Today marks the long-awaited arrival of the General Data Protection Regulation. First proposed in January 2012, this 88-page regulation has touched every organisation conducting business in the European Union. Information age speaks with Stephen Yeo, marketing director of Panasonic about their GDPR journey.
GDPR is the biggest shake-up of data protection and privacy legislation since 1998 when the Data Protection Act came into force.
Since 1998, technology has advanced immensely. The internet of things and machine learning have brought new insights to areas of consumer behaviour we could never have anticipated, while the proliferation of social media has encouraged the public to share their lives online for the world to see.
However, hacking scandals, cyber-bullying and fake news have emphasised the need for caution and greater understanding of what privacy really means and why it matters.
At a heart of GDPR, is the aim to empower citizens and residents over their personal data by way of simplifying the regulatory environment. Like it or lump it, that is exactly what it has achieved.
Empowered consumers
Stephen Yeo, Marketing Director at Panasonic said: “I think it’s a massive opportunity for brands. As a private citizen, I hate spam and I’ve even had my personal data stolen, so a piece of legislation that will help curb that behaviour is most welcome.
>See also: Elizabeth Denham: A profile of the Information Commissioner
“From a business standpoint, it will help further professionalise Marketing and instil more consumer trust in businesses.”
I think Yeo is making a great point here, pointing his finger at the colossal shift in not only consumer expectations, but also the shift in the power dynamic between customers and organisations.
At a time when social media has already empowered consumers, take for example the #DeleteFacebook following the Facebook-Cambridge Analytica data scandal, by giving them a new landscape for grass route campaigns, GDPR goes even further by giving consumers a clear set of rights.
Organisations that harm the privacy of their consumers will no longer face just reputational damage, their negligence or lack of safeguards to protect their customers’ data will come at a financial cost. The Information Commissioner’s Office (ICO) has a range of corrective powers and sanctions, including the ability to impose fines of up to €20 million, or 4% of annual global turnover.
The importance of technology and a competent IT department
Yeo added: “It’s actually our marketing technology that is at the heart of our GDPR compliance strategy and has really been there to ensure the right people have the correct tools for implementation.
Within Panasonic, a customer may provide personal information to various departments in the business such as warranties, sales teams and marketing leads, all saved on various databases.
>See also: EXCLUSIVE: Being a CISO in a changing threat and regulatory …
We pick up on all this data, but in the past, there was no central overview of the status of personal data. Which is where marketing automation technology steps in as our one system of record for customer data.”
Yeo’s point here on how reliant organisations are on a good IT infrastructure is important to note. The IT department is invaluable to GDPR compliance, as many of its obligations can be automated and made easier with the right technology. For example, if a customer want’s to be removed from your database, tools can be used to provide an easy to use an opt-out system.
Understanding the responsibilities in the context of your organisation
Each organisation is different and therefore, compliance with GDPR will be challenging in different ways.
Yeo explained: “Each country in Europe has a different etiquette for how people like to be contacted and likewise how they like to contact Panasonic. Our job is to make sure that each European country is satisfied with their engagement model while remaining compliant with GDPR.
“For example, after the 25th May deadline, all of the compliance automated workspaces we created for each regional law in France and Germany will now have to be condensed into one.
>See also: IT leaders must use tech for marketing too
Under regulations, most businesses will have to follow a data retention policy which determines how long a business can keep personal data. All customers of Panasonic will have their data kept for six years before having to be removed from every single record in the entire company.
The question then is, how do you measure the last time the customer was in contact? With Marketo, we’re able to actually listen to the data and whenever a record goes outside the retention policy, an automated instruction will be sent to the different systems to remove all records automatically. Which is physically impossible to be completed by human intervention alone.”
Embracing the future
Yeo declared: “GDPR stands as a major opportunity for brands to build customer relationships by demonstrating not only trust but clarity as well.”
Times have changed and consumers have more power than before. If organisations want to stay on their good side, they need an attitude like Panasonic. Countless research and visible consumer trends show that consumers want more.
If IT leaders and marketers can’t meet their demands they will lose out on their trust when their trust now matters more than it ever did. For a long time consumers have been limited to merely voting with their wallets; with GDPR and the power of social media, consumers have the means to dictate what they want. It will be interesting to see how companies follow suit.