Regardless of where your business is physically located, if your sales and marketing efforts target people resident in the European Union you’re (hopefully) already aware of the EU’s General Data Protection Regulation, or GDPR, and its implications for your business.
If you’ve read any of the scare stories over the past few months, you could be excused for thinking business owners and marketing directors across the globe are collectively soiling their Calvins about the implications of GDPR, which comes into effect from May 25th, 2018. As with most legalization, the facts about GDPR are less terrifying than the clickbait would have you believe.
But GDPR is not some tech-centric regulation compliance mumbo-jumbo to be palmed-off to the IT department to deal with (and blame when the excrement hits the air-conditioner). GDPR isn’t like having a cookie disclaimer on your website. Depending on your particular business, it could be a pretty big deal.
GDPR In A Nutshell
Before I continue you should note that, while I think of myself as a doppelganger to Harvey Specter from Suits, I’m not a lawyer. KEXINO isn’t a law firm. As a result you should take much of what I’m saying here with a pinch of sodium chloride. If you want to know how the GDPR will impact your particular business, then get expert advice. OK, back to the show.
1. We’re here because the marketing industry couldn’t be trusted to ‘play nice’
If marketers and advertisers had given a stuff about how their less-than-respectful antics impacted consumers, we wouldn’t need the GDPR. We’re here because of years of scummy marketing tactics blasted out by unscrupulous organizations driven by profit at whatever cost.
2. GDPR is a kind of “Personal Data Bill Of Rights”
Consumers have the ‘right to be informed’. They have to be told, up front, what their personal data is going to be used for, and by whom. What’s got advertisers scared is that ‘personal data’ now includes identifiers such as browser cookies and internet IP addresses. What that means is you’ll have to get consumers to provide a clear ‘opt-in’ to show they’ll accept your targeted advertising, as well as any individual one-to-one communications.
3. Consumer data is owned by the consumer – not by the brand
Consumers have the right to access anything and everything that brands have on them, and do whatever they want with that information. They also have the right to correct any data on them that’s deemed incorrect. Crucially, that doesn’t just include the data that you have on them in your CRM system or service database, for example. It extends to every third-party product or service you might offer via your organization. For example, supposing your business offers interest-free credit ‘subject to status’ that’s administered by a bank or credit agency. If a customer gets turned down for credit, it’s on you to provide them the information as to why that is.
4. Right to complete erasure
At any point and without having to provide any reason, any customer can request that you delete every scrap of information you have on them and never be contacted by you again. If a brand doesn’t fully comply with this there can be huge financial and legal implications. What does this mean? It means if you get your communications wrong, blasting indiscriminately and talking ‘at’ people, they will leave and you can’t get them back. You have to justify your place in their inbox, or doormat, with every single piece of communication you send to them.
5. Data portability
Consumers can take their data away from you and give it to someone else. Supposing you really mess things up with a large customer. They could, for example, instruct you to take every bit of data you have on them (price paid, contract renewal dates, whatever) and give it to your competitor. Think about that for a second.
Those are the headlines. There may be more GDPR legislation pertinent to your particular business. However I’m not going to go into the weeds about how GDPR may impact your own internal business processes or governance structures. There’s plenty of information online outlining the implications and obligations to businesses whether they’re startups, small businesses, or mega-multinationals.
What I’m interested in is how GDPR affects business marketing – for better or worse.
Why Do We Need GDPR? Because Of Crappy Marketers
The vast majority of GDPR concerns the way companies use, protect, store, and keep personal customer data. Not only does it fundamentally change what marketers can and cannot do with data, but it will penalize companies that misuse that information. Oh, and we’re talking about pretty sizable penalties here – up to €20 million (around $23 million) or 4% of a company’s annual turnover (whichever is the greater) in extreme cases. You or your board members can even go to prison.
So how did we get here? Why do we need the GDPR? The answer is simple: Because of all of us having to deal with crappy marketers doing crappy marketing for the past decade or so.
Today’s model of evermore intrusive online tracking, surveillance marketing (euphemistically referred to as “retargeting”), programmatic advertising, etc. is unsustainable in the long term, and just plain creepy in the short term. Marketers are abusing consumer rights of privacy on a daily basis, and vendors of adtech-driven systems are just plain lying to their customers about the reach and effectiveness of their ads. With all this shenanigans going on it’s little wonder that the use of browser Adblockers grew globally by 30% in 2016, and today are installed on over 600 million devices worldwide.
But such tracking mechanisms aren’t just used to show me Amazon ads when I’m on Facebook. They can be used against democratic societies by nefarious organizations. User tracking data has been used to influence voter behaviors and – yes – even opinions by malevolent politicians and even governments.
That’s why we need the GDPR, as well as legislation like it.
With GDPR in place, any consumer resident in the European Union has the right to request a copy of the data any organization holds on them. Not only that, but they have the right to amend that data, and even delete it. Any business sending marketing messages to EU individuals needs to prove receipt of explicit consent that they can use the data for marketing purposes. Consumers are able to revoke this consent as easily as they give it, and can do so whenever they want.
GDPR Is An Attempt To Win Back Trust
Depending on how and to whom you’re selling your wares, this is either really really good news or really really bad news. It may mean the creation of a user data governance procedure and the implementation of marketing technology supporting a clean, transparent data management infrastructure. A data management policy is no longer one of a list of things that’s ‘nice to have’. It’s become a legal requirement. Remember, if you’re targeting individuals in the EU all of this applies irrespective of where your business is located.
So what’s the flip-side of the coin? By having all of this data open, harmonized, and accessible to the appropriate people offers the possibility of a whole new level of next-gen marketing tech innovations. The opportunity for marketers to deliver better, more timely, relevant, and personalized messages and content to their audiences; while having access to deeper insights to the impact of those campaigns.
At this point you may be getting a touch of déja-vu. “Hang on a minute,” you may say. “Isn’t the marketing industry already doing this kind of thing?” Well, the honest ones are. With GDPR, the dodgy ones are now forced to join the party. As a result, the relationship of trust between brand and customer will increase – since it has nowhere else to go – to the ultimate benefit of both vendors and consumers. Yes, GDPR is there to prevent unscrupulous businesses abusing customer data. But it also enables organizations to better understand the data they have, treat it with the care and diligence it warrants, as well as manage it more effectively to help identify new marketing and business opportunities. GDPR is, in effect, creating a de facto worldwide standard for consumer data protection. Which can only be a good thing, right?
GDPR Put The Consumer (Back) In Control
With users having the ultimate say in how their data is used, the quality and relevance of marketing campaigns will have no choice but to improve. The consumer is (back) in control. Blanket email blasts using rented third-party data and poorly-considered retargeting campaigns will be swiftly punished by consumers exercising their new data rights. Consumers are more likely to accept better, more targeted, more relevant marketing messages if they know they can turn the tap off quickly and easily if they wish.
The companies most adaptable to change will thrive. Businesses with a well-defined value proposition and insightful campaign planning will have a clear edge over those who’ve historically been reliant on simply hitting enough eyeballs to make the numbers work. It’s Darwinian Theory applied to marketers.
GDPR Is An Opportunity for Marketers To Do It Better
The adoption of new marketing technologies and innovations is just a small part of what GDPR promises. The lines of responsibility between Sales and Marketing may need to be redrawn. Many business will be forced to go back to the drawing-board regarding strategy, communications, measurement metrics, and big data analysis. For businesses of every shape and size, GDPR provides perhaps the single biggest opportunity to improve marketing performance since the introduction of broadband internet.