Trends for 2018: Brands won’t be able to do with data what they can’t explain to customers

With GDPR coming into effect next May, marketers must get to grips with their data to ensure they are fully compliant.

How big a deal will 2018’s new General Data Protection Regulation (GDPR) be for marketers? The true answer is that no one knows.

If you haven’t yet heard the dire warnings that you could forfeit €20m or 4% of global turnover for breaking the new law, you probably deserve to be fined – awareness should no longer be an issue for brands.

The questions hanging over marketers as the May deadline for compliance approaches are: how proactive have their preparations been, are their measures sufficient, and will the Information Commissioner’s Office (ICO) actually be capable of prosecuting anyone?

It is safest to assume that, despite its scant resources, the ICO will look to lay down a marker with a high-profile test case in order to deter brands from taking a lax attitude. And if you have such an attitude right now, the danger is that could be you.

Though brands are reticent to go public about what they are doing – partly for fear of drawing attention to themselves and partly because some marketers believe it is the job of legal counsel, presumably – Marketing Week has surfaced a number of encouraging case studies from brands with a clear plan of action.

Steve Forde, director of online product and marketing at ITV, admits it involves “a lot of contractual and legal work”, but points out marketers are the only people “representing the consumer, the marketing side of things and the opportunity”. His key insight, applicable to all brands, is: “If we can’t easily explain to [customers] what we’re doing with their data, then we shouldn’t be doing it”.

If you have got “stringent processes, governance and controls” for data already, GDPR compliance should be less revolution than evolution, adds Cancer Research UK director of individual giving Graham White.

Marketers should already be part of cross-functional teams determining policies, which the vast majority of big brands will be finalising in the first five months of 2018. If you are not in that position, you need to ask colleagues why not as a matter of urgency.

Marketers will also need to take a direct interest in the makeup of their databases and what GDPR allows to be done with them, and then train their teams. This should hopefully be aided by clearer guidance from the ICO in the coming months, though that has been promised throughout 2017 and so far little has materialised.



There are 2 comments at the moment, we would love to hear your opinion too.

  1. Pete Austin 15 Dec 2017

    It’s easy to explain what we’re doing with data – just don’t drill-down into too much detail.

    Consider this article – you’re explaining the GDPR but with no quotes from its text, and no reference material except more of your own blogs, because readers don’t need them. Exactly what marketers can do when explaining how personal data is used.

  2. tom wright 19 Dec 2017

    Cancer Research was fined by the ICO under existing legislation in April this year for screening over 3.5m million donors by their personal wealth, and using external providers to add phone number data to data of donors who had declined to give that information: their compliance with GDPR is not an encouraging case study, its an example of what happens after regulator action.

Leave a comment