It’s May 24 and the EU General Data Protection Regulations (GDPR) go into effect tomorrow, May 25. According to a post in RetailTouchPoints, 45% of retailers are still lagging in their readiness for compliance, so you are not alone if you haven’t started your GDPR planning yet. Don’t panic, marketers; remember it is never too late to put best practices in place—and GDPR is a marathon, not a sprint.
The idea that GDPR is a punishment or burden needs to be revisited. These regulations will help marketers become better at our jobs, and our buyers will appreciate it. As we end the free-for-all data collection of the past, and move to more specific, and consent-given data, we build trust with buyers as they willingly trade data for increased personalization. This permission-based communication now increases buyer engagement, better customer experience, and ultimately, more revenue.
This quote from a CMO Club post, The GDPR: How Will New EU Data Privacy Regulations Affect Marketing reinforces the sentiment of this post.
“GDPR is a golden opportunity for marketers. It’s all a matter of trust. The really smart companies are waking up to the fact that the GDPR is a massive opportunity to define their markets and how they treat their customers. Organizations that do that moving forward will see their reputations enhanced, their revenues increased, and the customers they have will trust them and empower them to do more.” – Ian West, GDPR Institut
A few reminders for marketers to think about while prepping for GDPR:
Data: The protection of certain types of data is foundational to GDPR. In order to comply with the new regulations, marketers and their organizations need to understand what types of data they currently have, what types they process, and for what purpose. Under the new regulations, personal data cannot be stored indefinitely, so organizations need to ensure they have processes in place to track and report on data appropriately and delete the data once the purpose has concluded.
As a first step, your team must conduct a data audit to find out what types of personal data or special categories of personal data exist in your organization today. Look across the organization globally, and find out where everything is stored. It may be located across many systems including data warehouses, marketing automation systems, CRM, sales portals, off-line servers, individual PCs, and even excel spreadsheets. Any and all personal data matters if it is not GDPR compliant, because one mistake could be very costly.
When you find out where the data is located, be sure to also identify where it is from and where it is sent.Then put a plan in place to ensure compliance going forward.
People: Organizing teams and individuals to protect and oversee the data protection compliance is an important aspect of GDPR. Some organizations will be required to have a Data Protection Officer (DPO). For example, DPOs may be mandatory if organizations are public authorities, are involved in high-risk data processing, or regularly monitors large amounts of data subjects .
Although DPOs will not be required in every organization, establishing a group with multidisciplinary skills and an understanding of data protection compliance is critical to GDPR compliance. Build awareness of the changes that GDPR brings and what this means for individuals, departments, processes; even at the Board level.
GDPR compliance is not the responsibility of one individual. It is an organizational change that has global impact: prepare your teams accordingly.
Personalization: This section is not a tenant of GDPR, but the implications of the new regulations for data-driven personalization are significant, and well worth marketers’ attention. In many situations explicit consent to process personal data must now be granted by each individual in order for an organization to continue direct marketing to that person (though some organizations will rely on legitimate interest as an alternative basis to process the data). As part of that invitation for explicit consent, marketers will need to be transparent in why they are requesting data and what they plan to do with it.
Although many B2B marketers see this as the end of email marketing, it can also be seen as an opportunity to communicate with your buyer about why and how you can help them solve challenges with this exchange of data. Overall, GDPR becomes a chance for marketers to build trust through transparency and communication, as well as enhancing the customer experience, building stronger customer relationships over time—and personalization plays a big part in this.
GDPR will require organizations to ramp up their efforts for better data privacy and it won’t happen overnight, but it offers tremendous value to marketers and their organizations across many different areas. The key to success is to avoid thinking of compliance as a burden. Instead, reframe it as an opportunity to become more transparent with your buyers, building trust and, ultimately, delivering a better customer experience.