Skip to main content

How I Learned to Stop Worrying and Love GDPR

embracing gdpr in business blog photo

In a recent article, we explained what GDPR is—a new European consumer privacy law that also applies to U.S. businesses—and why it’s having a major effect on brand marketing worldwide. We told you about the hefty fines and legal risk associated with violations and some of the easy first steps you could take today. Basically, we showed you the stick.

Now for the Carrots

There are several very good reasons to embrace GDPR—to see it as an opportunity to increase customer trust, satisfaction and sales. Businesses that embrace GDPR now can set themselves apart from the competition by demonstrating leadership and vision on an issue of growing importance to consumers. They can also be better prepared for subsequent privacy laws that may be enacted at the state level.

Albert Einstein famously noted “Whoever is careless with the truth in small matters cannot be trusted with important matters.”

The fundamental principle of GDPR is that businesses have an obligation to be responsible when handling customer data. The new law may be foreign, but the concept isn’t: whether it’s FDA regulation of food safety or access for the disabled, we’ve long expected that businesses will take the necessary steps to keep us safe. Those that do not face criminal or civil penalties and will find themselves shunned by consumers.

GDPR represents a change, but only in the sense that in a hyperconnected digital world, consumer data now requires the same care and protection as consumer health or safety. If you pride yourself on having a clean facility or making a reliable, safe product, GDPR is an opportunity to further prove your trustworthiness to your customers.

Once More Unto the Breach

Data security has been a hot topic for a while now as high-profile breaches have hit businesses like Target, Facebook, Equifax, Uber and Whole Foods, among many others. Consumers are more aware than ever of the risks associated with these breaches. According to a 2017 study, “85% of all U.S. shoppers surveyed say they won’t do business with a company if they have any doubts as to whether their data will be kept safe, and 71% would stop doing business with a company for giving away their sensitive data without permission.”

A study by TrustArc on progress toward GDPR compliance made by businesses in the U.S., U.K. and EU revealed something interesting: Of the companies surveyed that were either fully compliant or working towards compliance, the majority were motivated not by fear of fines but by customer/partner expectations and a desire to support their company values.

As more and more businesses follow suit, a new standard will emerge, and those that fail to adapt will find themselves left behind. GDPR is an opportunity for any company to demonstrate leadership and vision by embracing these changes, rather than resisting them.

Carpe GDiemPR

Alan Fleischmann argues in an article on that CEOs in particular should seize the opportunity offered by GDPR:

In addition to what GDPR will demand of them legally, companies should ask how they can acquire the data necessary for them to stay competitive while maintaining—and even increasing—their level of trust with the people they work to serve. If they do so thoughtfully, with the right tone and intentions, CEOs can position themselves as leaders on the topic while establishing their companies as trustworthy parties motivated by customer devotion more so than regulatory requirements.

Basically, there’s a window of time where companies who are proactive on GDPR compliance can gain a real advantage on their competitors and earn greater loyalty from consumers. In a world where customers are increasingly suspicious and wary of marketing efforts, success lies not in trying to outsmart customer defense mechanisms but rather in changing the paradigm entirely.

Can I Interest You in This Lovely White Paper?

The average online shopper knows the risks—hand over your email address for a 15% off coupon and get bombarded with emails. As marketers, we’ve done this to ourselves. In a quest to increase the size of our email marketing database, we’ve programmed potential customers to expect the worst.

We publish free white papers for download, but savvy web users know that getting free content is going to cost quite a bit of their personal information. They have to calculate whether that white paper is worth the time and effort it will take to unsubscribe from future emails and duck unwanted cold calls or sales pitches.

This isn’t good marketing—it’s a hostage negotiation. If the ultimate goal is to put the right offer in front of the right person at the right time, then we really should start by making sure we’re providing valuable, relevant and timely offers to people who actually want to receive them.

By giving people the ability to choose when and how they want to hear from us, businesses not only build trust but improve the odds of actually driving sales. What’s the use in sending emails to 500 people if only 150 open it—and only 50 even consider the offer? It’s better to focus on the much smaller group that wants to receive your emails and work to provide them personalized, relevant content that solves a problem or improves their lives in some way.

You Had Me at “Privacy”

In other words, GDPR is going to force marketers to market better: to learn more about who their customers are, understand their needs and deliver something of value. Instead of just trying to avoid the “no” of an unsubscribe, brands must work to earn the customer’s “yes.” And sure, your email list is going to lose a lot of addresses. But if you embrace this new, higher standard, you’ll have a list made up of true brand loyalists and fans who are eager to open your emails.

In a June 2018 Martech Advisor article, Tifenn Dano Kwan, Chief Marketing Officer at SAP Ariba, noted that “marketers can no longer think about their customers as a number—it now has to be about creating excellent, personalized experiences that put customers in control. By thinking about GDPR in this mindset, it should serve as a positive opportunity for marketers to course-correct…this is an exciting opportunity, and it’s one we should embrace.”

GDPR Heads West

Already this year, California passed its own GDPR-inspired Consumer Privacy Act. The new law—which goes into effect in 2020—gives consumers an array of new rights, including the right to prevent businesses from selling or disclosing their personal information. Because of California’s size and influence, experts say the law is likely to set the standard for other states’ data privacy laws in the future. The lack of federal action on consumer privacy is another reason to expect more states to enact their own laws going forward.

Faced with a patchwork of different standards across the country, what are businesses supposed to do? Marketo’s Peter Bell suggests that GDPR may represent a universal solution:

Companies simply can’t maintain two sets of standards and processes. It’s too complex, takes too much work and is too costly. And the question is, why would you operate to both a high bar and a low bar? Surely with your customer base, you’d operate solely to a high bar, even if it’s just to save costs and reduce complexity. Brands that do this now are already being rewarded by consumers with their money. Amazon and Netflix are quite celebrated in that they use data to increase the consumption of their goods and services. This trend will likely continue, and GDPR is the ideal catalyst to accelerate its prominence.

Surf’s Up

GDPR is part of a larger wave sweeping across the global business landscape. Businesses who embrace the challenge of GDPR can “ride” this wave to better customer relationships and a new kind of marketing success. Those who resist making the necessary changes—or who fail to meet customer expectations—will find themselves swept aside. The time to decide is now.