- February 20, 2017
- Posted by: Tim Walters, Ph.D.
- Category: Business Transformation, Customer Experience, Digital Marketing, Featured
Listen up, marketers! If your company has anything to do with any resident of the European Union, you need to get real familiar with the GDPR, real fast.
The GDP what, you say? The GDPR is the General Data Protection Regulation. It spells out substantially new and disruptive requirements for any company – anywhere in the world – that offers goods or services to EU residents. It will fundamentally change – or illegalize – many common marketing practices – and should give a big boost to content marketing in the process.
Don’t Fall for the Common Myths
It’s big enough to warrant a series of articles and blog posts on the Content Advisory over the coming months. To kick it off, we’ll explore the requirements for “data minimization.” But first, let’s clear up a few of the common misconceptions about the GDPR and how companies should respond:
- “The lawyers will take care of it.” Yes, the GDPR is a governmental regulation, but it’s definitely not just a problem for your legal counsel and compliance department. As you’re about to see, the GDPR will substantially impact any business process that uses personal data – including most marketing activities. It is imperative that you get involved now to understand what changes are necessary and begin devising the solutions.
- “We can worry about it next year.” If the GDPR is so disruptive, surely the regulators will give companies a chance to adapt to it, right? Absolutely correct – except, that grace period is right now. Enforcement and penalties have been suspended for two years, until May 25, 2018. Regulators will expect you to take advantage of this transition period and to be fully compliant in May 2018. Given the scale and the scope of the changes, it’s safe to say that you’re already behind schedule.
- “The EU is only after the big fish.” No doubt, massive platforms such as Google, Facebook, and Amazon dominate the personal data landscape and draw the most attention. But privacy and personal data protection are fundamental rights of every EU resident according to the EU Charter. Regulators have an obligation to defend these rights and to penalize violators. And don’t think that you can just pay the fines as a cost of doing business: Maximum penalties (for a single violation) are up to €20 million or 4% of your company’s worldwide gross revenue. (Take a second to calculate what that means for your firm – and then get up off the floor.)
From Maximum Data to Data Minimization
When it comes to data, the more the merrier, right? Vendors and advisors urge you to collect as much data as possible. Personalization tools are generally made more accurate with the addition of more data. Famously, data is “the new oil.” Or maybe it’s the new coal. How about the new bacon? (I’m not making this up.) In any case, data is a currency, and it should be treated like a corporate asset: accumulated, used, reused, traded, perhaps even sold – anything that allows you to extract value out of it.
Well, the new sheriff just rode into Marketing Town, flashed her GDPR badge, and said, “We’re gonna be doing things differently ‘round here.” (I’m thinking this sheriff should be played by Meryl Streep.)
In direct contrast to the practices of maximum data, the GDPR requires you to follow a principle of data minimization. Instead of gabbing the most personal data you can, you must collect and use as little as possible. Instead of Scrooge McDuck, skiing down a mountain of money, you need to be Bob Cratchit, rubbing two pennies together to keep your fingers warm.
Seriously? Oh, yes. Specifically, the GDPR states that:
“[P]ersonal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum. Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means” (Recital 39).
In short, the GDPR requires you to use the smallest possible amount of personal data, for the shortest possible period of time, and to delete it was quickly as possible once the specific purpose for which it was collected is completed.
(The name of the movie with Meryl playing the sheriff is “Honey, I Shrunk Our Big Data Strategy.”)
Crucially, these limitations are enshrined as “principles” in the GDPR – and affected companies must document and be able to demonstrate that all marketing activities always adhere to these principles. (And others spelled out in the regulation.) That means that you can’t innovate around the GDPR. There are no loopholes or grey areas to leverage – because it is not the letter of the law that matters but the spirit, articulated in principles such as data minimization.
With this, you can begin to see that the GDPR “places an incendiary into the plumbing of” digital advertising and marketing, and it’s a bomb “that cannot be disarmed by jurisdictional location, legal opinion, or lobbying.”
“A Revolution, Not an Evolution”
That’s a quote from one of the framers of the GDPR. As we said, it’s not just another regulation that will or can be taken care of by having your lawyers or compliance pros file a few papers. The GDPR requires you to fundamentally rethink how you do marketing, sales, customer support, and virtually every aspect of customer experience management. We’ve barely begun to poke this potentially very cranky bear (stay tuned for more), but the principle of data minimization should administer the first dose of shock therapy.
Think of it this way: It’s like the switch from desktop and laptop displays to relatively tiny mobile screens. The first reaction was to try to stuff the entire website onto the small screen. Bad idea, and flat out illegal under the GDPR anyway. The winners in the mobile-era are those companies that figured out most quickly and most consistently how to take advantage of the constraints imposed by mobile devices. And that means, to look at them not as constraints but as opportunities to create a whole new kind of user experience, a new kind of relationship between a brand and consumer on this mobile real estate – and one that is actually superior because it (necessarily) focuses on what really matters to the consumer.
So, dear marketer, the question in the GDPR-era is, how do you get the maximum out of data minimization? How will you adapt to the transformed data environment and not just survive but thrive on the new playing field?