Join David Booth for an in-depth discussion in this video Raising awareness in your organization, part of GDPR for Marketers.
- Perhaps one of the most important things that you can possibly do at this point is raise awareness across your organization. This comprehensive law represents a new paradigm in which the responsibility to protect the way consumers' data is collected and used is placed squarely on the company that collects or even comes into contact with it. That means a whole new accountability for organizations large and small, and it impacts many people in many roles. In the marketing department, it impacts just about everyone.
If you're one of the few that has been actively preparing for the GDPR, then that's fantastic. Keep driving forward and educating everyone in your organization and across your ecosystem of partners and providers. But if you're one of the many that's just now starting to think about this, it's time to start moving. As a data and analytics consultancy, we get the chance to work with lots of companies across all kinds of industries and verticals, and it's alarming how many have underestimated the implications of the GDPR.
We were recently discussing this with the top marketers at one of the biggest brands in the world. And when we brought up the GDPR, it was brushed off with a, "Oh, legal told us that they we're going to handle all that "with some new reps and warranties." I'm not a lawyer, but I can tell you that that's not nearly enough. And it's entirely the wrong way to be thinking about GDPR. The GDPR will usher in some legal concerns, sure, but it will also be a catalyst for a whole new mindset around how we market to people and we use their personal information.
HR departments will have to look at how this impacts the employee data that they collect, as well as any data collected from those seeking employment or who contract with their organization. IT teams and agencies will have to develop or purchase mechanisms for obtaining consent and storing every single bit of personal data in a way that can be quickly provided to any person and edited or removed upon request. And any new development of any assets, applications, or anything else will need to be done with data privacy in mind from the very beginnings of the design stages.
Operations teams will need to figure out how they'll be able to provide notifications of any data breach at scale within 72 hours. Leadership teams will need to determine if specific data protection roles in the company are required and, if so, appoint and onboard them. And marketers will need to rethink their strategies and how they're going to get clear and unambiguous consent from consumers to do everything from anonymously track website behavior to targeting specific attributes across multi- and omni-channel campaigns.
For many organizations, there's a lot to do along the road to compliance. And the scary truth is that if any of these people and teams fail, the whole organization is opened up to the liabilities of noncompliance. The time to start was probably a long time ago. So if you're a bit behind, this is a great time to bring this to the forefront of your organization and educate everyone around you about what the GDPR is and what impacts it will have throughout your organization.
- Define “personal data.”
- Name three data subject rights provided by GDPR.
- Recall the steps that need to be taken to comply with GDPR.
- Explain “privacy by design.”
- Identify the responsibilities of a data protection officer.
- Recognize the steps required to audit your data and processes.