With General Data Protection Regulation (GDPR) now so close you can practically feel it, the narrative we’ve been fed from some quarters is that brands are woefully unprepared for the looming changes.
According to one World Federation of Advertisers (WFA) survey, 70 per cent of brand owners do not feel marketers in their organisation are fully aware of the extent of the General Data Protection Regulation (GDPR), with just 65 per cent expecting to be fully compliant when it comes into force on 25 May 2018. Whilst some marketers may bury their heads in the sand around GDPR, it’s important to understand that with the biggest change in data protection law in over 25 years, comes an amazing opportunity for digital transformation.
At its most basic level, GDPR will require companies to provide their consumers with transparent guidelines on how their personal data is being stored and used. They will also need to provide consumers access to this data and will need to gain their explicit consent before storing or processing it, thus completely democratising the idea of data privacy for consumers. Although Data Protection Regulators are not parking wardens with a quota to fine every day, failure to comply with GDPR could be very costly, with either a €20m fee or 4 per cent of annual turnover for level 2 fines, depending on which is higher, exacted if consumers are not given these rights and the issue is raised, or a data breach is identified.
But while this kind of fine might seem scary, it should instead be looked at as an impetus for brands to create transparency; something which will only boost long-term consumer loyalty. The current crisis around Facebook and Cambridge Analytica has shown consumers will lose trust if their data is compromised, with the value of the social media giant already falling $50bn as a result of the scandal.
Therefore, GDPR should be seen as opportunity for digitally savvy - and even less digitally savvy - businesses to get their house in order, especially in terms of modernising IT systems and improving data protection policies. Doing this will avoid a similar situation to Facebook, where long term brand damage has been sustained due to consumers feeling like their data privacy has been violated.
Wetherspoons is a good example of a business that has acknowledged it isn’t the most digitally savvy, by making the decision to get rid of its entire email mailing list as it deleted the data it held on nearly 700,000 customers in the process.
Wetherspoons is acutely aware that starting from scratch and avoiding being weighed down by a weak email data strategy, which is susceptible to hacking, will allow it a less complicated route to becoming GDPR compliant. And in turn has created an opportunity to turn itself into a far more digitally savvy business.
There’s no denying the short-term effort that will be needed to achieve compliance with GDPR, and this could include starting afresh like Wetherspoons as well as training staff around data, mitigating potential data breaches by introducing new technology, and creating a clear internal data map so the process of how customer data is treated is fully understood by your staff.
However, the investment needed to comply with GDPR regulations should be viewed as deferred costs from work that should have been done to improve data security years ago. And, seen in this light, GDPR is not a revolution, but an evolution. Sure, this may seem counter-intuitive, but those with the most work to do actually stand to make the greatest gains.
Let me explain why; customers will trust brands a lot more if they respect their data, and this makes GDPR a massive opportunity to boost your ongoing corporate social responsibility (CSR) commitments. More than one in five (21 per cent) consumers will actively choose brands if they make their CSR credentials clearer in their marketing, according to Unilever. Therefore, by becoming GDPR compliant, you can use this as a major selling point, as consumers are more likely to spend money and recommend a trustworthy brand. And with security now integral to modern consumers, achieving GDPR compliance can become a real point of difference over your rivals.
This will also lead to a better data value exchange as GDPR-compliant businesses can make their products and services better, keep customers happy by making services more efficient, and target them with the right offers at the right time, which in turn creates a much better customer experience journey. It can also accelerate the adoption of new technology and bring a company’s systems out of the dial-up era and into the cloud-computing age. GDPR could even pave the way for faster adoption of progressive technologies such as chatbots and AI, with both potentially helping to assist customers with dealing with their “right to be forgotten” and more efficiently browsing the data you might have stored on them.
Ultimately, by having better data, you’ll achieve a better return on marketing spend, while staying on the right side of the law which avoids the risk of damaging your brand. The reality is many companies simply will not have sorted their data out by the time GDPR comes into place. But if you are one of the few who organise this now, then you are at a clear competitive advantage as you can accelerate digital transformation whilst boosting consumer trust.
Risk? Or opportunity?
This was something recently acknowledged by ITV’s director of online marketing Steve Forde, who talked of the possibilities of turning GDPR into a marketing opportunity. In an interview with Marketing Week, he said: “As our confidence grows [around GDPR] there is then the potential to be much more open and transparent with consumers about what it is we’re doing with their data. That then of course earns trust.
“I’d say if it feels like it’s just being done to satisfy a legal requirement then it can be daunting and people won’t want to engage with it, but if you turn it into something that is actually a brand positive, viewer-centric mission then people will ultimately become more engaged.”
Adopting this kind of mentality is the key to making a success out of GDPR, which should be looked at as an opportunity rather than a risk.
Jim Bowes, CEO and co-founder, Manifesto
Image source: Shutterstock/Wright Studio