Resources
How ready for GDPR and ePrivacy are you? This was the question I asked an audience of more than 200 B2B and B2C marketing professionals, when invited to share the DBS Data journey to compliance at the recent GDPR Summit in London. The scale of the response was somewhat shocking, with 95% of delegates raising their hands to confess they were just beginning their path to compliance. Only a handful of delegates were well underway and just one person professed to be fully compliant (and I am proud to say that was a member of my team here at DBS!).
The fact that so many marketing professionals had taken a full-day out of their schedules to attend the Summit was great to see. It highlights that our industry is (if not with some hesitance) taking this significant change to our data protection laws seriously. What worries me is how long it has taken for the message to get through and whether these organisations have given themselves enough time to make the 25th May 2018 deadline. Especially given that some of those present in the room represented large organisations such as airlines.
The good news is that if you delve in to the detail of GDPR it is actually very closely aligned to the current Data Protection Act (DPA), albeit with some important additions such as the right to be forgotten. So, if you are already compliant with the current legislation, then GDPR compliance is only a few steps away. However, do not underestimate the importance, time and resource that can be required to make the jump from DPA to GDPR compliance.
Standing on the stage in front of my marketing industry peers, I was of course proud to share that DBS Data is GDPR compliant, but the journey began several years ago, and it required a huge commitment from across the organisation to get there. It wasn’t a case of simply designating a Data Protection Officer and sending opt-in emails, as some worryingly believe. It needed to start from the top of the business. We then went through an arduous process whereby every procedure was reviewed and where necessary revised, and training given to instil best practice. GDPR isn’t about an end game that finishes on 25th May 2018, it needs to become business as usual.
A word of warning – GDPR isn’t the end of the regulation rollercoaster. Hot on its heels is the European Commission’s task is to reform ePrivacy PECR legislation, currently overshadowed by the GDPR. In first draft, it is set to represent a significant and arguably greater compliance challenge than GDPR, particularly in respect to digital. So, my advice to you whether you are just starting your GDPR plans, are on track, or are one of the few that are confident of already being GDPR compliant, is to start thinking about ePrivacy today.
Finally, it is important to remember that there are many positives to come from taking the GDPR and ePrivacy compliance journey. Do not lament the people on your database that you ‘may’ lose contact with. After all, good data-driven marketing is more about quality than quantity. Focus on having the best possible up-to-date and highly engaged marketing database of customers and prospects that have consented with you (consent really is the new ROI). Do that and I am convinced that one-day you will find yourself thinking this new regulation is actually a step in the right direction for the direct marketing industry.