Despite GDPR coming into effect over 18 months ago, new research shows that many marketers are still concerned about their organizations' compliance
It’s been just over 18 months since the enforcement date of the GDPR. The latest research from the DMA shows that while the majority of professionals in the data and marketing industry have been given some form of GDPR training, there are many marketers out there who are still concerned about their organization’s compliance.
The consequences of non-compliance have been well-publicized through a series of high profile investigations by the Information Commissioner’s Office (ICO), ultimately leading to punitive sanctions for those organizations deemed to be acting unlawfully and with intention.
There have also been a number of data breaches over the last year, a cause of which may well be that staff were not effectively trained in how to manage customers’ sensitive information and maintain the necessary safeguards to protect their privacy. Once again, this has led to investigations by the ICO.
For instance, earlier this year the hotel chain Marriott was fined more than £99 million under the GDPR; British Airways were issued a fine of £183.39m. Highlighting just how much importance the regulator places on the security of customers' data and how seriously businesses should take this issue.
The costs to a business extend far beyond just fines, there can even be long-term effects on customer trust, share price and public perception that could have more lasting damage.
The vast range of issues associated with non-compliance should be enough for organizations to understand how important compliance is and the role all staff have to play in achieving it.
Data insights are vital assets to businesses, consumer trust is key to gaining them
For most businesses, data is its most valuable asset. So consumer trust in how they collect, store and use data is fundamental to building sustainable relationships with customers and increasing their willingness to share data.
The GDPR has already had a notable impact here.
For example, the DMA’s ‘Data Privacy: What the Consumer Really Thinks’ report indicated that the number of people who claim they would be more likely to exchange their personal information in return for personalized products or services has risen from 26% in 2015 to 34% in 2018. The research also found that more than half (51%) of consumers saw data as essential to the smooth running of the modern digital economy, up sharply from 38% in 2012.
Clearly consumers are increasingly more receptive to the idea of a ‘value exchange’ with businesses, with trust the key to unlocking data’s full potential. Encouragingly, marketers are confident that this is going in the right direction.
According to the ‘Data Privacy: An Industry Perspective 2019’ report, nearly half of marketers (49%) surveyed state that they believe consumer trust has improved in how brands handle their data. 46% of marketers agree that trust has increased in brands and their marketing.
Data is an essential part of the digital economy, so maintaining its security and consumers’ trust must be a business imperative.
So why is GDPR compliance not a priority for all businesses?
Given the role each employee has in protecting consumers’ personal information, ongoing training should be a clear priority for all businesses. Especially within data and marketing teams who can use it to better engage with consumers and improve the customer experience.
However, recent research conducted by the Data & Marketing Association, the ‘Data Privacy: An Industry Perspective 2019’ report, has revealed a number of alarming findings that would suggest otherwise in many cases.
- One in five (21%) marketers feel they have not received enough training to comply with the GDPR
- 18% of marketers say the GDPR expert they were trained with didn’t have the right experience in marketing
- One in 10 (9%) state that their training hasn’t been practical enough to date
- A fifth of marketers (20%) say their organizations are not implementing ongoing GDPR training plans
These figures all paint quite a concerning picture of some businesses neglecting their duty to equip marketers with the skills they need.
Leading up to the GDPR’s enforcement date, the DMA authored articles highlighting best practice and published guidance to help marketers understand their role, but this should only be used as a guide and as additional reading to supplement practical learning.
Due to the complex and subjective nature of the GDPR, expert-led training is essential for marketers to not just comply, but also be knowledgeable in delivering best practice.
GDPR training must be practical and relevant
Standard GDPR training goes into depth about how European data privacy laws have changed, what the key terms and main principles of the GDPR are, and help businesses to understand the consequences of non-compliance.
But marketers need to know more.
When marketing teams are formulating integrated marketing campaigns and collecting, processing and segmenting sensitive information, they need to not only understand their responsibilities but also how data can be a huge asset to the overall business objectives.
And most importantly, how they can protect the customer and build trust.
Legal experts writing and delivering GDPR training are no doubt skilled at interpreting the GDPR and understanding where an organization is legally obliged to protect consumers’ data.
Although it is one thing understanding the legal underpinnings to GDPR. It’s a totally different challenge to translate that into actionable best practice within a comprehensive data and marketing strategy.
This is why dedicated learning material and ongoing training is essential to a marketer’s ongoing development in this area.
There are a range of face-to-face and online learning platforms out there that can provide expert guidance, but whether to select the online or offline route will depend on individual and organizational requirements.
Whatever option is opted for, it is imperative that training is practical and relevant.
In addition, there must be clear structure within the business as to how training can progress with some regularity, to reinforce previous material and act as a reminder to the responsibilities all staff have.
The benefits of GDPR go far beyond legal obligations
GDPR is much more than an issue of compliance and non-compliance.
As the evidence suggests, GDPR will make consumers more likely to share their data and provide invaluable insights into their preferences, and even consumer behaviour in general.
This, in turn, will help marketers to send tailored content that the consumer is more likely to engage with.
There are still many businesses and marketing teams neglecting not just GDPR compliance, but also the benefits associated with best practice.
Without sufficient training, the long-term consequences could far outweigh the initial investment.
The benefits go far beyond the legal obligations and there are a number of opportunities available to those who understand how to obtain them.