With GDPR implementation (General Data Protection Regulation) imminent, our recent research worryingly revealed that more than a third of marketers across Europe and the US still don’t understand the changes, or the impact it will have on their business.
Polling the opinions of 200 marketing professionals, we wanted to take a litmus test on how prepared they are for GDPR, how much budget they plan to set aside to help manage the switch, and the issues that are causing them most concern.
What we found is that a significant number appear to remain unprepared, while only 45 per cent of respondents believe that the rest of their business fully understands the implications of the new regulations. That’s obviously a concern, as while email marketing and customer relationship management will be among the primary functions affected, many other departments are regularly using databases and exporting data from internal and external sources.
It’s going to have an impact on everyone, not to mention what it could mean for a business’s bottom line. Non-compliance will no doubt have severe consequences, as we already know that from May 25, any firm holding data on EU citizens will be subject to fines of up to 4 per cent of their annual worldwide revenue or €20 million, whichever is greater, if they are found in violation of GDPR.
Despite this though, our study revealed that 31 per cent of companies have still not taken any action to start making their business GDPR compliant, which a major cause for concern. It’s something that needs planning and foresight, but the good news is that it’s not too late for remaining companies to make necessary changes to stay compliant.
Now is the time for marketers to take a hard look at the systems that support their digital marketing efforts and make sure they will help them comply with GDPR. They need to adapt and take control to drive awareness across the wider business – and these three key steps are a good starting point:
Make sure you audit your internal data management processes and look at the way databases are used throughout the organisation, where overlaps exist and how data moves across different countries. Ensure there is full transparency in these processes, as customers will have the right to raise inquiries on how their data is managed.
Having processes for handling right-to-be-forgotten requests under the GDPR will be a key aspect of being compliant. It will become essential to have different databases and software infrastructure linked up, so that if customers request their data be removed, doing so in one place will update all others you use.
Up until now, many organisations have used email sign-up forms with a single terms and conditions box for their consumers to tick. GDPR will make it essential to include two forms (two boxes consumers will have to tick) with one of them solely for the purpose of giving your consumers the power to consent to the way their data will be managed, plus they will be given the chance to opt out of having their data stored. This will be an essential mechanism with which to gather data with the consent of your consumers. It will also be equally important to revise messaging around consent. GDPR will require that your consumers be fully aware for what purposes their data will be used and how it will be managed.
Although separating your consent form from the usual terms and conditions will mean significant changes to the infrastructure of your email and data management, it can also have benefits like being able to hold on to leads who have unsubscribed to email marketing communications, but have already given consent to having their data stored. This offers businesses the unique chance of holding data on leads who you can re-engage at a later time.
It will also be necessary to implement changes in your sales process when it comes to managing prospects. Work towards creating a transparent process with full visibility of where and how the sales team is obtaining data and ensure that consent is always gained.
Likewise, you will also have to revise your contracts with third party vendors managed and transferred between international offices internally, but it will also affect how you can collect and manage data from third party vendors. Review your contracts and closely observe when and how consent was given in the process and at what point data was transferred from your vendors to your database.
It’s important to consider the costs that will arise from being fully GDPR-compliant, both in terms of time and money. Our study found that more than half of respondents (53 per cent) have allocated budget for GDPR-related spending in 2018 and, of those, 24 per cent are budgeting to spend more than £7,500, but that still leaves a significant proportion who still aren’t considering the financial implications.
Almost half (49 per cent) also admitted they are worried about the extra time compliance will require, which is understandable, but these costs can be significantly worse if an organisation has not implemented essential restructuring to the business and are yet to spend more time on training their staff.
On that subject, securing enough budget for training and briefing staff appears to be a primary concern for marketing teams. The knowledge gap between marketers and other departments in their business could prove to be a real weak point in making your business GDPR compliant.
The key will be to look at the business internally and asses if employees across all departments understand GDPR and the impact it will have on their department – from marketing to sales and customer success. It’s everyone’s responsibility, but marketers can be the key driver in achieving compliance. They ‘own’ the majority of the data that will be affected and, as a result, they can see this as an opportunity to lead the way.
Especially if there are shared databases used by different departments, or by teams across multiple countries. As GDPR seeks to put greater restrictions on the transfer of data outside of the EU, global organisations need to make sure the transfer of data between their offices (eg. London to New York) is fully GDPR-compliant and it’s another opportunity for marketers to take control.
So, although the final countdown to GDPR implementation has begun and there still doesn’t seem to be an industry-wide consensus on GDPR, there is a real opportunity for businesses to be adaptive and make it a successful transition and for marketers to be the driving force behind it.
What we can say for sure though is that by choosing to turn a blind eye, companies could potentially be putting their organisations in the most financially risky position possible – and that’s a serious price to pay for something that can easily be actioned.
An email will be sent to you with your membership details.
As the head of privacy and digital compliance at Act-On, David Fowler is responsible for email deliverability, privacy compliance and industry stewardship with regard to Act-On's customers and corporate objectives. He has more than 20 years of experience providing senior leadership in the marketing industry.
New research from LinkedIn reveals that at any one time of B B buyers are not in the market for the thing you are selling so while all brands want instant results building awareness will always be key Whether you ...
There is a litany of poor marketing and advertising practices remembered in a new survey from the New Statesman Media Group New Statesman Press Gazette sustainable luxury lifestyle and ESG publishers From Fyre Festival to Kendall Jenner and Pepsi to ...
Drayton Bird recently received an email that left him astounded. It was the work of a mad man! Yet its level of crazy was matched by its brilliance. On your marks... Get set... Go!
Leave your thoughts