As digital marketers, we will all be impacted by Europe’s data protection regulation taking place on
May 25, 2018. Digital will undergo the biggest changes over the last two decades and will represent a
cornerstone of the digital era. For this reason, I have decided to focus my new post on the European
General Data Protection Regulation (GDPR). Moving forward the new regulation will change how
businesses and public-sector organisations handle the customers’ information.
According to Richard Henderson, Global Security Strategist at Absolute – “To describe the new rules
as an update or a refinement in the data protection regime is not accurate – this is not a fine-tuning
of the law. A far more fundamental change is taking place.”
In other words, what does it mean?
The GDPR is Europe’s new framework for data protection laws – designed to strengthen and unify
data privacy across Europe but it will also provide greater protection and rights to individuals. It
tackles the personal data exportation outside the EU. First and foremost, the GDPR aims to give
authority to consumers over their personal data and to facilitate the regulatory environment for
international business by unifying the regulation within the EU.
Will you be affected ?
Every European citizen will have the opportunity to control the application of the GDPR and to
assert the rights and guarantees the adequate support to any company (European or not) that
collects its data. The stakes are high as the matter is to force, in particular on the American and
Asian giants, the application of the same binding rules as their more modest European competitors,
as soon as the data of a European citizen are collected and processed – it includes all: VSEs / SMEs,
multinational corporations, banks, insurance companies, online retailer, IT services companies, SaaS
service providers, mobile application editors, etc. In 2017, there’s been an unprecedented amount of
data breaches, including Yahoo, Xbox, Gmail, DocuSign, Verizon, and Deloitte.
All will be impacted by the GDPR when processing of personal data is carried out. It is a leading
transformation in the way, the roles and the responsibilities were handled and the way they will be
shortly reshuffled – so far controllers faced the major liability in any legal risks, and shortly
controllers and contractors will be on an equal footing with sanctions for non-compliance. It is also
worth mentioning that both private and public sectors are subject to the binding rules of the GDPR.
How the GRDP will impact corporations: Threat or opportunity?
In a recent study by Vanson Bourne where 625 IT managers from France, the UK, Belgium and
Luxembourg were asked about “how do they prepare for the GDPR.”
The study highlighted the fact that 54% of companies have a limited level of understanding
regarding the fines associated with the GDPR. Also, 17% of the companies admitted that if they
faced these fines they would have to shut down and 39% of IT managers surveyed believe that these
fines would lead to redundancies within their company.
In France, la CNIL (National Commission on Informatics and Liberty) was not authorised to go beyond
150,000 euros for a fine. From May 2018, French customers’ information will impose sanctions of up
to 20 million euros or 4% of the company global turn over.
In addition, the enforcement of GDPR is perceived contrastively amongst Europe as 30% of the
French companies see the GDPR as a priority, unlike 6% in the United Kingdom and 25% in the
Benelux. Moreover, 8% of French companies consider the GDPR as a non-priority compared to 20% in
the United Kingdom and 11% in Benelux.
Six months ago, only 42% of companies in Western Europe thought they would be ready for the
implementation of the GDPR.
Finally, 98% of organisations have implemented or are in the process of implementing a formal
employee plan that will define the data security policy and what is expected from them regarding
the management of personal data. It seems that despite some limitations, organisations are taking
steps to raise awareness in the area of data security and take this issue seriously.
Despite, this dark picture, it is also important to highlight that GDPR will open up some major encouraging solutions for both B2B and B2C industries, such as:
- Effective email marketing
With GDPR, B2B data will be considered in the same way as B2C data: Opt-in is required (for registered businesses). In other words, users will be prompted to opt-in to any marketing communications, and businesses will need to be able to provide evidence that they are responsible for managing data. One of the positive impacts of GDPR is that companies will clean-up and fine-tune their current databases which will lead to a refined list of users who have opted into communications which are much more engaged, drive to higher open, click-through, and engagement rates for email campaigns.
- Increased customer confidence
Consumers are well aware that from May 2018 onwards, their data is valuable to companies. Ultimately, this new level of transparency will bring to the customers a degree of trust that will enable them to share more data with their favourite brands.
- Avoid data breaches
Under the new GDPR regulation, any data breach should be stopped before its burst. Additional
data protection and security regulation benefit both customer and the brand.
GDPR is at the heart of organisational changes and will enable any businesses through culture and processes transformations to be ready for the future.
In conclusion, GDPR is not only about draining and lengthy procedures, but it also leads to many
occasions for great data and a more personal and bespoke relationship with customers. It’s also an opportunity for the marketing department to stand out and demonstrate that a new data strategy can
enhance marketing ROI.