25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?
Your website can be accessed from around the world
How many times have you logged onto a US-based website to find that it cannot be accessed because you are logging on from an EU country? Several high-profile websites, such as the Chicago Tribune, sites owned by media and entertainment brand A+E and the Los Angeles times have blocked EU-based users from visiting their sites, fearing they are not GDPR compliant. This is because any personal data that is sourced from citisens currently living in the EU must comply with the GDPR. Despite having two years to prepare, many businesses felt it was not worth the time to comply with GDPR. This shows the global reach that GDPR has had. Compliance with data protection regulation is far more than simply ticking a box, it shows that your business cares about protecting personal data. So even if your business is based outside the EU, failing to comply with GDPR will likely negatively affect consumer trust and could well affect the functionality of your website from outside the EU.
Increased trust from consumers
Under GDPR, organisations must now be much clearer on how they process and use personal data, with the regulation calling for businesses to conduct ongoing data protection impact assessments. Further, GDPR has created awareness of the importance of protecting data, making consumers far more suspicious of how their data is being used. A recent study showed 54% or UK consumers are willing to give away data in return for free or discounted products, while 47% of businesses admitted to selling consumer data to other businesses. While the shift in the level of trust people have has created a call for transparency, it is also an opportunity for businesses to develop trust between themselves and consumers. Ultimately, if people trust you, they are more likely to do business with your organisation.
Improved business culture
Before GDPR came into force, very few businesses could be referred to as “GDPR-friendly”, while we had all heard of diverse or animal-friendly cultures. GDPR has given businesses an opportunity to be pioneers in data protection. As GDPR was brought to the table in 2016, most people reacted the same way, simply wondering how it will affect their business and whether they still be able to market their product or services in the same way. Businesses that have successfully changed that mindset to “how can we protect our customers’ data?” can be one of the first to pioneer a “data protection” culture. Companies such as Adobe, Lyft, Pinterest, and Uber are examples of organisations that can pride themselves on protecting individuals’ data. Phone companies, on the other hand, have a bad reputation when it comes to protecting data, with Verizon, T-Mobile, and AT&T among the worst.
Increased cyber security
Under GDPR, organisations must implement an appropriate level of security to prevent a loss of data. As a result, IT staff are playing an increased role in preventing data breaches and other parts of the business, such as management, are being made to learn about the technical side of data protection. Further, some form of GDPR training is now compulsory for all staff, meaning every staff member now has a role in safeguarding data, as well as protecting against data breaches. Having this new-found awareness in place can only benefit a business.
Free demo: GDPR Technical Measures Knowledge Check
Better data management
GDPR required organisations to carry out an audit of all the data they collect, process and store. The results? Usually, realising you store a lot of sensitive data that is no longer necessary to store, costing the business money. A lot of the data could then be deleted, in compliance with GDPR, thus saving money on data processing and data storage. Further, after analysing the data stored, businesses were able to more easily fulfil another GDPR requirement, that of ensuring data is globally searchable and indexed, making it easy for individuals to exercise their right to erasure should they wish to.
Better marketing return on investment
In July 2017, pub chain Wetherspoons made headlines after it deleted its entire marketing email database, saying they felt their monthly email newsletters were intrusive. This move, together with their decision in April 2018 to delete their social media accounts, has allowed them to increase their ROI. While GDPR does not require we delete our marketing lists and social media accounts, ensuring that you are only collecting data that fulfills your chosen condition for processing data is likely to give better returns on whichever marketing efforts you use.
Conclusion: GDPR compliance has benefited businesses globally
Reaching GDPR compliance may not have been easy and is an ongoing process, but it is clear that the trust that it has created between businesses and the public has been beneficial, regardless of whether or not the organisation is based in the EU. Make sure your staff takes regular GDPR training and that you have the right policies in place.