Provocateur:

The EU’s General Data Protection Regulation is a clear indication that we’re entering a new era of data transparency and security. The way we do business will never be the same.

As marketers, we shouldn’t view GDPR compliance as an obstacle that our companies need to clear only once. Instead, we should look at it as an opportunity to stop and reflect on our practices, whether they truly benefit our customers, and how we can transform for the future.

GDPR isn’t just about changing the way companies interact with customers and handle their data; it’s about ending practices of endless data collection without a plan, ensuring security around that data, and giving our customers full access and rights to their data.

Marketing professionals should be particularly eager to capitalize on GDPR as a way to align their company’s practices with consumer expectations. GDPR gives consumers far more power over how their information is collected and used, from no longer assuming consent with prechecked opt-out boxes to requiring companies to release or delete customer data upon request.

These changes are good for consumers, and marketers need to not only believe that themselves, but also convey that message to their customers. In fact, we as marketers should embrace the fact that companies are being held to a higher standard. Sure, GDPR will cause its share of headaches, but the vast improve-ments in customer experience, transparency, and security will be well worth it.

Applying marketing principles to GDPR compliance

Millions of consumers have been sifting through countless emails about updated privacy and data security policies over the past few weeks. Although this may feel a little overwhelming, it shows that the lines of communication between consumers and companies are wide open. This offers a unique opportunity for renewed engagement and a chance to increase brand trust.

Forward-thinking marketers recognize that consumer expectations are about to shift dramatically. But this doesn’t mean that those marketers, or any marketers, should resign themselves to a desperate struggle to keep up with changing regulations and attitudes. It means they now have even more reasons to ensure that their organization proactively gives it customers a better experience and treats them fairly.

Marketing professionals have a vital role to play in this process. They have to demonstrate that their company takes its customers’ data security and privacy seriously — issues that will be closer to the forefront of their minds than ever before thanks to GDPR. Customers will also expect more transparency. From the simplification of absurdly complex “terms and conditions” to the requirement to disclose a data breach within 72 hours of finding out about it, companies will need to be ready for a much more open flow of information with their customers.

According to a 2017 survey by Deloitte, 81 percent of U.S. consumers agreed or strongly agreed that “consumers have lost control over how personal information is collected and used by companies.” Deloitte also asked respondents if they had taken certain actions over the past year “due to concerns over data privacy.” More than a quarter said they had avoided websites, disabled cookies, and “paid close attention to privacy agreements.” Meanwhile, 47 percent adjusted the privacy settings on their phones and 64 percent deleted or refused to download apps they didn’t trust.

There’s a whole lot at stake for companies when it comes to data security and privacy, and marketers assume much of this liability. They’re responsible for explaining why consumers should trust a company with their data – from demonstrating that the proper security measures are in place to being open and honest about exactly how the data will be used. And even more important, why the data is being used.

By framing GDPR compliance as an effort to give consumers more control and use their data more carefully, marketers can change the conversation from one about dealing with an onerous regulation to one about doing what’s best for consumers.

Why marketers should embrace GDPR

Marketers should see GDPR compliance as a way to forge a stronger link between what they do and the rest of a company’s operations. For example, GDPR requires companies to prevent customer data from being lost, tampered with, or stolen. So, GDPR gives companies a compelling reason to have an open, ongoing discussion about who needs access to what data, which can clarify data use and responsibilities among different departments — from marketing and sales to customer success and IT.

This will also restrict the amount of harm that can be caused by the use of unsanctioned cloud-based devices and apps (i.e., “shadow IT”). According to Gartner, one third of security breaches will be attributable to the use of shadow IT resources by 2020.

GDPR should also be an impetus for greater coordination within an organization on building customer relationships. For instance, there’s a stark disconnect between marketers’ efforts to gain consumers’ trust and the opaque gauntlet of “terms and conditions” companies foist upon their customers. Just imagine if “terms and conditions” were held to the same standards as marketing content that’s all about customer engagement, trust building, connection, and delivering a clear and compelling message that wins the customer.

Despite the fact that companies with superior customer experiences are 80 percent more likely to retain customers, companies still ask people to read pages and pages of inscrutable legalese if they want to understand their rights and liabilities. Perhaps this is why more than 90 percent of consumers “willingly accept legal terms and conditions without reading them,” according to a survey conducted by Deloitte. This is no way for companies to interact with their customers.

Thinking differently about GDPR

GDPR is forcing marketers to move from a data mind-set in which they collect as much as possible upfront and figure out how to use it later to a more thoughtful approach whereby they only collect data that’s necessary to deliver on a company’s mission and experience.

Although a sizeable 81 percent of U.S. consumers no longer feel like they’re in control of their data, that proportion fell from 90 percent between 2014 and 2016. And there was simultaneously a two-fold increase in the number of Americans willing to share information with brands. This demonstrates that attitudes toward data privacy aren’t fixed.

And even though GDPR only applies to EU data subjects, it sets a new standard for data security and privacy that no doubt will spread throughout the world. Consider, for example, the impending California Consumer Privacy Act.

In the end, GDPR isn’t only about compliance and privacy; it’s also about building trust and showcasing brand values. Marketers shouldn’t feel compelled to implement better data policies just because security and privacy rules are now being enforced. They should make customer-centric decisions because it’s the right thing to do.

About the Author

After stints as the CMO of NYSE Euronext and VP at Goldman Sachs, Marisa Ricciardi ventured out on her own, serving as a virtual CMO for several major financial-focused brands. She quickly identified a niche and the Ricciardi Group was born. In less than four years, she has built a team of over 30 employees and expanded her client roster to include leaders such as Adobe, Legg Mason, and BNY Melon, and emerging technology firms such as AlphaPoint and ComplySci.

She was named “Marketing Entrepreneur of the Year” in 2017 at the Markets Choice Awards for Women in Finance, and was cited as one of Inc.’s “10 Leading Ladies Changing Business as Usual” in April 2018.