Since GDPR came into force last year it made many marketers to re-examine internal procedures and processes as the law takes a wide view of what constitutes personal identification information and data protection.
Businesses are required to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Meanwhile, the GDPR also regulates the exportation of personal data outside the EU. This made other regions also refocus their efforts on privacy and consumer data rights.
So how can data handling be transparent and create a climate of trust in the business ecosystem?
The Future of Commerce, listed 6 important questions about the GDPR for marketers:
How did consumers react to the GDPR?
Confused about how to reach out to prospects and customers in their data systems, many marketers sent mass mailings, notifying consumers that they held their data, and asking permission to continue communicating with them. This provided a terrific opportunity to cement a closer relationship with prospects and customers.
But many marketers blew it, instead giving a reason for people on their mailing lists to opt-out with pleasure. Why? Because instead of telling people how important they are, and how they planned to interact with them going forward, these mails just reminded customers that they were signed up to a mailing list that was no longer relevant to them.
Have we seen a business impact?
Let’s face it, data privacy is a business issue with strong implications on customer experience, brand reputation, and personalization.
Trust, transparency, and reputation are all on the line every time we engage with a prospect or customer. Those that took GDPR as an opportunity worked on addressing this as a benefit to the relationship by pointing out how they handled data, why they collected it, and how it was used, as well as how they plan to use it going forward.
Were there any early adopter benefits?
Firms that were first to embrace GDPR consistently report improvements in their business outcomes, including their customer experience and data strategies.
GDPR has also been pushing firms to innovate and prepare to deliver services of the future, in line with compliance and transparency. GDPR can be an opportunity to more clearly engage the prospect or customer as a trusted provider of service.
Where is data protection and privacy headed next?
Tech companies cannot require that you must give up your data to receive value from their products and services. If you want to ask for data, there should be a reason for it and there must be an option to revoke the information if requested.
To be precise: Consent must stand out, be clear, and include the reasons for collection.
Where should we focus our data protection efforts?
Decide the purpose for collecting the data, and the way it is collected. Make the necessary process investments, supported by good tools, to know the state of your data protection efforts beyond a dashboard.
Data protection policies (DPP) should include internal data protection awareness workshops, privacy impact assessments (PIAs), managed breach detection and response, and breach notification policy. Get the necessary tools for a data audit, as data discovery, mapping, and protection technologies are all key aspects to protecting consumer data and privacy.
Cybersecurity monitoring, threat detection, and alerting systems are also necessary to ensure GDPR compliance, because under current GDPR requirements, organizations must report a breach within 72 hours of discovery.
What can I do to proactively make this an opportunity for our marketing team?
Privacy protection compliance should be enforced through not only business processes and strategies, but also investment in technologies and incident response management. Data breaches are not only expensive but erode trust in the brand.
Other countries are passing laws to protect its citizen’s personal data.
One of those countries is Brazil, that passed a bill on personal data protection last August. The law comes to force in August of 2020 and it was closely inspired by GDPR.
If your company have operations in our country and need more info about the Brazilian LGPD (General Data Protection Law, in Portuguese), talk to us! We have specialists on that matter in our team and they’ll be glad to present what FH can offer, so that your company will comply to our laws!
Reminder: The penalties were also inspired by GDPR and can reach the astounding amount of R$50.000.000,00 per infringement!