By now, you have no doubt heard about the European Union’s General Data Protection Regulation (GDPR) that goes into effect May 25, 2018. The amount of hype, noise, educational content, bluster, fear, predictions, uncertainty, and doubt has gone from a trickle to a water cannon over the past year:
“Most US-based marketers are just now beginning to understand what GDPR is, and they’re quickly realizing that failing to comply is not an option.”
Why I want you to read this article
Regardless of where your company is in its compliance journey, I see GDPR as a huge opportunity for marketing at your company. Yep. Dear Marketer, I want you to use GDPR as a real world lever that turns lemons into lemonade at your company.
Let me explain.
This is the part where I tell you I’m not a lawyer
Before I dive in, I need to remind you that ID isn’t your lawyer, and only your legal team can decide if any recommended activity actually satisfies the requirements of GDPR (any other regulatory code). Repeat after me: This isn’t legal advice nor is it a replacement for your legal team.
But you knew that, didn’t you? This article is actually about marketing.
First, the actually scary stuff — i.e. “the stick”
The fines can be huge. Article 83 calls for: “…fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual revenue of the preceding financial year, whichever is higher…”. Ok, that’s a lot.
It’s not easy, or incredibly clear how to comply. Some of the language is pretty mushy and can be left open to interpretation. Some of it is oddly specific. Keen-eyed readers may have noticed the word “undertaking” in the above quote — it has a very specific meaning in this context that could have potentially huge significance to an enterprise company with subsidiaries. To oversimplify, if a Supervisory Authority decides that a small subsidiary is “under control” of it’s parent organization, that tiny subsidiary’s compliance misstep can open up the entire multi-national parent organization’s global revenue to the above-referenced fine calculation. (Legalistic deep dive for the brave.)
A privacy or non-compliance event has many costs. Not only the aforementioned fines, but the possibility of a PR nightmare associated with a data breach or a non-compliance citation can be devastating to your brand, and how your clients and prospects perceive your organization.
No unified enforcement. In the case of CAN-SPAM in the US, it’s pretty simple — it is administered and enforced by the FTC. In the case of GDPR, each member state (there are 28 of them today) appoints a Supervisory Authority whose charter it is to enforce GDPR. What could possibly go wrong? Expect uneven interpretations and enforcement from different member states.
The good news for marketers, prospects, customers, and revenue — i.e. “the carrot”
Complying has lots of benefits. Obviously, you want to avoid giant fines and PR disasters. But increased data security, breach reporting protocols, and solid data management processes will also lead to more efficient and effective marketing efforts. Some organizations have chosen to apply GDPR protections to their entire inventory of contacts, EU or not, and we think that can be a smart move in some cases: Privacy by Design is a guiding principle that can demonstrate true stewardship as well as reduce costs of future compliance efforts — designing systems with privacy and security built-in is much cheaper than future remediation activities.
Complying will make your programs and campaigns more effective. Low engagement rates with your campaigns are typically a result of poor audience targeting caused by bad data. GDPR-compliant data handling really helps ensure you are marketing to individuals who are interested in hearing from you. When your data is clean, recent, and well-maintained, you have an enhanced ability to personalize communications. With better data, you will have much more accurate reporting, leading to more confident campaign optimization decisions.
You will earn greater customer and prospect trust and confidence. This level of transparency and stewardship of personal data can pay off in customer loyalty and advocacy.
When done right, GDPR compliance accelerates Marketing success
Here’s a challenge for you, Marketer: use your company’s GDPR compliance journey as a lever and a pivot point to drive a much more strategic and intentional approach to how you think about and manage your data.
Every modern marketer knows that a more mature approach to data is the secret weapon that empowers improved customer trust and targeting, better relevance in messaging and content, increased personalization, higher quality sales conversation, advanced integrated customer experiences, and ALL OF THAT supports more aligned and impactful Marketing, Sales and customer success. Are you sold yet?
“61% of companies see further benefits of GDPR remediation activities beyond just compliance. And of those, 21% expect ‘significant benefits’, including competitive advantage, improved reputation and business enablement.”
– Deloitte GDPR Research
But that’s not even the best part.
The EU is now enforcing what most consumers and prospects want already, and frankly what most smart companies want to provide as well. And although GDPR technically applies only to consumers in European countries, its requirements around consent and security will improve all of your event marketing efforts — in any market in which you choose to compete.
Explicit permission, transparency and respect makes for real relationships, increased engagement, and higher quality conversions. Truthfully: has buying lists, scraping data, dubious consent, and disconnected data silos and process ever REALLY worked well?
“72% of EU consumers say they find companies who are 100% transparent about how and when they use their personal data trustworthy.”
– Hubspot Research
How do you get into compliance?
Here is ID’s five-step approach to GDPR:
PREPARE — STEP 1: Learn about GDPR and organize your approach for the right level of compliance and risk management.
How ID can help you: We can help you think through the right approach — together with your in-house team.
ASSESS — STEP 2: Assess your current state and current risk of non-compliance. Organize your findings into insights and prioritized recommendations with your in-house counsel. Create a GDPR compliance road map, project plan, and budget.
How ID can help you: We can help you do a marketing-focused Privacy Impact Assessment (PIA), or review your in-house team’s assessment.
EXECUTE — STEP 3: Execute against your GDPR compliance road map. Each prioritized project will target a non-compliant area and get it into compliance. Knock them down one by one!
How ID can help you: We can execute the changes that are called for in your compliance road map in collaboration with your in-house resources.
CONFIRM — STEP 4: Reassess your compliance in light of the work you did in Step 3 and, with the input of your in-house counsel, confirm that you have achieved the right level of compliance and risk management.
How ID can help you: ID can review your in-house team’s re-assessment to help catch any gaps.
MAINTAIN — STEP 5: Manage your systems, processes, and people in a way that keeps you in compliance. Periodically test your compliance in high risk or key areas.
How ID can help you: We can help you maintain and manage compliance in an ongoing, systematic way.
We can help you — here’s why
Intelligent Demand’s GDPR services are focused on helping your marketing programs, campaigns, and touch points become GDPR compliant. We can’t solve GDPR for your whole organization (think ERP, HR, Accounting platforms), but we are experts with your martech stack and its many integrations. And that is where the lion’s share of your compliance work will occur.
We have the right technical, data, and privacy resources to help you get it done.
Our team has deep technical and data experience as well as certified expertise with Marketing and Sales systems. We can also pull in expert privacy consultants if/as needed to support your in-house team, answer questions, and provide advice and guidance.
We have real world experience with complex use cases and global enterprises.
The organizations who are most at risk for GDPR non-compliance tend to be very complex. We work every day in extremely intricate use cases within Marketing, Sales and customer success.
We know how to collaborate effectively with the correct stakeholders.
GDPR compliance is a team sport. You will genuinely benefit from a partner who knows how to successfully navigate and collaborate across stakeholder teams, systems, processes, and semi-competing goals to get projects done on time and on spec.
We’re a full service, integrated revenue agency — we think holistically.
This means we are hard-wired to create solutions that “connect the dots” across your platforms, campaigns, processes, stakeholder teams, programs, and sometimes-competing goals. All of these skills come in handy with GDPR.
What do you think?
I hope this was helpful to you. And I hope you will take my challenge to use GDPR as an inflection point at your company to create a more strategic, more thoughtful and more actionable approach to data. Your customers, prospects, sales people, and C-suite will thank you!
Where are you on your GDPR compliance journey? Contact us if we can help in any way.