Matters of GDPR compliance fall under the remit of the Legal and IT departments, but with great impacts of this legislation on marketing activities, marketers need to take an active role in the compliance journey, for both advertisers and media owners…
A view of GDPR being a simple exercise in compliance misses the opportunities that are offered by the new regulations. Of course, being a legal matter, the Legal Department will be at the forefront of unpicking GDPR and translating the regulations for your organisation’s specific setup. The substantial impact on data systems will also require the skills of the IT Department to ensure that any changes to system architecture are completed. When combined with their existing workloads, a ‘good-enough’ approach is inevitable. After all, neither departments’ sole focus is the data subject. So should they be the driving force on your company’s GDPR project?
GDPR for marketers is obvious: the data subject is your customer. Every effort you make is to ensure a greater connection, the best possible. There are no half measures; why would an event as impactful as GDPR be any different?
“Over the coming year, one of the biggest challenges facing marketers will be the implications of the GDPR. Those not preparing for the new legislation – in whatever exact form it takes – are risking the very lifeblood of their future business. As well as protecting consumers, the marketers that take action now will be better placed to take advantage of the economic opportunities that digital transformation and big data will offer in the future.”
Rachel Aldighieri, MD,DMA
The journey to compliance involves big customer experience decisions. Consent is a central topic to GDPR for marketers; should it really be left to IT to decide when and how best to engage your customers for this purpose? Or for the legal department to phrase this engagement? Certainly, both are capable of completing the task, but are you comfortable, as marketers, relinquishing complete control of such a valuable touchpoint?
Under GDPR, for marketers the main question will likely change from “how can we reach our customers?” to “can we reach our customers?” Permission to market – or any alternative lawful basis (e.g. legitimate interest) to do so – will no longer be a simple signpost on the marketing journey, something that is fast put in the rearview mirror with pre-ticked boxes and bamboozling doublespeak. It will be a major border checkpoint for all those marketing to EU subjects, with the potential to break down the customer relationship before the marketing journey begins.
The opportunity to go beyond compliance will only be truly grasped with active involvement by marketers. The ‘good-enough’ approach will not limit the potential losses of a switch to consent. The categorisation of data use will not necessarily lead to its best uses. Those on the ground need to impact the discussion on the best path forward, on how to surpass mere compliance to, for example, build a stack that improves marketing experiences through better identification and intuitive permissioning. As part of this, your company’s GDPR activities need advocates for existing goals – rather than focusing on mere compliance – to ensure that forward steps are not taken in the wrong direction. And when compliance is reached, the race for the competitive edge remains: the more you do in the first stage puts you at an advantage for the future.
What’s more, compliance is not a matter that ceases to be an issue beyond the walls of the office. A company does not operate in isolation and nor does its responsibilities. Thus guidance as to the capabilities of your marketing partners, and where the weaknesses and vulnerabilities to you, as data controller, lie amongst your data processors is knowledge that requires input from those who hold the relationships to these partners – the marketing department. As marketers, you already work in a cooperative, collaborative environment; bring that joint approach to your company’s GDPR efforts.
Of course, the initial marketing response to GDPR was to look for the shortcut, the bypass to this steep regulatory road that has been well used by the digital advertising industry so many times before. But as the deadline approaches and the barriers lower on perceived alternative paths, it is becoming clear that the only route is compliance. So marketers have a choice: remain passengers to the inevitable, or get in the driving seat…
Teavaro provides training, consultancy, and technology (SaaS) solutions for GDPR and ePrivacy with a focus on digital marketing. More details can be found here. Please feel free to contact us with any questions or for further discussion.