When you want to find out about the impact of a new piece of legislation or regulation, you know who you should talk to first? The lawyers.
In the case of GDPR, they’ve got more than a few sidebars to offer about business preparedness for the new regulations. For example, international law firm McDermott Will & Emery worked with the Ponemon Institute to survey preparedness on the part of U.S. and E.U. companies, and released their findings:
- 52% of respondents said they expected to be compliant “on or before” May 25.
- 40% said they wouldn’t be compliant until sometime after the deadline.
- 8% weren’t sure when they would be compliant.
- There was no indication how many, if any, replied, “What’s GDPR?”
- 60% said GDPR would “significantly change” their workflows for collecting, using, and protecting personal data.
- 64% said one barrier to compliance was the need to make comprehensive changes in business practices.
There’s a commotion of polls and surveys shouting, in Chicken Littlesque fashion, about the extent and dangers of GDPR non-compliance. Missing the May 25 deadline didn’t mean the end of the world for the non-compliant, though, because regulators seem more interested in gently herding well-intentioned but oblivious marketers toward alignment with the rules, versus slapping them with jaw-dropping penalties.
But even if there weren’t fines and sanctions, there are plenty of business-building reasons for hustling into GDPR compliance. For digital marketers, product managers, and everyone else invested in customer engagement, GDPR literally offers a once-in-a-lifetime opportunity.
#1: Nurture authenticity
Last year, a survey of U.K. citizens found only 20% had have trust and confidence in companies and organizations in possession of their personal data. Today, new and emerging technologies are giving marketers fresh ways to leverage personal data, and consumers aren’t happy about it. That’s one wellspring of GDPR, in fact, as the E.U. was reacting to public sentiment about data privacy.
GDPR gives you, as a product manager or digital marketer, the chance to demonstrate your concern and respect for people’s personal data. By making compliance a very clear part of engagement, you’ll build a level of trust that’s invaluable. One company that realized the value of this years ago? Amazon, who, according to one study, is trusted by a whopping 74% of consumers to be responsible with their personal data. Amazon has gone out of its way to safeguard customer data, and give them a window into how it’s being used. The fact that people have a quid quo pro with Amazon, where they’re seeing obvious personalization benefits, is part of this success.
The lesson might be to make the benefits your audience accrues from the relationship very, very apparent, and truly resonant and valuable. That’s an exchange that will leave everyone happy.
#2: Leverage more customer loyalty
Here’s another point to ponder. When was the last time you heard about an Amazon data breach? Next question: Do you think Facebook is sorry it ever heard of the late, unlamented Cambridge Analytica?
Having a reputation for being strongbox safe when it come to user data? It’s golden. When FireEye studied consumer attitudes about personal data in 2016, it found 76% of consumers said they’d take their business elsewhere if a company was guilty of negligent data handling. 75% said they’d stop buying from any company that suffered a data breach after management had failed to make cybersecurity a priority. And 59% said they’d take legal action if their data was swiped and used for criminal purposes.
Being compliant with GDPR and its many strictures about data storage and privacy protection will pay off in customer loyalty and greater lifetime value.
#3: Grab market share
Product managers and digital marketers run themselves ragged looking for PODs and value props to put in front of their audiences. Here comes GDPR, practically handing them one on a silver platter.
To compete in the E.U., companies in every corner of the globe are realizing they’ve got to comply. If you don’t comply, you can’t play, and that means you’re being frozen out of an enormous market. In ecommerce alone, European countries were expected to constitute a market worth €602 BN – nearly $719 BN – in 2017. The quicker you’re aligned with GDPR, the more advantage you’ll gain over the laggards.
That holds on the B2B side, too. Supply chains will be disrupted a-plenty as many vendors struggle to meet the new regulations. That’s an opportunity to show business buyers you belong on their short list, since you’re GDPR-compliant.
#4: Optimize your database
Many marketers can’t honestly vouch for the quality of their leads and prospecting lists and d-bases. GDPR gives them a chance to ashcan the old and replace it with up-to-date contacts and data, obtained by securing unambiguous consent from audiences.
It’s a unique opportunity to cleanse your data, and restart with the knowledge that the fresh new opt-ins you capture are probably higher-quality leads than the majority of names you’ve currently got on the rolls.
To identify your best customers or prospects on your existing lists, you can drop them an email asking them to consent to staying on or else their accounts will get broomed. Got a lapsed SaaS user? It’s an excuse to drop that person a line that may possibly prompt him or her to start back up with your product, too.
#5: Mitigate risk
When you junk outdated contacts and lists, you’re removing the chance you’ll accidently violate GDPR by reaching out to E.U. citizens who haven’t opted-in under the new rules. But you’re also removing some of the risks and potential costs of cybercriminality, too.
The average data breach costs $3.5 million, so the more data you store – even from lapsed or redundant or otherwise useless accounts – the bigger the risk you’re running of being attacked by breach-seeking black hats.
So hold a Purge Party and happily jettison non-consenting accounts. And look forward to assembling and maintaining a database where there’s far more opportunity to profit.
#6: Save/Make more money
What’s the value of an optimized database? First off, you’re cutting the costs of storing and maintaining that data, not just reducing the risk penalties associated with it. Even without GDPR, most companies could probably stand to purge up to 50% of their existing data.
By improving your data security to follow GDPR mandates, you’ll also very likely reduce your vulnerability to cyberattacks. This lowers the “cyber tax” costs involved with fending off or recovering from attacks, costs companies nowadays see as a necessary evil when conducting business online.
Better targeting will cut down on many of the costs of a marketing campaign, since you’re able to conserve on media and DM budgets.
Better data results in better conversion rates, naturally. Under GDPR, you can exercise greater discipline and precision in terms of what data you’re collecting, and the purposes you’re (very transparently) putting it to. This pays off with far more personalized targeting and messaging, improving customer experiences and driving more sales.
#7: Unify your enterprise
Teams throughout the organization will have to work cross-functionally to develop the right processes, policies and frameworks to become GDPR compliant. One for-instance?
In plenty of organizations, IT and marketing, or IT and the C-suite, or IT and nearly anyone aren’t in close sync. IT teams manage systems, networks and architectures, while the marketing, or sales, or procurement departments are only worried about the data they’ve banked. Retrieving it is the only time there’s interaction between these camps.
GDPR focuses the attention of directors and other stakeholders (like the General Counsel, legal operations, CISO and others) on how the enterprise stores and secures data as never before. So systems and architectures and data storage, integrate to data privacy and security, will gain new prominence, and IT will be pulling at the same oars as everyone else.
This helps bridge silos, always a good thing in a Big Data era. Closer collaboration is the key to innovation and corporate agility, and even startups and SMBs can often stand to do a better job of tearing down walls.