By Sven Dummer | Posted on January 19, 2018
Marketing departments may not realize the seismic impact a new regulation will have on their plans for 2018. And if they don't begin planning today, CMOs may discover that after May 25, 2018, their teams will not be able to execute campaigns and activities in the way they used to—at least not without facing the risk of legal action against their companies resulting in dramatic penalties and brand damage.
The specter of the General Data Protection Regulation (GDPR) has loomed large since it was adopted in 2016 by the European Union. When it goes into effect later this year, this new regulation promises to radically change every phase of consumer data management within the EU—and worldwide.
And just because your company or its servers are not in the EU doesn't mean you'll be able to get around the issue.
A change of this magnitude requires a dedicated and serious response from any organization that either does business within the EU itself or has a customer base or employees that include European residents.
Yet, confusion regarding GDPR is pervasive, and many companies don't fully appreciate the scope of its impact.
GDPR institutes strict data protections for all persons within the EU and places limits on the export of personal data outside the EU. All companies that possess lead, prospect, or customer data about persons located in the EU will be affected.
With GDPR taking effect in May of this year, efforts to comply with the new regulations should already be well underway. That's simply not the case at many companies, however.
A survey on GDPR preparedness from PricewaterhouseCoopers last year found that 23% of respondents hadn't even begun taking steps to comply with GDPR; only 6% stated that they had completed preparations and were ready to operate in a post-GDPR environment.
Although 92% of survey respondents listed GDPR compliance as a top security concern through the rest of the year, it's important to keep in mind that this is not strictly a security or IT problem. Unfortunately, many department leaders continue to view GDPR compliance as completely outside their purview.
However, marketing teams, in particular, need to recognize the sweeping changes that will go into effect next year if they want their 2018 customer engagement strategies to be successful—and, in many cases, if they want their marketing campaigns to still be legal.
Data-driven customer engagement has all but become the cornerstone of modern marketing. According to the Winterberry Group's January 2017 study, customer data is "critical" to the marketing strategies of approximately 80% of organizations across the globe. GDPR is going to completely upend what is considered acceptable usage and management of consumer data. If those guidelines aren't taken into account now, many marketing teams may well need to scrap their plans for 2018.
Considering that GDPR violations can be punishable by up to 4% of a company's annual global turnover (revenue) or €20 million (nearly $23 million), whichever is greater, we can safely assume that even laggards will fall in line eventually once costly fines begin to be doled out.
Where does that leave their marketing teams in the meantime, though?
There are many changes in store for companies once GDPR goes into effect, but certain guidelines will hit marketing departments the hardest. Here are some of the highlights to keep in mind:
Add it all up, and GDPR effectively puts an end to the Wild West days of consumer marketing in the EU, and globally for every company collecting data on EU residents.
What adds dramatically to the complexity of these new requirements for marketing and business line owners is the often overlooked fact that the GDPR does not allow your existing data to still be used after May 25, 2018: There simply is no grace period and no grandfather clause.
In other words, if your existing customer data was collected in a way that is not GDPR-compliant (which is probably true for almost 100% of cases), then you can no longer use it once GDPR takes effect.
You will have to make the extra effort to re-collect approval from your customers to continue to use their data, and this time you need to do so in a GDPR-conforming manner. And, of course, you want to make sure this new and additional request for consent doesn't turn into a customer-experience nightmare that will drive customers away and have a negative impact on your KPIs and business. Consent lifecycle management can no longer be an afterthought.
Marketing and other business line teams need to understand what this new regulation means for their 2018 plans, and in particular its impact on personalized marketing—from newsletters and email campaigns digital advertising—or the use of behavioral data to display personalized content on digital sites. Else they will have to pay a big price.
This article was originally published on MarketingProfs.com
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…