In a blink-and-you’ll-miss-it moment, the one-year deadline before GDPR enforcement passed us by in May. Companies now have less than 12 months to get ready for the regulation and, unfortunately, there’s still a worrying number of businesses that barely even known about GDPR – let alone are preparing for it.
Two things make GDPR a potentially big problem for businesses.
First, its sheer scope. GDPR not only impacts how you store customer data but also how you share information with other companies, how you analyse it and the way you communicate with customers. Obviously, this poses a huge problem for marketers. Nowadays, very little marketing is undertaken without proper analysis, segmentation and targeting. Under GDPR, these activities become very difficult as specific consent is required from consumers for even the most basic analysis of their data.
Second, the punitive fines that businesses face for breaching GDPR make it a board-level issue. You can be fined up to €20 million or 4% of your business’ global revenue. That’s not a small number. Talk Talk’s 2016 fine of £400,00 looks like pocket change compared to the whopping £59 million fine it would’ve faced if GDPR had been enforced.
For marketers, who use customer data every day, a GDPR breach won’t just grind all marketing functions to a halt. It will also make a huge dent in customer confidence and trust. Breach GDPR and your brand reputation - along with your finances - could take a terminal hit.
Therefore, it is a no-brainer to invest some time and resources now to ensure your company doesn’t have to deal with a GDPR breach.
Data management revamp
Even if you take a more skeptical position on how strictly the legislation will be enforced, many of the actions that are necessary for compliance are fundamental for the future of businesses, particularly with reference to data management.
Every company will have to approach GDPR compliance differently. However, in broad terms, every business will have to reform or review their data management, marketing and consent management.
GDPR basically makes proper data infrastructure a legal requirement. So if your data is siloed in different departments, isn’t readily accessible and you don’t know who has access to it, you better start sorting it out.
GDPR puts ownership of data squarely in the hands of consumers. Theoretically, a customer could come to you out of the blue and request to see how you’ve stored and used their data. They could also request for their data to be transferred to another provider (data porting); this is especially relevant in the case of insurance, mortgages and other data-heavy, competitive industries. You’ll need to keep records of how customer data has been used, why, where it is stored and also ensure it is kept in a format that can be readily transferred to another organisation.
The good news is that once you’ve got decent data management and governance in place, it actually starts giving you greater benefits than just making you ready for GDPR. Keeping all your data in a central storage system in a clean format means that you can analyse information more rapidly and do more advanced analytics on it. This, in turn, can uncover some truly unexpected insights with the potential to transform your overall marketing strategy, budgets and other business processes.
Along with revamping your data management, you’re also going to have to obtain consent from your customers for each and every use of their data – and specifically for marketing services. In other words, if you have someone’s contact details, demographic and sales data, you’ll have to obtain their consent to send marketing emails, further consent to give them recommendations based on previous purchases and their consent again if you want to segment them based on their demographic and sales data. The easiest way to do this is to set up a consent hub - or preference centre as it’s also known. This will enable customers to manage their consent for a range of different data uses.
Gaining consent is going to be an ongoing task for you now. It’s not good enough to obtain consent once and then think your job is done. You’ll have to remind people to update their consent every six months. The best way to do this is simply through an automated email marketing campaign. If you really want to get people’s attention, offer them an incentive too – but not for the consent itself, only for logging into their consent hub to update their details.
90% of consumers aren’t yet aware of GDPR. So before you even get their consent, you’re going to have to explain what it is and why it matters to them. The latter part is important, as it makes an otherwise dry subject relevant to the average person’s everyday life. This is where marketing comes in. It’s worth devising an entire marketing campaign around increasing awareness and knowledge of GDPR amongst your customers, and then getting their consent once they’re fully clued up.
Conversely, you’re also going to have to do a degree of internal comms as well – all staff will have to be trained in GDPR compliance as each and every one of them could potentially cause a breach.
As you can see, there is a lot of work to do to get ready for the GDPR deadline, and this was merely a brief overview – there are plenty of other provisions that you need to be aware of. For all businesses, however, come May 2018, GDPR will come for you. Ready or not.