On the eve of the first anniversary of GDPR, data and marketing industry chiefs have hailed the progress most companies have made and believe the regulation has elevated data to a key boardroom issue. However, many concede that brands still have plenty of work to do to ensure continued compliance.
The run-up to GDPR D-Day May 25 2018 was epitomised by scaremongering and misinformation which triggered fears – fuelled by software vendors and ambulance chasers – that the data-driven marketing industry was facing Armageddon.
One year later and the industry is still very much alive and kicking, and most companies have recognised that compliance is a journey rather than a destination.
REaD Group chief executive Jon Cano-Lopez explains: “Things are settling down and we are in a much better place: consumers are more informed and businesses are seriously considering the legitimacy of the use and application of data.
“Our clients are asking us to evidence transparency, and provide easy-to-understand complete documentation that demonstrates the legal use of the data we provide. This is necessary in the market and removes less scrupulous collectors of data.”
Cano-Lopez does concede there are grey areas, for example around how long companies should retain data, but believes these are now becoming clearer as the industry settles on self-imposed good practice.
He adds: “As a result there’s greater confidence around what we should and shouldn’t be doing. We are seeing real ‘balancing tests’ being undertaken, with clients not just ticking boxes, but checking whether the data in question should be retained, how it should be used.”
Opt-4 senior associate Simon Blanchard, who is also deputy chair of the Data Protection Network, says that many businesses did a lot of preparatory work in the run up to May 2018, reviewing their data processes, technology solutions and training their people to enable compliance with the new regulation.
“However,” he adds, “the ongoing burden of compliance post-GDPR is much greater than before to meet the requirements of accountability, privacy by design, transparency, information rights and so on. In our experience, organisations large and small are still working hard to improve transparency and control for their customers and employees, to embed new privacy solutions across their organisations and to identify new and emerging GDPR risks. Many organisations still have a lot of work ahead.”
Cano-Lopez agrees: “Brands have realised that GDPR is not only about consent, legitimate interest or other lawful grounds. Focus is starting to point to other key areas: data security/misuse and, critically, data accuracy are starting to top the agenda. Once the data is collected legally, it has to be retained legally too. Data is a valuable asset and must be respected, and it also decays quickly and must be kept up-to-date. GDPR is reinforcing all of these requirements.”
However, not everyone is convinced that brands are embracing the regulation with such gusto. Blueberry Wave director of planning and analysis Steve Mattey comments: “Some companies simply saw the May 25 deadline as a hurdle to be overcome, rather than a wake-up call to change the nature of the relationship they have with their prospects and customers.
“GDPR should have been the kick start for developing a relationship between brand and customer which shows a genuine sense of duty by the brand for the care of data. It should also demonstrate proper usage of data provided by the customer, leading to a true value exchange in the use of personal data. Some are starting to do this, but others are just ticking the correct legal boxes and carrying on much as before. I think that’s a shame.
“Those that do rise to the challenge correctly will have better, more valuable, customer relationships in the longer term and I applaud them.”
But is there a sense that GDPR has benefitted marketers because messages are only being sent to those who want to receive them?
Customer engagement, insight and data strategy consultant Janet Snedden believes that for many companies, GDPR has been a double-edged sword, dramatically reducing reach in owned channels for some but overall providing an incentive for improving the quality of communications.
“Clients have responded by pursuing multichannel reach strategies and working harder to personalise messages to increase relevance,” she explains, “but many are at the start of this journey and grappling with martech, so not quite yet filtering through to the customer in a discernible way.”
One thing which seems to unite everyone is the fact that the regulation has pushed data way up the boardroom agenda.
Mattey says: “There is a general acceptance that data is now both a tool to garner insight about their own businesses, but also can help with the key business issues which every company needs to answer – better acquisition, greater growth, reduced churn, and the optimisation of budgets and resource. Businesses are at various stages in understanding what that means for their own organisations in practice, but it is certainly a journey that they are all taking.”
Snedden concurs: “GDPR has been a positive force for raising the profile of data and its potential to create enormous competitive advantage, and has created significant appetite for senior executives to learn more. Whilst it might be a bit of a stretch to say that organisations are finally becoming customer-centric, most now have ongoing data strategy initiatives to build their capabilities and improve the customer experience.”
Blanchard does strike a note caution, however. “Yes, GDPR has been discussed at length in most boardrooms, however, in my view the tone and content have often been too negative. Too much scaremongering about the possibility of huge fines. Better to take a more positive approach which recognises privacy is more important to people than ever before.
“Talk about the benefits of demonstrating you respect your customer’s privacy and right to choose how their data is used. Better to treat privacy as a brand asset which helps to enhance your customers’ trust. That’s got to be good for business.”
Cano-Lopez concludes: “At the heart of the GDPR is the rights of the consumer over their data. And, as a result, marketers are now putting consumers first. Responsible marketing is becoming an instilled principle and irresponsible marketing no longer has a place. This benefits marketers because it makes their marketing better, more efficient and it also benefits consumers.”
And there are few in the industry who would argue against that…
The big rebuild: marketing data back to pre-GDPR levels
Data breach complaints soar by 160% in three months
Retailers and social media sites face GDPR data exodus
The dam bursts: companies hit by flood of data requests
GDPR zero hour: Now the hard work begins say experts
One day until GDPR D-Day: Non-EU countries want laws
Two days until GDPR D-Day: Two-thirds to ditch brands
Three days until GDPR D-Day: Three top tips from ICO
Four days until GDPR D-Day: Public happy to share data