by James Greaney
If you’re finding that this quarter has been filled with excitement about fresh possibilities, embrace that feeling while it lasts; businesses are soon going to need all their energy to prepare for a change that may significantly disrupt the very best laid plans.
On 25 May 2018, the Global Data Protection Regulation (GDPR), the European Union’s new privacy law, comes into force. According to experts, it will be the most complex piece of regulation the EU has ever produced – and with Brexit on the horizon, that’s saying something.
And if a company breaches the new rules? It’ll be fined up to €20m (A$31m) or 4% of its global annual sales, whichever is greater. That’s why it’s essential for marketers around the world to understand what the GDPR means for them.
For a long time, there has been an undercurrent of resentment around businesses collecting the data of individuals. When Germany and Google came to blows in 2015, the issue became front of mind across Europe. The German authorities found Google’s access to a multitude of private information to be unlawful if gathered without the express consent of its users. This information includes travel plans using location data, interests, financial status, sexual orientation and relationship status.
Now, two years after the resulting GDPR legislation was passed in May 2016, it’s about to take effect. Individuals’ consent for companies to collect and use their personal data now has to be “unambiguous” and for “specific” purposes, which means generic T&Cs that are typically agreed to as a matter of course (think “your data will be used to improve our services”) will no longer be acceptable.
Australian-based marketers need to get up to speed on the GDPR requirements quickly, as organisations aren’t exempt just because they’re based outside Europe. The laws apply globally to any organisation that deals with the personal data of individuals who live in the EU – customers and employees included.
Many commentators see the GDPR as a victory for the consumer, but as The Economist recently illustrated, the regulations have the potential to hamstring many different industries, not just advertising.
In The Economist’s example, modern cars are computers on wheels, and they collect mountains of data as people drive. This data is used to improve the carmakers’ product, but it’s also useful for making roads safer. If lots of cars report to transport authorities that their automatic braking systems kicked in on a particular stretch of road, it may indicate a dangerous bend or the prevalence of ice, and signs or speed bumps could be introduced to prevent accidents.
Yet in Germany, due to the privacy rules, this model cannot play out. The “default setting” of European law gives ownership of data to individuals. That makes it difficult to get consent to aggregate the data and uncover useful insights. So an inadvertent side effect of protecting privacy is that German roads may be slightly less safe.
The GDPR aims to hand control of individuals’ data back to the individuals themselves. But most marketers still aren’t aware of the implications of the laws for their businesses.
According to a study by the World Federation of Advertisers, 70% of marketers aren’t fully versed in what the GDPR means for them. Only 65% of respondents expect to be compliant before the laws come into force, and just 41% have a strategy in place.
One thing to know is that the GDPR isn’t all doom and gloom. There are some key benefits for businesses around efficiency (with the retirement of legacy systems that don’t comply with regulations), intelligence and customer experience – all of which will help companies differentiate their offering in the market.
While decisions around business efficiency and intelligence have historically been led by the CIO, today’s CMO is a more influential decision-maker in this realm. So, as a marketer, what can you be doing to ensure you’re part of the discussion and the correct decisions are being made?
1. Know what you’ve got
Your organisation will be collecting data that you’re totally unaware of, but it’s surfacing in places that you’re potentially going to be tempted to use it. This won’t be a reasonable excuse, so identify what’s there and audit it.
2. Be familiar with Marketing Automation systems
As a marketer, you will need to be confident you’re compliant with the GDPR, so make use of the tools that are there to assist you. Any updates to contacting a customer can be initiated more simply through Marketing Automation systems. What’s more, these platforms themselves will house critical information that you’ll need to review, rather than passing the buck to the ailing business analyst.
3. Get organised now
There are bound to be rouge web-forms to be revised; terms and conditions paragraphs to be reviewed (rather than just copied into the next campaign); and customer databases with lapsed and inactive users who should not be migrated into new platforms. Stay organised and you’ll be able to take advantage when the GDPR arrives.
So with just a matter of weeks to go before the legislation comes into force, it’s time to start turning your attention to a carefully considered strategy for your business that mitigates any foreseeable problems that the GDPR could bring about. With the right approach, you’ll set up a happier and more successful forum for 2019’s planning. And as Facebook have found out recently, you’ve got a responsibility with the data you’re collecting.