When Two Tribes Go To GDPR
Posted on: Friday 21 September 2018 | Jed Mole
Jed Mole, VP of Marketing, at Acxiom, on GDPR compliance.
As we’re all aware, Europe is regulated by arguably the world's strictest data protection regime. Indeed, as one of the biggest legal shake-ups to affect businesses in recent history and one which had a dramatic impact on marketers, differing approaches were taken on how best to navigate GDPR compliance.
According to a recent survey from Marketo, two separate ‘tribes’ have emerged since its implementation. There’s the ‘marketing-first tribe’ in which marketers and business leaders have used the legislative changes to improve their focus on customer engagement and experience; ensuring they’re underpinned by compliant data, processes and systems. Then, there’s the ‘legal-first tribe’, who have focused first on the process and compliance aspects of GDPR; largely without focus the opportunity it presents.
To be fair, it’s not hard to see how these schools of thought came about. With GDPR, marketers were forced into unfamiliar territory; they were aware of data protection legislation but GDPR represented something so game-changing that it led many to default to the ‘legal-first’ stance. Given the business-wide legal implications in many organisations, legal had the opportunity and need to have business-wide influence. Equally, many marketers felt they knew too little to feel confident making decisions that could potentially cause compliance risk to the business as a whole.
With fines of up to €20 million or 4 percent of annual global turnover, it’s no wonder that many businesses have turned to compliance and legal to lead the necessary change. It was this mindset which ultimately led to a ‘legal-first’ stance, which, while keeping the business safe and compliant, could also miss the point of GDPR. I’m sure we’ve all heard of cases or seen satirical cartoons highlighting various over-reactions including making life harder for the consumer. For similar ‘legal first, experience second’ reasons, there has been an influx of ‘opt-in’ or ‘opt-out’ options or ‘click to activate’ requirements providing proof of consent. However, this action is often not completed, meaning that new subscribers can be lost easily to marketing.
What’s important to remember, and what the ‘marketing-first’ group have taken on board, is that the GDPR has been introduced to benefit people. Instead of treating the regulations as a legal headache, marketers should make it clear to their audience how it helps them, thus engaging them and bringing them along for the journey. By providing the necessary compliance details in a clear and concise way, marketers have discovered a way to interpret and apply the new laws in a constructive way that increases both trust and engagement.
That being said, there are consumers who have a more apathetic attitude, calling for marketers to adopt more creative ways to navigate the regulation such as by creatively using incentives - providing the public with some benefit to giving their permission for processing. Incentives could range from money off vouchers to competition entry depending on the type of company. So long as those who refuse consent are not unfairly penalised, this tactic is still well within the guidelines. Marketers should also explore a strategy for cases where there is no opt in – technically, this is known as the legitimate interests ground. It permits marketers to contact individuals if we have a well-reasoned and documented belief that, on balance, there is more benefit to the individual to receive the material than harm. In effect, it means people don’t miss out on getting marketing information they would prefer to get. It’s important to remember, we cannot aim for one level of consent and drop to a lower level if it’s not achieved. What we can do is approach audiences differently from the outset. However, it almost goes without saying that regardless of legal basis, consent or legitimate interests, we must always respect opt-outs.
The key to making the most of the opportunities presented by GDPR is knowing your audience. By communicating the legislation in the same manner and tone of voice that you would normally communicate with, you will not only avoid losing customers but could, indeed, end up engaging them further, increasing brand loyalty.
The best solution to navigating GDPR compliance requirements is inevitably a combination of the two ‘tribes’. Obviously, it’s essential to be compliant, and this is likely to involve continuing consultation with legal and data protection experts. At the same time, by being transparent and using the legislative changes to deepen customer engagement, it could well help develop lasting relationships with the company’s audience and create brand loyalty and trust with both customers and prospects.
Digital Advertising Guidance: DPIAs under the GDPR
Data protection impact assessments: When are they required? And what does a good DPIA process look like for the digital advertising industry?Learn more
Plan for a smooth transition: TCF v2.0 is coming
With the deadline for transition to TCF v2.0 approaching, Quantcast’s Senior Privacy Counsel Matthias Matthiesen shares how companies can prepareLearn more
Digital advertising guidance: cookies, consent & the GDPR
How do EU citizens perceive digital advertising since GDPR?
Research conducted by the European Interactive Digital Advertising Alliance (EDAA) shows that how consumer perspectives of digital advertising have...Learn more