Majority of U.S. Companies are Not Prepared for GDPR – Now What?
Friday, April 13, 2018
The General Data Protection Regulation, perhaps best known as GDPR, is one of the most significant marketing topics in the industry right now. However, there is still a good amount of confusion, even for leading brands, on how the European Union’s (EU) new regulation will affect them once it is enforced beginning on May 25th, 2018.
If you’re not entirely confident that your data program is compliant or aren’t sure if the EU regulations will even affect your company, you’re not alone. According to a recent eMarketer survey, only 6% of North American companies are prepared for GDPR. Nearly 30% of respondents stated they have started to prepare and 11% of respondents indicated that they are not prepared at all.
If your organization falls into any of these categories, don’t panic, there is still time to get ready for GDPR. We’ve created a GDPR Preparedness Assessment to help with establishing control, understanding vendor positions on GDPR, and building case-based solutions that solve for key issues brought on by the new regulations.
What you can do NOW.
To start, we recommend speaking with your legal team or an accredited legal consultant to determine how the regulations may affect your organization. Understanding what the law requires is a starting point from where you can then assess your current compliance level.
Once you understand how compliant your company is, or is not, there are a few additional tasks that you can undertake:
- Conduct a Data Audit – You could even say that it is a bit of a spring cleanup, but start by finding the personal data that exists in your ecosystem and determine:
- How it is being utilized
- What was the original use case for it?
This will help provide you with some tips around where to start and how often you should be cleaning up your database going forward.
- Evaluate Data Impact – Even more so with GDPR now in play, it’s critical to weigh the value to risk ratio of the personal data you’re collecting. If, due to GDPR, you deem a data point to be too risky to collect going forward, you will need to mitigate its absence in marketing initiatives going forward. Going forward, ensure that you’re always planning of the future by creating use cases and identifying language to include in your consent agreement.
- Improving Governance – New governance initiatives could be as simple as ensuring that you are educating your teams or collaborating with your company’s regulatory liaison (if applicable) on a consistent basis through the building of new processes and oversights. Additionally, assessing the role your vendors are playing is critical.
Data Collection in a Post-GDPR World.
While companies will be expected to be in compliance by May 25th, they will also need to maintain their compliance at all times going forward. By periodically repeating the process outlined above, companies can ensure continued compliance going forward as data sources and marketing technology changes going forward.
For many marketers though, especially as personalization becomes increasingly important in providing the customer experience being demanded, continuing to collect customer data in compliance with GDPR will be imperative. Among the ideas seen so far by brands to overcome this obstacle is the use of incentives, such as redeemable points and rewards, to allow them to keep their personal data in a post-GDPR world.
Maintaining consumer trust throughout this process is critical and, by being as transparent as possible about the value consumer information holds, gives advertisers and marketers the greatest chance of continuing to access their personal information. While attaining and maintain personal customer data will change significantly in a post GDPR world, there are many positives that are being seen by companies who have embraced the challenges of GDPR by gaining increased control over their data.
Want even more info on the final countdown to GDPR? Have GDPR questions or just want to ensure that your company is compliant? Click here or send us an email at info.US@Ebiquity.com to speak with an expert from our team and learn how our built-to-order GDPR Preparedness Assessment Program can provide the support you need before the deadline and going forward.