On March 28th at 11am EDT (4pm CET), Dr. Alea Fairchild will participate in a webinar on “How to Thrive in the World of Data Protection and Privacy for Marketers”. Registration is still available via this link.
GDPR came into force on May 25th of last year, and for many marketers, it was a wake-up call to reexamine internal procedures and processes.
GDPR as a regulation takes a wide view of what constitutes personal identification information. Companies now need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and national ID number. The GDPR carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And it also regulates the exportation of personal data outside the EU.
Since its implementation last May, marketers are still not clear on how it is enforced, what the penalties are, and how best to tackle compliance for those small and medium size businesses without an internal legal team. And since May, we have seen other regions refocus their efforts on privacy and consumer data rights.
So is GDPR taking time from other priorities, like cybersecurity or data protection policy, or does it bring a benefit to better engaging the customer? Or are the two related?
According to a recent Ovum report, about two-thirds of U.S. companies believe that the GDPR will require them to rethink their strategy in Europe. Even more (85 percent) see the GDPR putting them at a competitive disadvantage with European companies. That last figure is puzzling, but culturally telling, as I believe from my experience that U.S. companies view customer and prospect data differently than in other regions of the world. So how can data handling be transparent and create a climate of trust in the business ecosystem?
Let’s highlight some of the topics we will be discussing on March 28th in the webinar.
How did consumers react prior to GDPR last May? Businesses were confused on how to reach out to prospects and customers in their data systems, so many marketers did mass mailings to notify people that they held data on as to ask permission to continue communicating with them. This provided a terrific opportunity to cement a closer relationship with prospects and customers. And of these many marketers blew it, and instead gave reason for people on their mailing lists to opt-out with pleasure. Why? Because instead of telling people how important they are and how you plan to interact with them going forward, these mails just reminded them they were signed up to a mailing list that was no longer relevant to them.
Have we seen a business impact? Let’s face it, data privacy is a business issue with strong implications on customer experience, brand reputation, and personalization. Trust, transparency and reputation are all on the line every time we engage with a prospect or customer. Those that took this as an opportunity worked on addressing this as a benefit to the relationship by pointing out how they handled data, why they collected it and how it was used, as well as how they plan to use it going forward.
Were there any early adopter benefits? Firms that were first to embrace GDPR consistently report improvements in their business outcomes, including their customer experience and data strategies. GDPR has also been pushing firms to innovate and prepare to deliver services of the future, in line with compliance and transparency. GDPR can be an opportunity to more clearly engage the prospect or customer as a trusted provider of service.
Where is data protection and privacy headed next? Tech companies cannot require that to receive value from their products and services, you must give up your data. If you want to ask for data, there should be a reason for it and there must be an option to revoke the information if requested. To be precise: Consent must stand out, be clear and include the reasons for collection.
Where should we focus our DPP efforts? Decide the purpose for collecting the data, and the manner in which it is collected.Make the necessary process investments, supported by good tools, to know the state of your data protection efforts beyond a dashboard. DPP efforts should include internal data protection awareness workshops, privacy impact assessments (PIAs), managed breach detection and response, and breach notification policy. Get the necessary tools for a data audit, as data discovery, mapping, and protection technologies are all key aspects to protecting consumer data and privacy. Cybersecurity monitoring, threat detection, and alerting systems are necessary to ensure GDPR compliance. Because under current GDPR requirements, organizations have to report a breach within 72 hours of discovery.
What can I do to proactively make this an opportunity for our marketing team? Privacy protection compliance should be enforced through not only business processes and strategies but also investment in technologies and incident response management. Data breaches are not only expensive but erodes trust in the brand.