GDPR: Time to Reap the Opportunities for Customer Acquisition and Management

At the end of 2017, with the General Data Protection Regulation (GDPR) looming, research suggested that U.K. small businesses had spent an average of 600 hours each preparing for it. A survey of 500 small business owners found that a quarter had hired new staff to work on GDPR compliance, while half had spent an average of $10,500 on external guidance and consultancy.

At about the same time, the Data & Marketing Association (DMA) conducted a poll of senior marketers; 71% saw the GDPR as a creative opportunity, believing that the new data laws would mean that in the next 5 years, customer acquisition campaigns would become more creative.

According to Rachel Aldighieri, managing director of DMA, “Those organizations that put creativity at the heart of a customer-centric approach, not simply viewing the new laws as a simple legal issue, will thrive in this new environment.” On the other side of the deadline, what does the landscape look like?

A survey of companies across the U.K., European Union (EU), and U.S. carried out in June 2018 by Dimensional Research on behalf of TrustArc reported that 20% believed that they were GDPR-compliant. An additional 53% were in the implementation phase, while 27% had not started their implementation. EU companies were furthest ahead, with 27% reporting compliance, compared to 21% in the U.K. and 12% in the U.S. Seventy-four percent of respondents said that they expected to be compliant by the end of 2018.

It’s early, but some organizations are already reporting that the new regulations are causing them to radically rethink how they manage their information and how they use that information to engage with customers.

A case in point is Cancer Research UK (CRUK), the world’s largest independent cancer research charity. Back in April 2017, CRUK was one of 11 U.K. charities fined by the Information Commissioner’s Office for breaching the Data Protection Act by misusing donors’ personal data.

CRUK conducts research into cancer prevention, diagnosis, and treatment. It also runs campaigns aimed at raising awareness and influencing public policy. Forty thousand people in the U.K. regularly volunteer to help the charity. Maintaining strong supporter relations is critical, as CRUK is almost entirely funded by donations. Speaking at a recent conference in Brighton, England, Helen Dodd, CRUK’s head of data governance, explained the organization’s current approach to data governance, which she characterized as “just the start of a beautiful relationship with information.”

In Dodd’s view, the GDPR can bring organizations closer to their audience. Just as importantly, it also gives organizations an opportunity to use information more effectively.

As part of its commitment to the GDPR, CRUK has implemented a data network consisting of permanent data representatives around the organization who maintain an engagement with data compliance. Teams that complete higher-risk data processing activities have larger numbers of data representatives. New roles with data protection responsibilities will be introduced across the whole organization to help maintain high standards in line with the GDPR. Challenges remain, not the least of which is the need to learn holistically and at-pace. 

Looking to the future, Dodd believes that data capability, together with the process re-engineering that has been a feature of recent compliance activity, will influence new initiatives, “moving away from accountability to efficiency. … Tackling GDPR is a first step in reducing risk, which provides a foundation for even more interesting, innovative work.”

Digital marketers in the U.K. have, in general, been refreshingly welcoming of the new rules, praising the emphasis on building strong relationships based on transparency. But there’s no doubt that digital marketers now have to be more imaginative in order to create content that is engaging, but respectful of the need for data privacy. 

Related Articles

Each year, we receive many more submissions for the EContent 100 list than we can use, and many interesting companies don't make it onto the final list. Here we introduce you to some of the companies that caught our attention during the voting process. We'll be keeping an eye on them during the next year, and you should too.
For content creators who leverage the regulatory requirements of the GDPR to refine their customer data-gathering processes and create—or rebuild—trust that such data will be used only to the customer's benefit, the byproduct should be more satisfied, more trusting, and more engaged customers. And that's a worthy goal on either side of the Atlantic.
The EU Copyright Directive, as it's known, is expected to pass into law when it comes to a final vote in January. It will remake the balance of power in copyright law in the European Union.
There's no doubt that Blue Planet II contained incredibly powerful content. But one wonders what made the message resonate so powerfully, and, more importantly, what has made it translate into real behavioral change?