Apocalypse Soon: One Year From Today, the GDPR Will “Deep Impact” Data-Driven Marketing

What’s the hardest part of the job for a CEO or other senior business leader? Operations? Managing the Board? Sustaining a healthy and productive corporate culture? Hardly. A good leader will have all of those skills in abundance, or at least know how to delegate the tasks.

The hardest part of the job is the one for which the leader is most ill-equipped, has no formal training (because it doesn’t exist), and at which they have most likely failed miserably many times in the past: It is, namely, predicting the future.

Every day, business leaders hear of new technologies, business models, behaviors, or regulations that (might) pose mortal threats to their firms. Conference agendas, Medium articles, and analyst reports all harbor knives that (seem to) hang over the head of the leader and her firm by the thinnest of threads, calling for immediate (and probably expensive) action to evade or repel the danger.

But the true conundrum lies in the conditional. Every change and every trend is potentially a lethal hazard . . . but it’s impossible to know for certain. Leaders spend a lot of cycles throwing darts in the dark. Is this trend hot or is it hype? Is this technology the New New Thing or the Next No-thing? Will a big investment in this area mean a second life for the firm, or will it be as useless as, well, Second Life?

Here’s some good news: The GDPR is not that kind of thing.

The GDPR is a gift from the future

When it comes into effect on May 25, 2018 the EU’s General Data Protection Regulation will affect every firm that touches the personal data of EU residents. For most, its impact will be massive and disruptive. And it’s a sure thing. The GDPR is hype-free and guaranteed to happen. (The only thing that could stop it is the wholesale collapse of the European Union. Which is definitely not to be wished for, because then firms will have to deal with 28 different personal data regulations across the EU.)

But by building in a two year grace period when GDPR was adopted in May 2016, EU regulators have effectively created a time machine that can project business leaders and their teams into the future. In 99 Articles and 173 Recitals, the GDPR spells out in considerable detail how the business environment will be transformed when the regulation is enforced one year from today.

When an environment changes, the creatures that inhabit it need to adapt . . . or die. And the text of the GDPR equally serves like an instruction manual for what kinds of mutations are called for if marketers and their firms aim to survive and thrive under the new conditions. (For a quick preview, see Seven Things Marketers Need to Know.) Familiarity with the GDPR is like a kick-start program for evolutionary adaptation.

In short, the GDPR charts the new data protection landscape, maps the mine fields, marks the fastest and safest routes, and even points out some of the rich veins of business opportunities that are lying just below the regulatory surface. (Example: Doubling down on your content marketing efforts [Arrow Electronics & Marketing As A Business Model] in order to establish trust before you ask for consent to use personal data.)

Don’t keep waiting for guidance

Yes, it’s true that some of the details are still to be worked out. Data authorities such as the Article 29 Working Party and the UK’s Information Commissioners Office (ICO) are working furiously to issue opinions and guidance in areas like profiling, consent, and data protection officers. But delaying action while waiting for further clarity is foolish. One, the final word will never be uttered, because the GDPR is a living beast that will and must adapt to new conditions and contexts. Second, time is running out, and there’s more than enough work to be done over the next year, regardless of the nuances.

Most importantly, keep in mind that the GDPR is a principles-based regulation. That means that you need to adhere to the spirit of the law, not merely to the letter. It is futile (and dangerous) to look for loopholes or try to devise clever evasion strategies. And the core principles of data protection (spelled out in Article 5) are crystal clear and immune to revision. Once you grasp principles like data minimization, storage limitation, and accountability, you can begin to measure the distance you have to travel in the next twelve months.

After the GDPR impact, the brave new world that dawns on 25 May 2018 will be a hostile – and ultimately lethal – environment for data predators and their practices of invasive, surveillance-based data collection, aggregation, and use. In contrast, data shepherds, who recognize and respect the fact that personal data belongs only to the person it identifies, will flourish and thrive. (And, frankly, profit.)  The transformation of marketing teams and businesses in general from predators to shepherds will be difficult for most, painful for many . . . and an astonishing competitive advantage for those who get it right.