Marketing departments may not realize the seismic impact a new regulation will have on their plans for 2018. And if they don't begin planning today, CMOs may discover that after May 25, 2018, their teams will not be able to execute campaigns and activities in the way they used to—at least not without facing the risk of legal action against their companies resulting in dramatic penalties and brand damage.
The specter of the General Data Protection Regulation (GDPR) has loomed large since it was adopted last year by European Union (EU). When it goes into effect next year, this new regulation promises to radically change every phase of consumer data management within the EU—and worldwide.
And just because your company or its servers are not in the EU doesn't mean you'll be able to get around the issue.
A change of this magnitude requires a dedicated and serious response from any organization that either does business within the EU itself or has a customer base or employees that include European residents.
Yet, confusion regarding GDPR is pervasive, and many companies don't fully appreciate the scope of its impact.
GDPR Threatens to Derail Marketing Initiatives
GDPR institutes strict data protections for all persons within the EU and places limits on the export of personal data outside the EU. All companies that possess lead, prospect, or customer data about persons located in the EU will be affected.
With GDPR taking effect in less than a year, efforts to comply with the new regulations should already be well underway. That's simply not the case at many companies, however.
A recent survey on GDPR preparedness from PricewaterhouseCoopers found that 23% of respondents hadn't even begun taking steps to comply with GDPR; only 6% stated that they had completed preparations and were ready to operate in a post-GDPR environment.
Although 92% of survey respondents listed GDPR compliance as a top security concern through the rest of the year, it's important to keep in mind that this is not strictly a security or IT problem. Unfortunately, many department leaders continue to view GDPR compliance as completely outside their purview.
However, marketing teams, in particular, need to recognize the sweeping changes that will go into effect next year if they want their 2018 customer engagement strategies to be successful—and, in many cases, if they want their marketing campaigns to be legal
Data-driven customer engagement has all but become the cornerstone of modern marketing. According to the Winterberry Group's January 2017 study, customer data is "critical" to the marketing strategies of approximately 80% of organizations across the globe. GDPR is going to completely upend what is considered acceptable usage and management of consumer data. If those guidelines aren't taken into account now, many marketing teams may well need to scrap their plans for 2018.
Considering that GDPR violations can be punishable by up to 4% of a company's annual global turnover (revenue) or €20 million (nearly $23 million), whichever is greater, we can safely assume that even laggards will fall in line eventually once costly fines begin to be doled out.
Where does that leave their marketing teams in the meantime, though?
What You Need to Know About GDPR
There are many changes in store for companies once GDPR goes into effect, but certain guidelines will hit marketing departments the hardest. Here are some of the highlights to keep in mind:
- It applies to any organization that processes EU consumer data, no matter where the company resides or where the servers that collect, store, and process the data are located. If you have customers residing in the EU (whether or not they are EU citizens), you will be held accountable for how you handle their personally identifiable information (PII).
- The definition of PII has been expanded significantly to include location data, cookies, device IDs, and even IP addresses. Just about any data-driven customer engagement strategy will incorporate this broader set of information, so you need to prepare accordingly.
- The GDPR introduces strict and narrow rules on how to obtain consent from customers before collecting and using their data. Today, most marketing organizations make heavy use of registration forms (say, on landing pages for gated content for lead generation) that use pre-checked options to collect profile data, and often these forms come with either no information or ambiguous information about what the data will be used for. GDPR no longer allows "opt-out" practices. You can collect information about your customers only if they explicitly allow it.
Another significant new requirement is that customers need to be able to go back and view what data is being collected and what they gave approval for, and they need to be able to change those individual approval settings at any time.
Chances are your website and marketing automation stack are not set up to support these requirements, and it's a non-trivial change. Most importantly, it's not just something marketers can throw over to their IT department to solve as the implementation can have significant impact on user experience that might impact everything from sign-up rates, retention rates, conversion success and user loyalty.
- Even with consent, customer data can be gathered only for an explicit, specific purpose. Companies will no longer be able to bundle a wide variety of data with no clear objective. For example, if you are targeting different ads to past customers depending on their age or gender, but don't have their explicit consent to use this data for that purpose, you will no longer be allowed to do so.
- EU residents can request to have their personal information completely erased from a company's database upon request. This requirement means that all of that great consumer data you've been collecting over the years could be lost forever if customers wish. Maybe more important is that you need to be able to execute this deletion of data across all your systems and databases that make up your sales and marketing automation stack—including systems maintained by third-party contractors. Given the plethora of systems and databases in larger organizations, this is typically a nontrivial task.
Add it all up, and GDPR effectively puts an end to the Wild West days of consumer marketing in the EU, and globally for every company collecting data oo EU residents.
Will Your Existing Customer Database Be Useless After May 25, 2018?
What adds dramatically to the complexity of these new requirements for marketing and business line owners is the often overlooked fact that the GDPR does not allow your existing data to still be used after May 25, 2018: There simply is no grace period and no grandfather clause.
In other words, if your existing customer data was collected in a way that is not GDPR-compliant (which is probably true for almost 100% of cases), then you can no longer use it once GDPR takes effect.
You will have to make the extra effort to re-collect approval from your customers to continue to use their data, and this time you need to do so in a GDPR-conforming manner. And, of course, you want to make sure this new and additional request for consent doesn't turn into a customer-experience nightmare that will drive customers away and have a negative impact on your KPIs and business. Consent lifecycle management can no longer be an afterthought.
Marketing and other business line teams need to understand what this new regulation means for their 2018 plans, and in particular its impact on personalized marketing—from newsletters and email campaigns digital advertising—or the use of behavioral data to display personalized content on digital sites. Else they will have to pay a big price.
Continue reading "Your 2018 Marketing Plan Won't Work and Will Break the Law: The Threat Posed by GDPR" ... Read the full article
MarketingProfs provides thousands of marketing resources, entirely free!
Simply subscribe to our newsletter and get instant access to how-to articles, guides, webinars and more for nada, nothing, zip, zilch, on the house...delivered right to your inbox! MarketingProfs is the largest marketing community in the world, and we are here to help you be a better marketer.
Sign in with your preferred account, below.
You may like these other MarketingProfs articles related to Marketing Strategy:
How to Identify and Prevent B2B Channel Conflict
You have a big channel partner who has doubled your sales. Yeah! But then the partner starts making decisions willy-nilly without checking with you. D'oh! Here's how to prevent similar conflicts. read this »
Could NFTs Replace Your CRM Strategy?
Do the potentials of blockchain technology go beyond the novelty of "owning" a digital piece of art? Perhaps. Future marketers could harness NFTs for functions typically associated with customer relationship management. read this »
Why ABM Should Be Supported—Not Driven—by Tech and Demand Gen
Is your ABM strategy following deals through close, or is it focused only on the top of the funnel? If the latter, your strategy is actually limited to tech and demand gen instead of true ABM. read this »
What Marketers Need to Know About NFTs
Okay, we've all heard about NFTs. But are they actually useful in the marketing world? How can brands incorporate them into their strategy? The answer may lie in community-building. read this »
The B2B Marketing-Sales Divide: More Leads vs. Better Leads
B2B marketers say their biggest marketing concern is how to generate more leads, whereas B2B salespeople say their biggest marketing concern is how to improve lead quality, according to recent research from SharpSpring and Ascend2. read this »
How to Create a Successful Pride Campaign
Pride Month is upon us, and many companies will rebrand with rainbows to mark the occasion. But running Pride campaigns without aligning your brand with LGBT struggles is disingenuous. Here's how to do Pride Month right. read this »