The initial shock of “you want me to do what!?!” regarding data protection and privacy appears to be wearing off and we are entering the “reluctantly getting things done” stage. The primary motivation at these early stages is legal compliance. Stated simply: we don’t want to be fined.
Yet as we unpack this and start to more closely examine these policies and procedures that are legal requirements, we notice they are also best practices for how to treat a customer or prospect. In our rush to explore and optimize digital marketing, we forgot the first rule of marketing: Take care of the customer.
Fact is during the last 20 years we have collectively mis-behaved regarding our customer’s data. I am certain many of the brilliant minds in human psychology could explain why, but the reality of today is we have to be regulated into treating our customer’s data and privacy professionally. How bizarre.
An Early Precedent
The companies who changed their email practices in 2014 due to the new Canadian Anti Spam Legislation (CASL) which is now being referred to as “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act ” for short, have begun to notice more frequency and an improved quality of engagement with their audience. One might go so far as to say there is a re-building of trust going on, within the first 5 years of the changing of poor practices as it applies to email marketing.
So what do we think may happen in the wake of the General Data Protection Regulation (GDPR) in the EU? As EU data subjects (yes, that’s what they are called) start to see companies and brands respect their privacy and work hard to secure their data from bad actors and harm, do you think their buying habits will change? Do you think brand reputation will directly affect sales? If so, how long will this process take?
With email in Canada, it was relatively quick when you consider brand cycles. Demonstrating respect for your customer and prospect’s data and privacy rights while striving for legal compliance should perhaps be considered a long term investment in the customer relationship rather than a legal necessity. After all, we believe our Personal Information Protection and Electronic Documents Act (PIPEDA) will look an awful lot like GDPR within the next 2 years.
The New Reality
If that’s not enough to convince the boss to address this important area of business management, consider a trend we are just now starting to notice: Large bids and RFPs are being threatened by poor data protection and privacy practices. We have had several clients ask us to help them through the audit stage of 3rd party contractors, vendors, etc. And the audit questions are lengthy and detailed. What’s on the line is the value of the contracts.
A construction renovation firm was bidding on a major renovation of a building and the insurance company involved wanted to know what their policies and procedures were regarding any data they encountered during the renovation. Examining the document we determined the GDPR was the driving force, but the mid-term impact on 3rd party providers of any service is staggering. In this case a $10 million dollar contract was approved or not approved based on the results of that data protection and privacy audit.
Data breaches are an everyday occurrence…