The GDPR deadline came and went in a flash. For the amount of frantic emails and seemingly panicked companies who were unsure of how to respond leading up to the deadline, it has been eerily quiet since May 25.
Where are we now and what should marketers still have on their to-do lists related to this regulation? First, let’s take a look back at where we stood beforehand.
Status of compliance leading up to May 25
Prior to the GDPR deadline, SAP Customer Experience and the CMO Council teamed up to examine senior marketers’ experiences, opinions and intentions specific to GDPR compliance. The audience for the study included 165 marketers from leadership roles across North America, Europe, APAC, Africa, South America and the Middle East.
We found that at that time – and this was no surprise – many companies were behind on GDPR compliance and that there remained confusion about whose responsibility it was to manage compliance.
What we did find surprising, though, was among those who had not developed a compliance strategy, 42 percent did not believe GDPR applied to them and 26 percent said they did not collect the type of data protected under the regulation. Further, only half of respondents had a solid plan in place to comply with GDPR and had started to implement changes at the time of the study.
As the steward of customer information, marketing plays a critical role in ensuring compliance and maintaining customer trust as it relates to data. It’s clear that, leading up to the deadline, there were some common misconceptions around who was to manage regulatory compliance in the modern enterprise.
GDPR’s impact on customer experience
While many companies were not prepared for the GDPR deadline, a majority (71 percent) understood that it would have a substantial impact on the customer experience by increasing transparency for how customer data is used.
In fact, most marketers saw the regulation as an opportunity to increase customer loyalty. However, believing this in theory and executing it in practice are two different things.
In the new data landscape, marketers have an opportunity (and an obligation) to ask about – and abide by – customer data collection preferences. Once customers are aware of what pieces of personal information are being used and have control over its use, they will be more likely to allow that data to be leveraged in return for a better experience. Ultimately, GDPR provides context for how to connect data with customer engagements that are actually designed around the customer. Marketers should use this guidance to their advantage.
Trust as the ultimate currency
However, a better experience cannot be delivered without an underlying level of trust between brand and consumer; customer experience and trust are inextricably linked.
Marketers gain customer trust by being transparent and they keep it by consistently providing value and giving customers meaningful control of the personal data collected from them. GDPR validates and supports this notion. To successfully connect with the customer, organizations must identify and engage consumers across channels in a way that is respectful of their wishes and their privacy.
This includes rolling back the practice of buying data from third-party brokers – something that had become the norm at a time when marketing technology systems were bombarding consumers with messages based on inaccurate data. Now, marketers have an imperative to only use information they have earned explicitly through customer consent.
Moving forward: elements of a successful data privacy strategy
Given the dynamic changes in the global regulatory environment, marketers will have to adjust their internal processes and transform how they connect with consumers moving forward to remain compliant.
While many marketers reported they saw the regulation as an opportunity to increase customer loyalty, many weren’t planning to actually put this understanding into practice. According to the study, the biggest changes that marketers had planned to make regarding customer experience are how and where consent is obtained (60 percent), the tools used to collect customer data (51 percent) and customer data utilization plans and processes (48 percent).
My hope is that these numbers will steadily increase with time and continued education and awareness. In today’s global economy, all companies should be in the practice of explaining to customers why the company should have access to their personal data and how doing so will improve the customer’s overall experience. As mentioned previously, if a customer can see a benefit from sharing information, and is asked unambiguously for permission to use it, they will be more likely to do so, which is a win-win situation.
Further, in the wake of GDPR and other regional privacy regulations, all companies must allow consumers to decide what data is used and, more importantly, how the data is used. Most of the time, an individual will be more comfortable sharing some pieces of information than others – i.e. they are willing to share their date of birth and home city but do not want to share their email address. By allowing customers to manage their own consent and preference settings, companies ensure they aren’t using data in ways that may be misinterpreted as inappropriate.
Lastly, marketers must be consistent in their messaging
Once a customer agrees to share their data, brands must use it intelligently to deliver value at each touchpoint. If this consistency is lost, it’s likely that the individual will reconsider their data settings.
I urge business leaders to take a step back and recognize how responsible data management provides a ripe opportunity to build more meaningful customer relationships. Businesses today have a chance to turn compliance into a competitive advantage and should view GDPR and related regulations as an opportunity to drive customer affinity and, ultimately, deepen customer loyalty.
Patrick Salyer is General Manager of SAP Customer Data Cloud.