GDPR two months on: Are you on road to compliance?

John McDermott_1Two months have now passed since the marketing industry should have been GDPR-ready. Although the ICO didn’t set a hard deadline, most brands have taken the key steps to becoming compliant with the new regulation. However, many are still not fully GDPR compliant.
According to recent reports, those fully compliant number around 20%, although a much higher percentage will have been taking steps towards compliance – to keep the Information Commissioner happy.
Asda has done a particularly good job of keeping customers informed of changes to its data policies. The retailer has set up a Asda Privacy Centre hub, which provides information on how customers’ data will be held and used in an easily-digestible format.
We’ve all seen the flurry of opt-in request emails. Assuming brands take notice of prospect preferences on consent from those targeted, this will have led to a significant reduction in marketing emails and opportunities to sell.
All of this with a backdrop of flat or reducing retail sales, store closures and, of course, Brexit.
Some brands have relied on legitimate interest to continue to market to past customers and some prospect groups – arguably more as a necessity than a deliberate plan. We will surely only know if this was wise once the ICO flexes its investigative muscles.
The only post-May 25 fines we’ve seen recently have been for sins committed prior to the new regulation, so it remains a watching game to see if the heightened fines come into force.
We’d assume investigations into post-GDPR misdemeanours are already underway – but I believe it is still far too early to say who will be named, shamed and fined under the new powers until the autumn at least.
We’ve been asked by a number of clients about engagement levels within marketing emails. Early indications are that due to the confirmation of opt-ins, engagement is up significantly, but on a much-reduced contact universe. So, customers who are genuinely interested in your brand and offers will be more responsive – which is as it should be.
The ICO has also been distracted by a combination of Facebook and political advertising investigations spanning the globe – surely this is much more important than marketing email misdemeanours in the grand scheme of things.
One final warning to the brands who think that they have got away with all of this: the delayed ePrivacy Regulation will be next on the horizon and those who haven’t prepared their data environment well for GDPR will have much more difficulty complying with this regulation.

John McDermott is head of CRM at Jaywing

Print Friendly