A new survey of global marketers highlights the need for brand organisations to work faster and harder to get to grips with the challenges of GDPR, even if they are not based in the EU.
The World Federation of Advertisers survey found that 70 percent of brand owners said that they felt marketers in their organizations were not fully aware of the implications of the General Data Protection Regulation (GDPR).
Only 65 percent of respondents said they expected to be fully compliant before the rules come into force in May 2018 and just 41 percent said they already had a framework/strategy in place. One in four organisations surveyed said they were still in the initial planning stages.
The knowledge gap was more severe among marketing teams based outside the EU. 56 percent of respondents said their European teams were more aware of the challenge, compared to a global average of 44 percent. This is important because the rules apply to any company which offers goods or services to consumers in the EU or monitors the behaviour of people located in Europe, regardless of where they are based.
“It is a concern that only nine months away from implementation many marketers are not prepared. The risks of not being ready for GDPR are huge both financially and in terms of consumer reputation. If you are looking for help getting your marketing organisation up to speed then the WFA’s new Guide to GDPR for Marketers is the best place to start,” said Jacqui Stephenson, Global Responsible Marketing Officer at Mars, and chair of the WFA’s Digital Governance Exchange.
Other key findings include:
· The two biggest challenges for brand owners are ‘connecting the dots between data stored across different parts of the organisations’ which was cited as extremely challenging.
· The top three priorities for respondents was to review consent mechanisms for collecting and processing data.
· One in three organisations are planning to hire a Data Protection Officer, which will become a legal obligation for companies that monitor consumer behaviour on a large scale.
To address the knowledge gap, the WFA has created a new GDPR Guide for Marketers, which has been compiled in conjunction with global privacy and cybersecurity legal experts Hunton & Williams.
The report highlights the five key areas where marketing teams need to take action:
· Brand owners need to be able to demonstrate that they meet the GDPR’s new and extensive conditions for consent to be valid: consent must be freely given, informed, specific and unambiguous.
· If getting consent isn’t a viable option (e.g. because the company doesn’t have a direct link to the consumer to ask for consent), marketers will need to work with their legal teams to identify other ways to collect and use consumers’ personal data. They also have to highlight such practice in places such as privacy policies.
· Brands need to explore creative ways to provide clear information about how data will be used in a concise and intelligible form, using clear and plain language.
· Children’s data will be a particular area of focus, as marketers will need to collect parental consent. The age at which parental consent will be needed could vary from 13 to 16 by country.
· Marketers looking to use data collected during past marketing campaigns to identify new target audiences will need to work with their legal teams to understand if this is permitted under the new rules.
“Marketers need to engage with experts from across their organisations to ensure they fully understand the impact of these new data protection rules. That means regular conversations with legal, compliance and digital governance teams to ensure that they are meeting the new challenges presented by these rules. This applies not just to companies within the EU but anyone who uses data to reach consumers within the 28 member states,” said Catherine Armitage, Senior Manager, Public Affairs, WFA.
