GDPR - are you legal or business?

Michael Gentle
Sep 22, 2018 · 3 min read

How you view the legislation can dramatically affect your business

GDPR? What a pain! Doing business in today’s competitive world is hard enough without having to contend with intrusive legislation such as this. Let’s bring in the lawyers, tick the boxes and adapt to the new rules. That way we take no risks.

Well, that’s certainly one approach. You could call it the legal-driven approach. Here’s another — let’s call it the business-driven approach.

GDPR is a reality and it’s here to stay. Instead of wasting corporate energy fighting it, we can see if at heart it doesn’t present a business opportunity. Instead of constraining our business, it might well enhance it.

Which approach do you favour?

Which tribe do you belong to?

The marketing automation company Marketo has just published a very interesting study on the subject, entitled The Two Tribes of Marketing. Based on a survey of 300 marketing decision makers in UK, France and Germany, it describes a cultural split that drives an organisation’s approach to GDPR:

  • Legal-first (45% of respondents): We are doing what we need to be legally compliant with GDPR and will change our marketing in line with these legal requirements.
  • Marketing-first (55% of respondents): We are using GDPR compliance as an opportunity to better engage with our customers and prospects through smarter marketing

An example of how this cultural split played out is in marketing consent, whereby many legal departments steered marketing towards re-permissioning campaigns that significantly reduced their prospect base. This should not come as a surprise because the response rate for email campaigns is usually quite low. You’d be lucky to get an open rate of 30% and a click-through rate of 5% — especially when you’re competing with half the planet doing the same thing in the runup to the May 2018 deadline.

In a business-first approach, however, this reality would have been obvious from the start, and people would have stepped back and evaluated alternative solutions, like using legitimate interests, or other ways of obtaining consent that could get a higher response rate.

There are other GDPR areas besides lawful basis in which a legal-first approach could give rise to the law of unintended consequences — and paradoxically increase the risk of non-compliance. Examples are employee privacy policies written in legalese which focus more on liability than on getting a simple message across; or training that try and turn employees into GDPR experts instead of just teaching them how to be compliant in their jobs.

Find the right balance

In their report, Marketo makes no bones about where it stands on the issue, saying that “overly focusing on compliance to the point that you ignore the imperative to engage with customers in an effective and meaningful way is going to make marketing and relationship building really hard work.

That’s a point worth thinking about. After all, GDPR is a complex piece of legislation involving law, technology and business. As such, it has to be addressed from both a liability and a business perspective.

So, to all the companies out there who are still working on their GDPR compliance: try and get all the people around the table — legal, technology and business — before making important decisions. Like most things in life, it’s all about balance.

Michael Gentle is the founder of The Balance of Privacy, based in Geneva. For similar articles by Michael, click here.

The Balance of Privacy

Data privacy is the new normal

The Balance of Privacy

Data privacy is the new normal

Michael Gentle

Written by

Michael Gentle is the founder of The Balance of Privacy, a GDPR consultancy in Geneva.

The Balance of Privacy

Data privacy is the new normal