Too many organizations still view their data obligations as just that; a set of things they have to do
Over 18 months have passed since the General Data Protection Regulations (GDPR) came into force. In the two years prior and time since, we’ve seen a lot of change in the data and marketing industry – not to mention the UK’s political climate.
The constant appears to be the ongoing battle between global businesses, with an interest in our data, and the regulators trying to protect consumers’ privacy. Much of this discourse is pushing us towards increased scrutiny regarding global data regulations, digital marketing, social platforms and many more of the connected experiences we increasingly engage with every day.
Increasing consumer unrest
However, the fact remains that many of the data and tech power players are still largely able to write their own rules, with single nation regulators out-gunned in this fight compared to these global giants. Despite the media fanfare in May 2018 and the hard work that went on across the industry to get organizations ready for the new laws, it hasn’t taken long for the topic of ‘privacy’ to quickly return to something discussed by compliance and legal departments.
Too many organizations still view their obligations as just that; a set of things they have to do. The adversarial nature of much of this discourse around data and a defensive approach to compliance is only making things worse.
In a world of ‘fake news’ and lack of trust in industries or institutions we once held dear, the awareness among the public that something isn’t quite right is growing. In the last year, astronomical fine notices have been handed out by the Information Commissioner’s Office (ICO) here in the UK to British Airways and Marriot under the GDPR. These have been been the first sign that some organizations may not be the custodians of our data that we, as consumers for a moment, would hope. As the ICO continues to announce the results of these and other cases, the unrest among customers will only increase.
Customers are your most valuable asset
A narrow view of compliance, with laws like the GDPR and now CCPA, as simply a set of legal obligations ignores the principles of accountability, fairness, and transparency that underpin these rules. It also means organizations are left fighting fires as they spark into flame in the hope there aren’t any burning their house down just out of sight, rather than taking a proactive approach.
The only way to stop people from using their rights as weapons against those organizations they distrust or simply have a bad experience with, which we’ve seen last year, is changing the conversation. We must, as an industry, put the customer at the heart of our organizations' practices. We need to stop treating people and their data like legal disputes and a little more like fellow human beings.
What does that mean for you and your organization?
It means taking practical steps towards real transparency of data processing, ceding control to consumers, and rebalancing the relationship between the business and its customers. This final point is essentially fairness, something that can be easily translated to the general public in a way everyone can understand and may go some way to resolving the trust problem our data-driven economy has today.
This might sound like a lofty aim and something complex for organizations to define, let alone deliver on. But there are ‘codes of practice’ already in existence, backed up by best practice, customer insight and legal expertise, that can help businesses on this journey.
In fact, as the Chair of the Responsible Marketing Committee at the Data & Marketing Association (DMA) we champion the DMA Code – best practice guidance that all DMA members must abide by. This sets out four key principles of responsible marketing and the value exchange between a business and its customers:
- Respect privacy: Act in accordance with your customer’s expectations.
- Be honest and fair: Be honest, fair and transparent throughout your business.
- Be diligent with data: Treat your customer’s personal data with the utmost care and respect.
- Take responsibility: Act responsibly at all times and honour your accountability.
All of these are underpinned and support the central point I’ve already mentioned earlier, put your customers first. Value your customer, understand their needs and offer them relevance.
In addition to the DMA’s Code, the ICO has recently published its long-awaited draft of the direct marketing code of practice and invited comments from professionals across the industry.
The code consolidates previous GDPR guidance, PECR and cookie advice, and focusses solely on direct marketing – defined by the ICO as essentially one-to-one marketing.
It is a critical document for the data and marketing industry because of its elevated status as a code of practice, as opposed to guidance, will give it statutory status. Meaning that it will effectively become the legal rulebook for the sector.
The intended audience is typically “anyone that processes personal data for direct marketing purposes”, but in my opinion, it should be read by all those involved in the marketing process within an organization.
It specifically mentions the DMA Code as a point of reference for marketing best practices and supports many of its main tenets.
Perhaps the most important takeaway from all this, alongside the need to build consumer trust, is that businesses must become more customer-centric.
Not just because the law says you should or even because a code of practice advises it, that will only perpetuate the problems.
Create a new belief system within your organization and a sustainable future for your business by promoting responsible marketing as a driver for growth. Do it because it’s right. Right for you, your organization, your industry and – most importantly – your customers.