Does the new General Data Protection Regulation (GDPR) make you want to just delete all your data and start afresh? We felt that way at first – when you start grappling with an 88-page pdf written in dense legalese while taking advice from different people, you may feel more confused than when you started out.
Wetherspoons actually did decide to delete all their customer data – but we’ve found out that you don’t need to be that drastic.
We met some brilliant, plain-speaking people, and ran an event with a particular focus on what GDPR means for marketing data. Facilitated by Firefly CEO Claire Walker, our team of experts included Simon Morrissey, Head of Data and Privacy at law firm Lewis Silkin, Nicholas Dunn-McAfee, Head of Policy and Research at the PRCA and Simon Loopuit, CEO and founder of trust-hub.
The overwhelming message from this panel of experts was that there is huge opportunity for companies to become GDPR compliant. There is too much emphasis on the ‘hefty’ fines – too much stick, not enough carrot in our opinion. Even Simon Morrissey didn’t mirror the scaremongering messages you often see from other lawyers and talked about how brands who are GDPR compliant can gain competitive advantage.
From a reputation perspective, handling data in a respectful manner shows your customers that you are safe guardians of their personal information. People are wising up to how their data is used, and trust is the primary pillar in establishing a strong and lasting relationship with them.
Furthermore, better data means better engagement. With customers actively opting in to being marketed to means they’re more likely to be engaged with what you send them. No more ‘why is this company spamming me and how did they get my contact information?’. With GDPR we will see the rise of granular consent – where customers are asked for their preference on how and when they are contacted (more on this in step 5).
To become GDPR compliant requires a thorough audit of your current processes and data (see step 1 below). This first critical step may mean an overhaul of processes and how data is used, which at a minimum will make your company more efficient. But also forcing yourself to rethink and question every process and data point may prompt new and better ways of working. This discovery process could unearth some hidden gems.
It’s all well and good me telling you the benefits of getting your house in order, but how do you get to that point? Well, we have some brilliant practical steps to help you get started now. And we mean now: Simon Loopuit from trust-hub advised us that it’s a six to nine month process, so it’s time to get going.
Practical steps for marketing professionals
- Create a data map noting all the processes and data you collect
This data map must not only incorporate internal data but also the data about you and your clients that your vendors hold. When noting down the data points, also note the purpose of the data. This is an important step as it will help inform your marketing strategy and transform your processes – maybe you don’t need this data point, or maybe there’s a better way to use this data.
- Take ownership
Don’t think that responsibility lies with IT. Your department is responsible for the marketing data you hold and use. However, personal data cuts across all areas of the business so you must get engagement from all departments. It’s not about being scared into action, ensure you communicate the benefits of reviewing your data map.
- Engage management and the board
All this work will take an incredible amount of time and effort. Therefore it needs to be a marketer’s number one priority between now and May 2018. To do this effectively, clearly outline the need to switch priorities and explain the benefits in the long-run – and also be ready to keep having to explain the benefits for those who may be impatient!
- Sort supply chain
Yes, your data must be compliant, but you must ensure the vendors that handle your customers data are also compliant. Data breaches often happen due to a weakness in the supply chain. Not everyone will be as proactive as you, so ask your vendors and suppliers the right questions so you feel confident that the right measures are in place to safeguard your customers data.
- Granularised consent
If you haven’t transitioned away from opt out (pre-ticked) consent, then do that right away. Consent also doesn’t mean ‘all on, all off’. Give your customers choice in how and when they receive information from you. It might be that some customers prefer certain channels over another, or they prefer a certain frequency? Give them options, just not too many, it has to align with your marketing strategy which can’t be too siloed.
There are three ways to react to GDPR – fight, flight or freeze. Many brands are like a deer in the headlights, freezing and taking no action at all. Some, like Wetherspoons, choose flight and ditch all their data in favour of starting over. We tell you to choose ‘fight’ which we’d actually change to ‘face head on with a positive and determined mindset’ (catchy, hey!) because rolling up your sleeves now will give you many long-term benefits for your brand.