The General Data Protection Regulation (GDPR) will impact businesses as a whole, but marketers in particular will need to rethink their approaches in order to remain on the right side of the regulation.
We’ve already looked at the big ways the GDPR could affect marketers. So let’s take a closer look at how marketers can proactively move to mitigate some of its potential impacts.
Get Ready, Data-Driven Marketers
The GDPR is designed to provide rigorous data security and privacy protections, as well as give consumers more control over how their personal information is collected and used. While it is targeted toward protecting citizens of the European Union (EU), the GDPR’s mandates will apply to any company that stores or processes information for EU residents. That provision essentially transforms the GDPR into a worldwide regulation.
Data-driven marketers, in particular, sit directly on the firing line for many of the provisions included in the GDPR. That’s because the proposed new regulations focus on many actions that marketers take, such as profiling customers, analytics (particularly in the case of big data and artificial intelligence) and whether the volumes and types of data collected are necessary for their stated purposes.
Failure to Comply Carries Consequences
The negative business impacts associated with failure to comply with the GDPR can be significant. They include:
Assessment of substantial monetary penalties
Loss of direct access to customers who opt out of communications
Mandatory reassessment of every customer in a given database to verify the veracity of their opt-in activity
Customers’ right to ask for their personal information to be deleted from company databases
Customers’ denial of permission to have their data analyzed at all
3 Concrete Steps for Proactive Marketers
Fortunately, there are three major areas where marketers can take concrete steps to help them avoid these consequences:
1. Make data governance marketing’s new best friend
The GDPR requires that customers be able to access data held, rectify errors, request erasure of personal information and restrict the processing and use of that data. This means that, should customers ask, the company must be able to locate all of their personal data. That’s despite the fact that the data may exist in multiple databases, at third-party agencies or even in spreadsheets on a marketer’s desktop — a probable no-no under the GDPR.
Companies must then be able to show customers the data held on them and correct any errors that exist. What’s more, in addition to traditional metadata on quality, lineage and definitions, other metadata will be required to track opt-ins and usage.
The sheer logistics of facilitating compliance could be overwhelming, and marketing certainly can’t go it alone in this arena. In fact, this type of tracking, quality control and IT architecture design is tailor-made for data governance programs.
Historically, many marketers have been lukewarm participants in these enterprise programs. This must change and fast. The GDPR provides a trigger for the CMO to take an active and vocal role in shaping governance activity to ensure that the focus shifts to incorporate all of these new requirements.
This role involves:
Ensuring governance policies and data management processes cover personal information data and incorporate conditions stipulated by GDPR
Working with IT representatives on the governance committee to validate that enterprise application architecture standards facilitate the integration necessary to comply, for example by creating those elusive 360 customer views and cascading personal information data changes across all systems
Coordinating with the security representative on the governance committee to review existing company privacy and security policies to verify that they have the rigor demanded by GDPR
Working closely with the data protection officer — a role mandated by GDPR to ensure accountability and most likely housed in the enterprise security and privacy office — to review marketing solicitation, analytics and data collection processes to be certain they meet the mandates
Working with other C-level executives to allocate both funding and resources to modify the necessary systems changes most companies will require
2. Give customers transparent and timely access to their data
According to a recent report from Signal Marketing (registration required), 90 percent of Forbes Global 500 executives believe that customer experience will be the next key battleground and 57 percent of digital marketers plan to increase their investments in loyalty programs.
With the GDPR looming, intensifying the focus on these areas can’t come fast enough. That’s because when it comes to the marketer’s lifeblood — data and analytics — the GDPR imposes some stringent requirements. Chief among them are provisions aimed at ensuring that use of data is fair and meets customers’ reasonable expectations on how their data will be used.
Guidance documents highlight the fact that, while using personal data to gain a better understanding of customer needs is likely to meet expectations, selling social media data to third-party advertisers may not. The strong takeaway here is that marketers must make sure they are providing clear value to customers in exchange for the data provided to them.
Value in the context of excellent customer experiences can come in various forms:
Providing seamless and consistent experiences across all channels and customer touchpoints, informed by an institutional memory of past interactions that eliminates the need for customers to constantly repeat their ‘stories’
Tailoring customer communications and offers to meet real-time customer desires, while eliminating product offers or communications that are not germane to them in the context of the immediate situation
Actively soliciting customer feedback across all channels — including voice of the customer feedback mechanisms, social media listening programs, sentiment analysis and market research — and providing timely, personalized follow-up where required
3. Add value for customers when you use their data
Marketers must be prepared to respond when customers question what data is being collected and how it is being used. What’s more, this effort must go beyond simple documentation for auditors, to also cover:
Teaching representatives across all touchpoints how to respond to these questions
Digging into customer analytics that use personal information and developing a narrative to share with customers about the objectives of your analysis and the value it generates for them
Creating the organizational mechanisms for registering opt-outs and removing customers from analytical processes where requested.