Trouble? Well, the big trouble is if you’re not GDPR-compliant by 25 May 2018 you’re risking a fine of 4% of your global turnover.
Just imagine British Airways’ being fined (£90.4m) for not getting it right. But I passionately believe there’s an obvious upside too, which frustratingly not enough people can see. And that upside is adding significantly to your brand’s value.
I’m encouraging marketers and their creative partners to seize this opportunity to prove brand purpose, to be genuinely transparent, open and honest with customers.
Right now, I guess around 50% of UK businesses are running around frantically doing impact assessments and mitigating risk when what they should be doing is taking a long hard look at themselves and how they treat their customers (I guess the other 50% are just worrying about the fact they haven’t done it yet).
Yes, we all need to be compliant by next year, but please don’t just treat this as yet another annoying regulatory box ticking exercise. Give it real vision and meaning. The kind of CEO-led vision that the whole company can believe and get behind.
These are not just data laws (there are two coming down the pipe, by the way, GDPR and ePrivacy) these are marketing laws. That’s because all modern marketing is data-driven.
I’m being deliberately strident because recent DMA research reveals business confidence in being GDPR-ready is declining and, even worse, a quarter of companies (24%) have yet to even start a GDPR plan.
It’s not surprising then that there is a degree of nervousness. Especially as post-GDPR judgements are expected to be as unforgiving as the latest pre-GDPR ICO fines. But, what does this mean? Well, those who have large amounts of customer data collated, especially data that isn’t specifically "opted-in", are rightfully apprehensive because the legislation is specific and onerous.
GDPR is a game-changer designed to reset the balance of power, giving brands a chance to re-establish trust with consumers.
This isn't just a marketing problem, it’s an existential business problem as most parts of the business can be impacted. Any data held must be auditable and have specific consent, however, considering the grey area surrounding data consent, I believe the regulator must be clear and consistent as soon as possible.
The issue is the balance of power between the consumer and brand has shifted too far across towards brands. Too many are operating with no controls over data use, and buddied-up with the bad practice of using data freely and unethically.
Issues such as data breaches and opt-in uncertainty mean consumer confidence in brands has eroded, but I completely believe the time is now to act. GDPR is a game-changer designed to reset the balance of power, giving brands a chance to re-establish trust with consumers.
I see too many companies merely working towards "compliance", cutting corners and throwing the ball into the data team’s court. That's a naive attitude. It’s not enough in a world where seeing a consumer as an email address is unacceptable.
Brands that focus on being "just legal" will ultimately struggle for consumer trust in the future.
Simply telling the truth isn’t enough, however. Brands must prove they’re authentic and good custodians of customer data. Achieving this level of transparency is exactly what the opportunity provided by GDPR is all about. It provides us with the catalyst for a badly needed change.
Mark Runacus is chair of the DMA board.
Wondering how, or even if, you need to worry about GDPR compliance? Watch out for our series of GDPR Q&A pieces. Got a burning question you'd like answered? Send it to email@example.com