There is certainly a lot of activity now around GDPR, but are many organisations missing a trick? Could they move forward from looking only at how to comply with legislation to thinking how they can look at the new rules as an opportunity for their brands?
No matter what company you work in, you’d have to have been living under a rock to have missed the urgent need to take action in the light of the upcoming General Data Protection Regulations (GDPR), so I’m not going to labour it here. Fines of up to €20m or 4% of global annual turnover are enough to focus the attention of any company. However, many advertisers I’ve spoken to still don’t have a plan in place that they are comfortable with, and many others won’t have their plan implemented in time for the deadline of 25 May 2018.
Understandably, much of the advice I’ve heard being offered seems to view GDPR as a compliance box-ticking exercise. For some brands this may be the right approach as they will view the legislation as something they can’t take risks with. Business models aren’t “one size fits all”. However, I feel many should see the impetus as a way of leveraging a competitive advantage and also, of course, of acting in the best interest of their customers.
They can do this by placing data governance and privacy considerations as a key element of their value propositions to foster greater trust. Using data creatively, certainly, but in a responsible way. For example: the GDPR creates greater transparency obligations for organisations. This is to be welcomed but how is this achieved in a meaningful and user-centric way?
There are still “known unknowns”, but it is clear GDPR is a game-changer, updating legislation for today’s data-driven digital world (and accordingly bringing more data into the regulatory net). It tightens the conditions for data use, provides individuals with greater control over their information and harmonises the new rules across markets and borders.
One of the most important facts about GDPR is that its territorial scope means it will have a global impact. Brexit is unlikely to alter this. Organisations – large or small and regardless of location – cannot afford to go wrong.
The UK is one of the most advanced digital and data economies globally, and certainly the most advanced in Europe. But we’ve an opportunity to go further and to lead the thinking globally around “privacy by design” where that is right for a brand. The GDPR encourages this: for example, by introducing Data Protection or Privacy Impact Assessments. But brands can truly build privacy considerations into every step of their business planning – from idea to market launch.
Legislating for this approach is not easy. GDPR is a good attempt to do just it, but it will be the market that in the end delivers innovations in privacy, not policy-makers or regulators. Advertisers can and should lead the way. The UK Information Commissioner, Elizabeth Denham, summed it up well when she said recently: “It’s not privacy or innovation – it’s privacy and innovation.”
I’m a big believer in industry engagement to move forward issues and opportunities for brands. I repeat it because I believe that is how the mid to larger brands need to operate in modern media and marketing communications. GDPR is currently one of the best examples of the value exchange you can get out of the ecosystem by participating in the feedback loop around a topic, sharing, listening, learning and, ultimately, influencing. This helps to inform your trade body, but also helps you to formulate views on what is going to be the right strategy for your brand.