Colin McMillan, Head of Technology at Dog
“First and foremost, communications organisations like ourselves must raise awareness of the new regulations across the business and with our clients. To make sure that we fully understand the implications of the new regulations, Dog has created a GDPR steering group of specialists across security, development, marketing and QA. This means that we are well placed to respond to, and advise on, GDPR compliance requirements.
“As digital specialists, we have a responsibility to inform clients (the data controllers) of the implications of GDPR and ensure that we (as data processors) have the correct documented policies and robust processes in place to protect both ourselves and our clients in ensuring that compliance is achieved and maintained.
“As most of our industry probably are, we’re working in earnest to help clients navigate GDPR, communicating areas for attention on their existing websites: to ensure that data is cleansed; engagement communications are set up to request users to remain opted-in, or opt out from data storage; and ensure proper security measures are in place for any storage of personal data. One key area we are focussing on is the ability to retain analytics insights without the retention of personal data. This involves the anonymization of data, so that customer interactions and goals are still tracked, without the need to associate these events with individuals.
This is about taking a collaborative, sensible approach to regulation created to protect the online consumer. It’s not something to be fearful of.
“It is simply part of the day job for those of us involved in digital communications.”
Laura Haggerty, Strategy Partner at Dog
“It is without question that the GDPR has created, and will continue to create, a bit of a stir within the marketing world – just as the new cookie legislation did back in 2012. Whilst it’s right to express caution and seek to actively prepare for this, comments and warnings suggesting this means the end of digital marketing or behavioural targeting are both unhelpful, and untrue. The digital advertising market was worth £8.6bn to the UK economy in 2016 and there’s simply no scope for this to be almost entirely wiped out.
What is certain to happen, and is a very positive thing for all, is that ad platforms, marketing teams, agencies and martech providers need to collaborate to ensure the responsible (and compliant) use of data at all times.
“We need to accept that we can’t just take the easy route and reuse personal information just because it can be tracked. There will be a greater requirement for strategic thinking and the application of technology to ensure that we can still deliver relevant and ‘personalised’ communications to individuals but without abusing their privacy rights. To achieve this we need greater collaboration, more transparency, updated privacy agreements to name but a few. And I’m sure there’ll be a number of tech adaptations and safeguards which need to be adopted. All in all, this is just another way to ensure that the internet can be used safely by individuals, it is not an attempt to sabotage one of our most lucrative industries. But gone are the days of just targeting as you please simply because you can.”
Next, DIGIT reached BIMA – the British Interactive Media Association. BIMA is an industry body representing digital sectors in the UK, and hosts 60+ marketing and networking events every year.
Sarah Hooper, council member for digital trade body BIMA, and Director at Amaze One
“The biggest disturbance is that control will jump almost completely from CMOs into the hands of customers, who’ll gain unparalleled ownership of their personal data. This should be seen as an opportunity for marketers though, to completely redefine how their customer relationships are working. Positive engagement and transparency will ensure an opt-in from customers that’ll potentially build even stronger relationships. Insight into these customers will be mandatory, to develop and grow these relationships in a way that demonstrates your company’s value to users/customers. Essentially, GDPR makes direct communication a privilege, where previously it’s been seen as a divine right.
“It’ll be important for all of us in our industry to work more closely with partners like the ICO and DMA, those companies who are there to help support us through this transitional period. We’ll also have to evolve beyond the traditional model of handling clients’ data on their behalf, and instead work alongside them to help them handle their data more effectively.
The challenge for us is to practice what we preach and genuinely conduct the best practice we espouse.
[From a tech perspective] “Organisations will need to have a single, unified customer view – GDPR leaves no grey areas here – but for most agencies this won’t be too much of a challenge as they’re already set up to support this. As long as your data and tech are ‘talking’ to each other, you’re likely all set. There is a lot of advice out there and useful tech available to support you, so if your existing tech isn’t doing enough, now’s the time to explore better options. That said, a lot of organisations are suddenly they’re specialist ‘GDPR’ agencies/organisations. It has a slight PPI feel to it!
“Nothing in client/agency relationships can be taken for granted.
“You need total clarity that you have consent, and you can’t do that unless you’ve explicitly asked. That means a new need for full understanding between comms organisations and their clients about what’s coming next year. Equally, just how much can be achieved. It’ll require lots more dialogue up-front, on accountability/responsibility for GDPR.
“There should be benefits, as long as industry bodies, agencies and service-led organisations conduct themselves properly, giving clients reassurance that – as mentioned – you can practice what you preach. We’re already seeing a shift in operational models with agencies, GDPR-led initiatives meaning we have to work hand-in-hand with clients rather than merely offering delivery and implementation. It requires a more embedded, onsite, team-extension based approach.
“Finally – it’s going to be a big shift for brand reputation. Values and reputation will be far more symbiotic, as how they treat personal data will be as important as what they say they stand for. And yes, I’m afraid that will include agencies!
Speaking of the DMA, last but certainly not least is Chris Combemale, CEO of the Digital Marketing Association. The DMA offers legal advice and information on changes amongst the marketing sector. Chris offered some optimistic concluding thoughts on the changes that GDPR will usher for the marketing world.
Chris Combemale, CEO of the DMA group
“Many organisations will need to make changes to how they approach their data-driven marketing in order to be more transparent, more secure and more accountable. This must all be done in a way that is also designed to keep the customer’s right to privacy in mind when businesses are taking decisions. However, for those companies that have been fully compliant with current data protection legislation and the ePrivacy Regulations, the incremental burdens of GDPR should be achievable without undue harm to your business.
“The way companies collect, share and use personal data will fundamentally change under the GDPR, which will mean many organisations have to revisit their policies on the handling of this data. All companies will need to be accountable for their decisions by documenting that they have considered the impact on privacy of their decisions. This will mean implementing a culture of accountability including Privacy Impact Assessments, Legitimate Impact Assessments, staff training and data protection officers (DPO) where appropriate.
“The new rules set out 6 bases on which businesses can process data, all of which have been put on an equal footing. Marketers will most likely rely on consent or legitimate interests as appropriate for different aspects of the marketing communications, segmentation and analysis.
This will depend on the organisation, but our advice to members and the industry at large is clear. You must continue to prepare for the new rules now, despite them not coming into force until May 2018.
“For most organisations some updates will be required, but there are already emerging a ranges of new technology and services to help. For example, new systems through which businesses can better track consent. Only by looking at current processes and systems through the lens of the new rules will any organisations be able to understand the exactly what they need to change. Not being compliant in time is simply not an option.
“Properly implementing the accountability and transparency principles in GDPR will go a long way towards creating a more open dialogue with customers around the way companies collect and use personal information. Those businesses that are transparent, accountable and trustworthy will reap the rewards in the future, while also being compliant.
“Brands focusing on being just the right side of the rules will ultimately struggle for consumer trust in the future. In a world of ‘fake news’, simply telling the truth isn’t enough, brands must put their customers first and prove they’re good custodians of personal data. Successful organisations will be those that approach data as an honest exchange of value between the business, looking to prosper, and the customer, looking to benefit. The benefit of this approach is not merely being compliant, but actually reassuring your customers that you’re responsible and accountable for your actions.
DIGIT would like to thank Colin McMillan, Laura Haggerty and Helen Reid of Dog Digital, Edward Bell of Propeller, Sarah Hooper of BIMA, and Tim Bond and Chris Combemale for their contributions to this article.