After more than a year of build-up and preparation, the GDPR deadline has finally passed. Swathes of emails have been sent to mailing lists, databases have been updated and policies have been rewritten across Europe, but what does this change in legislation mean for brands going forward?
The most important thing to remember is that compliance with GDPR is an ongoing process and therefore presents ongoing opportunities. It’s not just a project that’s come to an end with the deadline. Chances are your company has yet to be fully compliant: the reality is that it’s an ongoing effort, and continuing to work towards compliance means you can still reap business benefits for both you and your customers.
Should you be worried if your organisation isn’t fully compliant? While there are potentially great repercussions for those who do not comply, with possible fines of up to £17 million (or 4% of global turnover), early indications suggest enforcement will be more collaborative and look at whether the company has actions underway to become compliant. As Information Commissioner Elizabeth Denham said in a blog post published last August, ‘The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick.’
By now you’ve probably engaged with external advisors for legal GDPR guidance. However many marketers have not fully paired the legal advice with subject-matter expertise in key marketing tools and platforms. Employing experts could help to provide solutions by understanding existing tools and technology and bringing new tools to the table to rapidly get you closer to compliance. For example, new solutions are emerging that scan marketing data for personally identifiable information – often plugging into existing analytics and data suites. Ultimately, brands need to work towards having a comprehensive marketing-specific GDPR governance policy to know exactly which parties and departments are responsible for customer data.
Finally, it’s worth remembering that GDPR is about more than just compliance. This is a great opportunity to build the relationship with your customers, showing that you are protective and respectful of their data and that you are treating it carefully and thoughtfully. It’s also a chance to review the data you hold to determine whether it is critical to delivering your service, and whether you can simplify your marketing programme to focus on the data that drives the most business outcomes for you and your customers. This may prove to be a bigger opportunity than you had originally thought.