I've been working on GDPR compliance issues with clients for around 18 months now, at first learning the legislation from scratch, then helping clients understand it, and currently, assisting with their compliance processes.
It's been a long 18 months, and it shows no signs of letting up, with a very real sense that compliance issues will remain a significant issue for the industry long after GDPR comes into effect on May 25th.
As a client-facing digital strategist, it's been an incredible learning experience, giving me a clearer picture of where the industry is and where it is likely to go than I've ever had. Right now, that picture is predominantly of an industry led by confusion, fear, misinformation and worst of all: denial.
GDPR preparations to this point have been muddled and confusing, with many of the business owners I've spoken with still showing little willingness to understand the legislation and its implications fully. Many have stuck their heads in the sand and refused to remove them. The question is: why?
I believe this has highlighted an issue far larger than the basic nitty-gritty of getting compliant. The issue is realising we’re…not very good at our jobs.
Take email, for example. To send a valid e-mail communication under GDPR, broadly, we need to do the following:
1. Tell the individual, clearly, what we are planning to send them
2. Prove that they have agreed to this
3. Only send the individual the emails they have agreed to receive
Reasonable and simple, right? Then why has this caused such incredible panic and confusion?
Because our focus is in the wrong place. There is still a large part of the industry continuing to concentrate on how legitimate interest and contractual grounds may be used in order to avoid compliance, rather than confronting it straight on.
Most significantly, many companies are desperately seeking a way to continue to buy in lists of unsolicited contacts, pile them into an email system and pump them with unsolicited emails (often, this is in order to get the recipient to complete a form of some kind, feeding them back into the system as a ‘lead’, based on information the company already has. Great job, teams!)
It seems to be that the question being asked by most of the companies I deal with is:
"How do I continue to avoid relying on consent to send my marketing communications?"
When the question that should be asked is "How do I ONLY rely on consent to send my marketing communications?"
The core issue here is one that has plagued us in digital for years: volume.
The old 'more is more' approach, a leftover from the days of print advertising, where the number of eyes on your creative was the primary measurement of a campaign's success.
The more people we target as marketers, the more impressive we look, the more people fill in forms, the more impressive we look. Numbers for number's sake.
The wastage in digital marketing is phenomenal; we praise email open rates of 20%, for example. Would any one of us run a campaign saying "2 out of 10 people approve of this product!"
If our marketing communications are not worth saying yes to, we have a problem with our marketing communications, we do not have a problem with GDPR.
If not enough people are seeing our marketing communications, we have a problem with our outreach strategies, we do not have a problem with GDPR.
I believe many companies - and marketing and comms departments specifically - should take a step back and look at the real reasons why they are struggling to comply.
Yes, compliance is partially a case of getting the right systems and processes in place, but more importantly, GDPR presents a challenge to the way we think about how we communicate with customers at a fundamental, strategic level.
It’s hard not to cover old ground when saying this, but GDPR really does – finally – introduce an era where quantity over quality is THE guiding force in lead generation and digital outreach.
There’s a very dry argument that GDPR will finally give us the opportunity to “connect with the customer”, and while that may be true, let’s remove the business talk for a moment and think of this: we are now being forced to do a good job, not only for our customers but for ourselves.
GDPR is an opportunity for us within the marketing and advertising to finally do the things we got excited about when we first started our careers: advertising with killer creative, pulling together inventive methods of digital outreach, creating content that people actually want to read.
GDPR is not a draconian legislation that restricts us, it’s the thing that will allow the digital marketing and advertising industry to step into the sun, finally freeing us, as creative people in a creative industry, to get creative.
Want to hear more from Matt and other senior marketers on this topic?
Why not join us for our one-day event 'We Love GDPR' as we share practical experiences and thoughts with peers and experts alike.
We’ll cover the legal steps your business will need to take and look at how creativity, data and technology processes can work together to engage audiences from May.