Filter by/
Region/  All
Type/  All
Sorted By/  Most Recent

Are you now GDPR compliant? If not, what happens next?

By / / In Best practice /
GDPR – the General Data Protection Regulation – comes into force this week and the majority of businesses will likely be prepared. So, how will being GDPR compliant benefit their marketing function? For those who aren’t prepared, can they expect penalties? The UK DMA’s director of policy and compliance, John Mitchison, explains.
GDPR compliant

Recently published research by the UK DMA, titled ‘GDPR & You Chapter 5’, found that awareness of GDPR is at its highest level yet – individuals and organisations feel more prepared than ever. Despite this, one in five feel their organisation will not be ready to comply with GDPR by 25 May 2018. Given that a sizeable number of organisations may not be ready in time, what response can they expect from the UK’s data regulator, the Information Commissioner’s Office (ICO)?

GDPR will significantly change business-consumer relations for the better. From 25 May, organisations will need to comply with the new data protection regulations if they have any dealings with companies or consumers in EU member states (including the UK). At a recent GDPR roundtable hosted by the DMA, the ICO stated that they will be pragmatic and wanted to assure companies that hefty fines won’t be issued come 25 May.

Richard Sisson, senior policy officer at the ICO, said that the number of GDPR-related questions coming through on its helplines is “going up dramatically” and that the closer to the deadline we get, the greater this is becoming. However, Sisson was keen to stress that for those organisations still working through compliance and worried about the impending deadline, the ICO would investigate on a case-by-case basis and take many factors into consideration.

“I think the thing we are trying to say more of is that, as far as we can be, we are still trying to be a pragmatic organisation. We don’t expect May 25th to be the end. You can’t forget about GDPR and it’s done. It’s an ongoing thing,” said Sisson.

He added: “We are trying to reassure people that if you are trying to do the work that you can to comply, if you are working towards the accountability principle and ensuring you have records of what you’re doing, and you can show that you are working towards compliance – we may not be entirely happy all the time, but we will take those things into consideration. We understand that. We’re not going to be issuing huge fines on 25th May.”

Be GDPR compliant or damage trust

This doesn’t mean companies can breathe a sigh of relief and adopt a passive approach to compliance. Failure to comply will likely result in your organisation acquiring a poor reputation which could lead to a decline in consumer trust. Companies may even start to receive information requests from consumers, where you must state what personal data you hold on them. Consumers may start to either delete their accounts/user profiles or request that your organisation remove them from your systems. As stated by the ICO, failure to show real evidence of working towards GDPR compliance will see eventual fines, which can be up to €20 million or 4% of the company’s global annual turnover.

DMA research suggests that compliance will make consumers more likely to share personal information.

GDPR is a great opportunity to build new relationships, based on trust and transparency with consumers. As highlighted by the UK DMA’s Code of Practice, businesses should be clear and transparent with their users and let them decide how their personal data will be used in the future – this is the perfect opportunity to implement such a culture within your organisation. GDPR should be infused into your organisation to build trust, improve the customer experience and demonstrate to consumers that their personal information is valued and respected – data sharing should be mutually beneficial. Getting GDPR right from the start will provide a range of benefits to both marketers and their respective organisations.

Establishing trust is paramount to developing a sustainable data economy. In fact, according to the latest ‘Data privacy: What the consumer really thinks’ research conducted by the DMA & Acxiom, 54% of people ranked trust in their top three considerations for data exchange. Trust in an organisation or business remains the dominant prerequisite when engaging consumers within the data economy. Robert Bond, a partner at law firm Bristows, warned businesses at the UK DMA’s recent GDPR roundtable that once the rules kick in, he predicts a huge spike in consumers requesting access to their data. He said privacy groups will use this right to find out if companies are taking the appropriate actions. Clearly, it is best for organisations to proactively build consumer trust, rather than find themselves recipients of a number of enquiries from concerned parties.

By giving consumers control over their data, with the option of opting in and out of services, this will help marketers to contact them with the right opportunities – it will also help consumers trust that personal information held is accurate, consensual and in good hands. A data protection officer (DPO) can help, they are valuable roles that organisations are encouraged to create through GDPR, if not required. DPO’s can act as a vital communication channel between businesses and their consumers, ensuring consumers have a point of contact who they know is there to protect their privacy and encourage transparency.

GDPR compliant = better CX

Getting GDPR-ready will improve the accuracy levels of data stored in a company’s database because it will allow customers not just to access their personal data, but to inspect and validate the stored information. This right already exists, but since the new regulations will require data controllers to rectify any identified errors they are told about, it means the accuracy of data stored will be improved. Reliable data compliments better marketing practices – targeting the right consumers, streamlining data lists and personalising messages all become more straightforward and marketers will benefit from this.

GDPR compliance will help organisations to provide a better consumer experience, with access to a vast range of more accurate data this can help you to tailor opportunities to their preferences. UK consumers demonstrate a growing interest in a range of incentives for data sharing, particularly personalisation, recommendations and access to exclusive events/content. For example, the ‘Data Privacy: What the consumer really thinks’ research also indicated that the number of people who claim they would be more likely to exchange their personal information in return for personalised products or services has risen from 26% in 2015 to 34% in 2018. In addition, the number of people who would be more likely to exchange data in return for personalised brand recommendations has increased from 20% in 2015 to 31% in 2018.

The 2018 survey also found that the vast majority of consumers (78%) believe that businesses benefit disproportionately from data exchange in the UK, while only 8% think that consumers benefit the most; a perceived asymmetry in data sharing that has remained more or less stable since 2015. If organisations can use GDPR to start targeting their consumers with the right services, at the right times – without contacting them too often with irrelevant communications – this view may start to change and the benefits of data sharing will become clearer to consumers.

GDPR is much more than an issue of compliance and non-compliance. The benefits go far beyond the legal obligations and there are a number of opportunities available to those who seek them. As the evidence suggests, GDPR will make consumers much more likely to share their data and provide invaluable insights into their preferences, and even consumer behaviour in general. This in turn will help marketers to send relevant offers, discounts and tailored marketing that the consumer has specifically opted for.

Organisations have a chance to build trust with consumers and create an environment where they appreciate that data sharing can be beneficial to all parties. It is now up them to embrace GDPR’s principles of accountability, transparency, trust and respect in order to create a better consumer experience.

Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.

John Mitchison
Author: John Mitchison
Director of Policy and Compliance at UK DMA | dma.org.uk

John Mitchison has extensive, in-depth knowledge of the data and marketing industries, with more than 20 years of experience in both. Through his work leading the Telephone Preference Service (TPS), he has contributed to many industry and government working groups and committees on the subject of nuisance telephone calls and marketing. More recently, he has worked closely with fundraisers and charities to give advice and support to organisations dealing with the changes affecting their sector, such as the introduction of the Fundraising Preference Service. John Mitchison is also the media spokesperson for the DMA, giving comment and opinion on a host of industry issues. Prior to joining the DMA, he was a client services manager for Acxiom, managing large data campaigns for clients. Before working at Acxiom, he worked at the Daily Telegraph where he was responsible for generating data for its membership acquisition program and production of direct marketing material.

Leave your thoughts

Related reading

  • Keep up to date with global best practice in data driven marketing

  • This field is for validation purposes and should be left unchanged.