GDPR: Don’t let a crisis go to waste, marketers

The enactment of new, tougher data standards by the European Union could be an opportunity for marketers, rather than a burden, according to a panel of marketing professionals.

The General Data Protection Regulation scheduled to go into effect in the EU May 25 gives marketers cover to revamp privacy and data usage practices and in the process overhaul their marketing technology stack and customer experience, said the panel convened by tech company SAP.  The regulatory requirement pushes into the forefront efforts that are often included in marketers wish lists, but just as often get short shrift in the push to attend to more immediate priorities, said the panel.

“You can see this as the carrot or the stick. Those who see it as the stick are going to be left behind,” said Patrick Salyer, CEO of Gigya.

Consumers are demanding more control over their privacy, especially since the revelations of Facebook data manipulation by Cambridge Analytica made the news, noted the panelists. Consumers want transparency around their data; ” they’re done with creepy,” said Salyer. Gigya, a customer identity platform, was acquired late last year by SAP, which is combining its functions with its SAP Hybris omnichannel commerce platform.

GDPR is an opportunity for further trust with consumers, said Alicia Tillman, CMO of SAP. A CMO Council survey found 71% of marketers believe GDPR will affect customer experience by increasing the transparency of the data used. It’s critical to think of trust as the new currency in this new economy, said Salyer: “Everywhere you see ‘GDPR’ substitute ‘Trust,'” he said.

“That is now the table stakes,” said Liz Miller, senior VP of marketing of the CMO Council.  CX is not a differentiator for brands anymore, and data privacy is a high-profile topic for consumers, so compliance is not really a question, she said: “For people who think there’s still time, time’s up”

The CMO Council and SAP recently polled marketing chiefs to establish readiness to comply with GDPR and found only half the marketers polled have a compliance plan for GDPR and have started implementing it; 23% have a plan, but haven’t started implementing and 26% either don’t have a plan or aren’t sure.

The process of GDPR compliance will give marketers a target and use case to focus the C-suite on this effort. GDPR compliance is both a business and a marketing issue in enterprises that believe how to treat a customer is part of a company’s values, said Mika Yamamoto, chief digital marketing officer at SAP.

“GDPR raises the base in how we earn that trust with our customers,” said Yamamoto.   “Those who see this as only a problem are not the ones who will flourish in the future.”

Many managers have made the wrong conclusion that this is a technology problem, not something marketing needs to address, said Miller.  The first priority for marketers should be to audit their marketing technology and do an audit of their data and customer experience, said Miller.

“We have this Frankenstack sitting in the corner” built over the years as marketing bolted on solutions to their platform as they were needed, she said. GDPR is a good moment to reshape the stack, clean data and “be the orchestrator of the customer experience” said Miller.

A “slim minority ” of marketers have taken this as a starting point to reorganize the customer experience, said Miller. “The one I’m really scared about is the number of marketers who think they still have time,” she said. Those marketers who wait “will be in a world of hurt,” said Yamamoto.

Salyer noted Gigya worked with a top-five CPG company that has thousands of brand sites around the world and it was still trying to sort out by adding features that allow consumers to offer consent or unsubscribe their data at will. But the warned that “businesses that are getting it wrong are just trying to check the box” to comply. Conversely, he noted the example of another client, a retailer that had a “Know Your Customer” initiative it had trouble moving up in priority; it used GDPR as a tool to present it to management and “all of a sudden, they had budget”

GDPR compliance has to be part of a philosophy, not just checking a box, said Salyer. Companies have to embrace privacy by design, he explained. Some of it will require new systems, but mostly it’s about changing a process, he said.

“It’s really about taking a systems or platform approach,” said Salyer. “It’s only then when you provide a good customer experience.”

Enterprises have to start by having everyone understand what GDPR is, what everyone’s role is in it, and how it will affect how they communicate with customers, said Yamamoto. Besides the compliance features, they need to address stewardship of consumer data, she said. They need to involve not only Legal and Compliance departments, but also marketing, sales, operations, enterprise and analytics, which will all own GDPR.

Measurement will be a big part of ensuring both regulatory compliance and the CX boost marketers want. They must understand where customers are engaging with the brands and not, and understand the benchmarks in order to fix the touchpoints that are not working, said Yamamoto.

“I think we’re going to learn a lot over the next year,” she said.

The regulations are a “sea change” according to Salyer, but the panelists added they are bound to keep evolving and marketers will have to keep up. Already a number of countries outside the EU including China are looking at their own GDPR-type laws, and the EU will have to continue revising it to keep up. Miller noted the current GDPR is already two years old, and the industry has changed greatly just in that time.

“Think of a little act called Sarbanes Oxley… and the revolution that happened in accounting after Enron,” said Jason Rose, senior VP of marketing at Gigya. The regulations of Sarbanes-Oxley required a complete rethinking in financial services, he noted.

“This is a Sabarnes-Oxley moment,” said Rose, “but people aren’t thinking about it yet.”