The GDPR fear campaign has begun. In case you haven't heard about it (which is very bad at this point) the General Data Protection Regulation is an EU regulation passed to strengthen data protection and privacy for EU citizens. In anticipation of May 2018, when the new regulation goes into effect, many businesses are starting to investigate what this means for companies outside the EU.
Why Should I Care?
It would be easy to write this off as an IT problem to solve, and there has been a lot of guidance from reputable sources for IT, security, and governance pros to peruse. But this regulation will have a much broader impact and require dedicated attention from across the business landscape, including marketers and sales teams who rely on customer data to understand behaviour, refine messaging and deliver customized content that is timely and relevant to prospects.
The law passed in 2016, giving everyone two years to prepare, but going from "we have plenty of time" to "oh crap, what are we going to do about this?" can happen in the blink of an eye. And the stakes are high. Failure to comply can result in a penalty of up to four percent of global annual revenue, and U.S. companies dealing in high volumes of data are an easy target.
Gartner recently predicted that only 50% of companies impacted by the regulation will be compliant
by the end of 2018. As a marketer, especially those who rely on data-driven strategies like account-based marketing to feed the sales engine, you don't want to be on the wrong side of that statistic.
What Do They Want?
To use existing data, marketers will need a fully documented permission trail, including the data and source of the consent. And as an American company, you are not immune to the ramifications. While the regulation is coming out of the EU, it will apply to any company that sells or advertises to any business or subjects residing within the union. In this day and age, that's pretty much everyone.
In addition, all of your customer data needs to be organized in such a way (i.e. not in a spreadsheet or in siloed tool repositories) that, if a subject requests, you can easily provide the data or erase it in a reasonable amount of time. This also includes any of your customer data that is being handled by third party partners or vendors.
What Can I Do?
Here are three things you can do now to make sure your marketing organization is positioned well when the time comes.
1. Hire an outside auditor to review your data and processes.
2. Check in with third-party vendors.
3. Assign a GDPR representative.
In closing, don't freak out. Leading up to May, you will hear horror stories and see a lot of content designed to create a frenzy. Get out ahead of the regulation and be prepared. Taking these steps and locking down GDPR compliance ASAP could actually become a competitive advantage rather than a drag on resources, a looming risk or ultimately a PR nightmare that your marketing team will have to manage.
Once you feel good about compliance, then you can start thinking about what content will encourage and maintain consent from your audience, but that is entirely another topic to tackle.
Read the full article here.