It’s too late to be writing about GDPR. The legislation is weeks away. But in many ways, it’s a good time to focus on last-minute preparations and make sense of a task that will rumble on well beyond May. The seminar organised by Eventogy last week made me realise that despite the influx of repermissioning emails and advice articles, the vagueness of concepts like ‘data’ and ‘consent’ still makes GDPR an anxious topic. Here’s a summary of the talk I gave on how marketing managers can relax and get ready.
Nurture your core team
You can’t do GDPR alone, even as an SME. Make sure you have a core team working together, now:
- A lawyer. Unlike flu remedy, such as over-the-counter drugs or chicken soup, GDPR does require expert advice. Get a privacy lawyer, do a customer touchpoint audit with them, and ask for a spreadsheet of issues that traffic lights your readiness. Red / amber / green against each compliance point — simplicity of output is key.
- A product manager / business analyst. If you haven’t taken them out for lunch yet, now is the time. That legal spreadsheet will have to be specced and scheduled into action items for business operations and technology teams to implement beyond May, and it’s the BAs that will make it happen.
- A copywriter. Don’t leave privacy notices to compliance. Get them to review, but do encourage creative confidence from your copywriter. Good copywriters will skew towards simplicity and clarity. Opt-in is now a customer experience touchpoint; it’s a brand message, not just a legal one.
Think of it as decluttering
GDPR is a brand opportunity not a threat. I have been observing my own repermissioning behaviour, and I estimate that I’ve easily reconsented to about 80% of communications. The reason is simple — I want to hear from these companies. In the B2C context, it’s a great time to remind customers of why your brand is awesome, and in B2B, to reinforce your reputation.
I’ve sat in meetings where the risk to mailing lists was discussed with concern. It’s natural to approach GDPR like that. Instead, think of it as a proxy to your Net Promoter Score. Your passives and your detractors are officially no longer interested. That means you’re left with clear segments — the remainders are fans, and the leavers need convincing again. Start planning a new marketing campaign.
Practice mindfulness with customer information
Step outside of your professional routine and ask two questions. Do we need the information we’re collecting? Observe what you do with that information and reflect if you’d be happy for your own data to be handled that way. Here are some basics of data handling that aren’t even GDPR-related but simply best practice:
- Protect documents that contain customer information with passwords. When sharing the document, send the password in a separate email or by text message.
- Sensitive information needs additional encryption.
- Don’t share documents containing customer data on chat applications such as Slack, HipChat, or GoogleDocs.
- We all have to exchange NDAs when working with third parties, now simply add a data handling questionnaire to that introductory dance.
Beyond compliance lies innovation
The GDPR hit squad — the lawyer, BA and copywriter — will help commercial teams in the final sprint towards compliance. But beyond that — think broader. Imagine presenting privacy statements not just as text-based content with an opt-in, but as swipeable slideshows, videos, or infographics.
In other words — start thinking how you can innovate when asking for customer data. If approached creatively, GDPR is an opportunity to design privacy creatively. That’s a brand opportunity worth taking.
Natalie Malevsky has been leading digital initiatives in a number of sectors, for big brands like Disney, O2 and Sky, financial giants like Experian but also most recently a marketplace SME.