, prospects and customers enter into a new era where they are imbued with the rights to requests to view, amend, move or destroy their lead, prospect or customer data – marketing departments must be ready to facilitate such requests.
But to what extend marketers and departments will have to fulfill such requests are still under review with more guidance coming from the EU (with the possible exception of the “right to be forgotten”, which is pretty clear). It doesn’t dictate how you give such access or rights, what format the data needs to be in or specifically how these requests can be made, GDPR just says that marketers need to be able to facilitate some kind of request from the data subject, and some kind of access to these rights. It does not have to be online or automated, but it does have to exist in policy and practice.
While it is probably unlikely that vast majority of your data subjects will exercise these rights from Day one, know that they can, and start putting the plans, policies and processes to facilitate it will ensure marketers follow best practice to deliver on such requests, when it happen.
There is an unwritten “carrot” that marketers and marketing departments get out of GDPR. You won’t find it in the legislation, nor most commentary, but keep in mind that indiscriminately collecting data from people that don’t want to give it to you yields little benefits, if any, to marketers. Simply put – gather and put junk data into a process, don’t be surprised by the output (hint: it’s still junk).
Marketing strategists, technology analysts and their industry reports point to the same issue – in each report, whether it’s Dunn and Bradstreet™, Ascend2™, or eMarketer consistently cited that data quality is their biggest impediment to successful lead generation. GDPR inherently forces marketers and their departments to accumulate “better, cleaner data” which is actually more useful because of the consent requirement. The consent, opt-in, opt-out requirement under GDPR will create some overhead and possible headaches for marketing departments initially, but ultimately should drive better results and operational efficiencies – assuming that marketers understand and lawfully comply with GDPR.
And of course – if marketers are still not motivated enough by the benefits of having better quality leads, being able to better tailor and target content for those leads, and generally improving operational efficiencies, there is always the “stick” to ensure the rules are followed. Simply put, failure to comply with GDPR and you may subject your organization to penalties. Big penalties. Extreme breaches can garner fines up to 20€ million or 4% of a company’s global annual turnover. For most, the limit of 10€ million or 2% of annual turnover is still significant.
In practice, it’s unlikely you will get the full extent of the fines, however, given that it’s now possible – marketers should adjust their approach to collecting and processing data, and reaching out to leads.
As mentioned earlier, and addressing the inherit negative view of any change – there are clearly going to be some overhead and shake-up short term for a lot of marketers. Time and money is something we are all short on, but the time is now for educating, identifying and implementing the right marketing systems that allow you to be GDPR-compliant, and changing/adjusting processes, policies and operations to meet full compliance. 2018 is around the corner, so if you don’t plan for it now, you’re going to pay a whole lot more later.
Just remember – everybody dealing with the EU is in the same boat. The playing field will be levelled across every marketer looking to get the attention of the same leads, prospects and customers. If you look at this as an opportunity, the benefits are there - drive better leads, more effective campaigns, higher return on investment, and ultimately more business. Those who get to GDPR compliance first will certainly have a competitive advantage in the ever-cluttered marketing landscape.
Watch this webinar to understand the impact, opportunities and key considerations to prepare for the new data protection law.