Everywhere I turn for advice on GDPR I seem to get a different opinion. Our internal teams are looking at the letter of the law. That’s not surprising – we are a small part of a big company and the potential for significant fines is very real (up to £20 million). We’re also quite a risk averse company – this at times can be quite frustrating, but it’s to be expected. When you’re making decisions that impact upon the distribution and supply chains, and value streams, of some of the worlds biggest and well-known brands you need to be dam sure you know what you’re doing. For those of us who are not engineers and prefer a little bit more creativity and enjoy to work amongst more subjective aspects of the business world there’s always going to be a clash. But there are many questions to be answered around GDPR and it seems like much is open to interpretation. Okay, we still have over 11 months, but I want to be ahead of the curve- if we are hitting the ground running whilst others are pausing to wait and see then there’s potentially an advantage to be gained.
So, I have been having numerous conversations to understand the landscape – with suppliers, with GDPR experts and reading reports and advice from the likes of the ICO, DMA, DPA. It’s clear that much is open to interpretation and there are differing views. My previous post weighed-up the two sets of regulation that are GDPR and PERC and the two seemed to be complementary, but there is a view that GDPR replaces and over-rules PERC.
GDPR looks at data processing. Since processing accounts for (but is not limited to) both the collection and use of data, GDPR may therefore supersede PECR. That’s potentially very disruptive if it is true.
But many other questions exist too, of which just a few are:
What exactly does ‘legitimate use’ allow us to do and when can we correctly use it? How the heck will small business’ cope with staying inside these regulations? Will American, Chinese, and Russian companies just ignore GDPR? in which case it makes a mockery of what we are doing (and puts us at a big disadvantage).
Suppliers of marketing services, the Direct Marketing Association, GDPR ‘experts’, Data Protection Agency, ICO advice (not easy to digest!) – are all coming up with guidelines and advice that takes slightly different views and it’s all getting a little confusing. Where do smaller marketing teams turn for help? Some are down playing GDPR, others act as if it’s may be the biggest thing to impact business since Brexit. Is there an expert organisation that can provide detailed analysis and advice on the typical scenarios we (B2B marketing + B2B sales) find ourselves in? Is there a provider of training on the topic of GDPR in marketing where the conversation isn’t going to be dominated by the needs of consumer marketing organisations?
However I fear there is no quick fix. We have some serious scenario planning to do over the coming months and, once we have drafted these, the task of applying the rule book to them (with fair interpretation!) will commence.
Leave a Reply