Gartner predicts that, “on the date of [GDPR] effectuation, more than half of companies affected by the GDPR will not comply fully with its requirements.”
With the new legislation only 11 months away, how ready are you for GDPR? As a B2B marketing services agency we are taking compliance very seriously and readying ourselves, and our clients, as far as possible.
We read Gartner’s advice with interest as they state we should all be focusing on the following 5 points:
- Determine Your Role Under the GDPR
If your organization decides on why and how personal data is processed it is essentially a “data controller.” Therefore, the GDPR applies. Such organizations should appoint a representative to act as a contact point for the data protection authority (DPA) and data subjects.
- Appoint a Data Protection Officer
This is especially important when the organization is a public body, is processing operations requiring regular and systematic monitoring, or has large-scale processing activities.
- Demonstrate Accountability in All Processing Activities
Organizations must demonstrate accountability and transparency in all decisions regarding personal data processing activities. According to Bart Willemsen, Research Director at Gartner, “Accountability under the GDPR requires proper data subject consent acquisition and registration. Pre-checked boxes and implied consent will no longer be sufficient. Instead, organizations will be required to implement streamlined techniques to obtain and document consent and consent withdrawal.”
- Check Cross-Border Data Flows
Data transfers to any of the 28 EU member states will still be allowed, as well as to Norway, Liechtenstein and Iceland. Transfers to any of the other 11 countries the European Commission (EC) has deemed to have an “adequate” level of protection will also be possible.
- Prepare for Data Subjects Exercising Their Rights
Data subjects have extended rights under the GDPR. These include the right to be forgotten, the right to data portability and the right to be informed. Be ready to handle data breach incidents, or suffer significant consequences.
Sound advice Garter, thank you. We’re on it and we hope everyone else is too!
We also read an article by Christopher Baldwin of Selligent with interest. Rather than the ever-present scare-mongering, Mr Baldwin espouses what an opportunity GDPR is for brands to reconnect with customers and to put customers first. “The new GDPR should serve as a timely wake-up call for our industry, to reject the promotion of self-serving messages, in favour for establishing relevant, contextual – and compliant – customer relationships. It’s a win-win scenario for marketers and consumers alike!”
Customer-centricity should be key to any brand objectives. Engaged customers stay loyal and act as great brand advocates. Baldwin suggests GDPR will mean marketers need to “take off their marketing hats, disseminate consumer data and dig a little deeper to contextually engage consumers, in ways that are data-led, insightful and compelling.” We live in a data-driven world and GDPR will fine tune our focus on the data we have available and how we can use it; something which is particularly crucial in the consumer, B2C environment.
We concur with Mr Baldwin and applaud his positive attitude. But we’re still a little vague as to how this will ultimately be relevant to the B2B world. And the more questions we ask of the ICO, the DMA and peers in the industry the muddier the water seems to get.
GDPR does represent an opportunity to innovate. Forward thinking marketers may be able to capitalise on operational data agility – particularly around data security, data privacy and data governance – to exploit the situation to their competitive advantage.
What next for GDPR B2B Marketing
It’s an exciting time to be in marketing and we are ready to embrace the changes. But, as a B2B marketing services agency, what we really need is definitive advice on the B2B sector. What will the real impact be? At the beginning of June, the DMA advised us they are still waiting for ICO guidance on certain B2B interpretations. On 22nd June, we attended a seminar on GDRP at the B2B Marketing Ignite event but came away as flummoxed as ever. The advice from speaker James Kooms, Chief Privacy Officer at dotmailer, was “Don’t leave it any longer in getting prepared, but we have to admit it’s all a bit vague”. Come on people, we only have 11 months left – give the B2B sector a break and provide some clarity!
So, we wait.
In the meantime, here’s the ICO GDPR checklist to review, reflect and act upon; in the absence of any B2B-focused guidance it’s all we currently have to work with …