Over the past few years, the majority of data and marketing professionals have been given some form of GDPR training.
Generic training would typically go into depth about how European data privacy laws have changed, what the key terms and main principles of the GDPR are, and help businesses to understand the consequences of non-compliance.
The consequences of non-compliance have been well publicised by the media in a series of high profile investigations by the Information Commissioner’s Office (ICO), ultimately leading to punitive sanctions imposed against unlawful organisations.
There have also been cases of data breaches within organisations where staff were not effectively trained in how to manage customers’ sensitive information and maintain the necessary safeguards to protect it. Once again, this has led to investigations by the ICO.
Earlier this year, the hotel chain Marriott was fined for more than £99 million under the GDPR; British Airways were issued a fine of £183.39m. Highlighting just how much importance the regulator places on the security of customers' data and how seriously businesses should take this issue.
The costs to a business extend far beyond just fines, there can even be long-term effects on customer trust, share price and public perception that could have more lasting damage.
Such significant deterrents should be enough for organisations to understand how important compliance is and the role all staff have to play in achieving it.
Staff training isn’t a priority for many businesses
Providing training and guidance to all staff should, therefore, be a clear priority for all businesses.
However, recent research has revealed a number of alarming findings that would suggest otherwise in many cases.
- One in five (21%) marketers feel they have not received enough training to comply with the GDPR
- 18% of marketers say the GDPR expert they were trained with didn’t have the right experience in marketing
- One in 10 (9%) state that their training hasn’t been practical enough to date
- A fifth of marketers (20%) say their organisations are not implementing ongoing GDPR training plans
These stats all paint quite a concerning picture of some businesses neglecting their duty to equip marketers with the skills they need.
Leading up to the GDPR’s enforcement date, the DMA authored articles highlighting best practice and published guidance to help marketers understand their role, but this should only be used as a guide and as additional reading to supplement practical learning.
Due to the complex and subjective nature of the GDPR, expert-led training is essential for marketers to not just comply, but also be knowledgeable in delivering best practice.
Data and the digital economy
For most businesses, data is its most valuable asset. So consumer trust in how they collect, store and use data is fundamental to building sustainable relationships with customers and increasing their willingness to share data.
The GDPR has already had a notable impact here.
For example, this report indicated that the number of people who claim they would be more likely to exchange their personal information in return for personalised products or services has risen from 26% in 2015 to 34% in 2018.
In addition, the number of people who would be more likely to exchange data in return for personalised brand recommendations has increased from 20% in 2015 to 31% in 2018.
Data is an essential part of the digital economy, so maintaining its security must be a business imperative.
GDPR training for marketers needs to be ongoing, practical and relevant
When marketing teams are formulating integrated marketing campaigns and collecting, processing and segmenting sensitive information, they need to not only understand their responsibilities but also how data can be a huge asset to the overall business objectives.
And most importantly, how they can protect the customer and build trust.
Legal experts writing and delivering GDPR training are no doubt skilled at interpreting the GDPR and understanding where an organisation is legally obliged to protect consumers’ data.
Although it is one thing understanding the legal underpinnings to GDPR. It’s a totally different challenge to translate that into actionable best practice within a comprehensive data and marketing strategy.
This is why dedicated learning material and ongoing training is essential to a marketer’s ongoing development in this area.
There is a range of face-to-face and online learning platforms out there that can provide expert guidance, but whether to select the online or offline route will depend on individual and organisational requirements.
Whatever option is opted for, it is imperative that training is practical and relevant.
In addition, there must be clear structure within the business as to how training can progress with some regularity, to reinforce previous material and act as a reminder to the responsibilities all staff have.
It’s not just a case of compliance and non-compliance
GDPR is much more than an issue of compliance and non-compliance.
The benefits go far beyond the legal obligations and there are a number of opportunities available to those who understand how to obtain them.
As the evidence suggests, GDPR will make consumers more likely to share their data and provide invaluable insights into their preferences, and even consumer behaviour in general.
This, in turn, will help marketers to send tailored content that the consumer is more likely to engage with.
There are still many businesses and marketing teams neglecting not just GDPR compliance, but also the benefits associated with best practice.
Without sufficient training, the long-term consequences could far outweigh the initial investment.