Some say there's a supervolcano under Yellowstone that may erupt at any time. Others say an asteroid might smack into Earth. Or Trump might win a second term.
I say, let's focus our panic on potential disasters that are already in clear sight, barreling right at us faster than a Facebook privacy lawsuit. They're especially mesmerizing when it's a situation where people really ought to be paying attention, but aren't even aware of what's approaching.
I'm talking about the GDPR, of course. A looming shitstorm of exposure and liability for digital marketers that, up until the very last moment, way too many of them have chosen to ignore.
And it actually is practically the last minute. Because the new regulations go into effect on May 25th, with ginormous impact on how digital marketers do business.
Not knowing? Not a defense.
Those in the know have been warning marketers about the consequences of the GDPR for years. Even so, a few weeks ago the Computing Technology Industry Association, or CompTIA, released a survey, “The State of GDPR Preparedness in the U.S.” Some of the not-so-fun findings?
- Over half of U.S. companies say they're still trying to figure out whether or not they're liable under the GDPR.
- Almost 65% of companies aren't aware of the fine structure imposed for GDPR violations.
- One third had no plans to change their business practices with regard to the E.U., another third might, and the third third? They're not sure.
When it comes to whether or not U.S. companies are potentially liable, here's a hint: If they've copped any personal data on an E.U. citizen, even inadvertently, they're more exposed than Stormy Daniels.
- If you tracked an E.U. citizen's behaviors using cookies on your website? You're liable.
- If a single E.U. citizen bought something from you and submitted payment and shipping info, you're on the hook.
- If you've got just a single worker who holds dual citizenship with an E.U. country? Well, guess what?
- Even if you haven't captured the info yourself, if you've hired an agency or bought a mailing list that's captured E.U. citizen data, the law considers you the "director" who's also responsible for the violation.
Failing to comply with the rules could result in penalties of up to 4% of a company's global annual revenue per violation, or €20 million – whichever is higher. Though, as some of the more sober-minded pundits have pointed out, fines are a last resort for the enforcement agents behind the GDPR. They'd much rather issue warnings and recommendations before ever bringing up the possibility of fining a company or marketer.
Fines are almost the least of it, though. The very existence of the GDPR is a high-water mark for the rising tide of consumer concern about data privacy. Marketers who ignore the GDPR may be ignoring something much bigger than mere legislation.
A looming shitstorm of exposure and liability for digital marketers...
What to really grok about the GDPR?
People want their privacy, darn it. Or if they give up even a sliver of it, they want a reward for sharing their personal data with a marketer.
Forrester conducted a recent study that plumbed the depths of distrust people feel toward companies' use of their personal data. It also plumbed the depth of obliviousness on the part of those enterprises.
- 61% of U.S. adults expressed concern about the sharing of their data or online behaviors between companies.
- Increasing numbers of consumers block ads (33%) and use browser do-not-track settings (25%).
- In evaluating 19 companies on a list that included tech giants like Apple and Google, 35% of U.S. online adults and 45% of European online adults said that they “don’t trust any” to safeguard their data.
- 91% of enterprises marketing to consumers said increasing use of data is a priority; only 71% said privacy protection was similarly a priority.
- Only eight of 17 small enterprise respondents said that they have technical and procedural controls in place to protect against the use of customers’ data in ways that fall outside of their privacy policies.
The very existence of the GDPR is symptomatic of this distrust and worry, and digital marketers need to wake up and recognize the fact that customers want security, transparency, and control of their data. Those who don't will be the ones who suffer under the GDPR, or the onslaught of public opinion or negative word-of-mouth.
Those that do demonstrate their concern for protecting customer data? They stand to make out better than ever.
The Amazon example
Want to know what types of enterprises consumers tend to trust the most with their personal data? Those with whom they have a transactional relationship, according to a study by digital identity systems provider ForgeRock. If consumers are paying a brand for goods or services, they're more likely to have faith in how that company will use their data. Companies that don't have this transactional relationship are forced to do more to develop trust.
It's why a majority of consumers who have shared personal data with banks and credit card companies (79%), utility companies (78%), payment apps (78%) and insurance and/or pension providers (77%) feel they can trust these organizations to manage it responsibly.
What's interesting is how strong Amazon’s reputation is; 74% of consumers trust it to store and use the data they've shared responsibly, which is on a par with trust levels in more traditional organizations. Americans are more likely to feel in control of information shared with Amazon (67%) than they do banks and credit card companies (60%). That's a pretty significant insight.
What's this got to do with GDPR? Merely everything.
First of all, you can bet Amazon is prepped and ready for the GDPR, because they understand the value of the relationship they've built with customers. It's one reason their data security is so tough; when was the last time you heard about an Amazon data breach of any consequence?
Jeff Bezos doesn't ever intend to sit on an asbestos hotseat cushion in front of Congress if he can help it.
But the other GDPR-related point to remember is that an Amazon, or any other company that demonstrates its respect for the sanctity of customer personal data by shouting its GDPR compliance, is going to become a customer favorite.
Data privacy compliance is going to become a new coin of the realm for engaging and evangelizing audiences. It's also a gold mine for the platform providers who can best help marketers achieve that compliance.
So to summarize:
- The GDPR is on its way.
- The GDPR can affect/afflict U.S. companies, not just E.U. ones,
- If you assume you've got nothing to worry about, you're probably wrong.
- Marketers who are GDPR-compliant just added another useful tool to their digital engagement arsenal.
- Mark Zuckerberg should have known better. About Cambridge Analytica and that stupid seat cushion.