Thursday 18 January 2018

With the GDPR deadline just 127 days away, make sure 25th May is in your diary. There’s still thoughts across the marketing community that the new legislation could be a catalyst for a change in the way UK businesses market their services and talk to their prospective customers.

Steve Kuncewicz, Partner at BLM and specialist in Social Media & Data Protection Issues and self-confessed data geek Pete Moore of Look at Your Data Ltd, looked at how things have moved on since their original talk back in June.

1 – What actually is it, and does it really apply to us?

Steve summarised what GDPR means (without the use of jargon); GDPR gives individuals greater rights over their personal data, including withdrawing consent, easier access and portability.

For businesses, it’s essentially about understanding the context in which data is collected; why they need it; what they will do with it; and ensuring they protect it.

Steve’s top tip: For individuals, GDPR is a matter of “opting in”, however for businesses, they cannot simply “opt out” of being GDPR-compliant. It needs to be done and firms must comply.

2 – Starting the process

Pete suggested that a firm’s first port of call should be to understand where they are now and where they need to be. By performing a gap analysis it allows a business to lay the foundations for post-GDPR processes and to build a roadmap for how GDPR should be tackled.

Whilst firms are going through the exercise, it’ll inevitably cross between departments, allowing marketers to use it as a conversation starter for their GDPR internal communications and start the buy-in process across the firm (or more likely, using the fines as a scare tactic).

Pete’s top tip: the later you leave it, the greater the level of panic. Make sure everyone in your firm is aware of what is involved.

3 – Technology alone cannot sort it, it’s a change of process and culture

With the idea behind GDPR being to protect the individual, firms must ensure that they are legally allowed to use the data, that they have levels of security in place, and manage the risk to the data which they hold.

Whilst technology can help with things like cyber security, CRM and encryption, it’s only a small part. It must be a two pronged attack, think Steve Jobs and Steve Wozniak (the good times and the bad) between IT and internal processes.

Steve’s top tip: the change must come from within the organisation and spread throughout – firms must think about the data they collect and how they collect and use it, not just think of GDPR as something they outsource to IT. 

4 – Internal communications

There was a clear awareness of GDPR from those attending and from those in marketing roles, however the understanding from those outside the marketing (and our friends in IT) departments still appears low. Some may know “something” is happening, but not understanding what it actually means to them and their role/ business, and its importance.

Whilst being sat among peers, it was great to know we were all in the same boat, with the same issues and probably around the same stage of nearing compliance. The Direct Marketing Association reported that B2B marketers are unfortunately the bottom of the class when it comes to preparing for GDPR.

A report as recent as January 2018, suggested that up to 55% of respondents still weren’t aware of the upcoming GDPR legislation. So B2B marketers may be bottom of the class, but at least we’re in the class. 

Steve’s top tip: GDPR must be taken seriously by everyone, but marketing must drive the message to ensure everyone in the business is aware.

5 – No more sweeping under the rug

GDPR introduces a duty for all firms to report data breaches to the authorities within 72 hours of becoming aware of the breach. Don’t forget, additional fines will be levied where firms are found to have not reported a breach within the timeframe.

When it comes to a breach, by referring back to the original gap analysis you can begin to understand what data you held, where it was held and what may have been exploited. Once you’ve understood what data was breached, you can start to put processes in place to stop future breaches.

Pete’s top tip: there may be a “claim culture” waiting in the wings. If you discover a breach, report it. It makes sense to get out ahead of it, and work with the ICO, rather than hiding it and them discovering that you hid it… get them on side.

Whilst getting compliant can range from a huge task, to a juggernaut, have the bigger picture in mind. A post-GDPR world for marketers may be a better marketing environment. For some, a more strategic approach, less data and more intelligent targeting. Better email marketing statistics has got to be worth it, right?

Written by Michael Beal, Cowgill Holloway