With 6 weeks to go, few if any firms are ready for GDPR

 In advertising, facebook, marketing

The news about Facebook just keeps coming, and it highlights the huge gap in readiness for the introduction of GDPR in just 6 weeks.

From my own research, it seems almost no firms are ready.

Watch my 4-minute vlog below to hear what I found.

Video ThumbnailThe news about Facebook just keeps coming. During their PR blitz last week, COO Cheryl Sandberg said that if users wanted an option to use Facebook without using personal data for personalising ads, then this would be a “paid  product”. I posted my point of view on this over on LinkedIn.   The post generated a great deal of discussion, mainly from well informed members of the social and marketing industries.   My thinking is that with Facebook and Cambridge Analytica in the news on a daily basis, consumers will start to reflect on what their own data is worth. I think we’ll start to see the rise of the “empowered consumer” and GDPR will really accelerate this.   The current data protection act is now 20 years old, and was written in the age when spam emails started to become a real problem.   Fast forward to the social media age, the legislation is no longer fit for purpose.   The upgrade of the privacy legislation with the general data protection regulation is a step-change in legislation and has actually been in place for the last 2 years. The difference is that it is enforceable from May 25. The Information Commissioner''s Office or ICO has said that there will be no “grace period” as the regulation is already in place.   Recent news that Royal Mail, Fly Be and Honda had all faced significant fines for breaching the current act, even before GDPR comes in should be a huge wakeup call.   I’ve been writing a lot lately about Facebook and GDPR, and keen to know more I sought the advice of a colleague who is a cybersecurity and privacy expert. Drew Fobbester. He has has spent literally hundreds of hours going through the GDPR legislation to try and made sense of what it means for marketers.   Over coffee, were talking about the GDPR regulations, and what marketers can do to ensure that their databases are compliant before May 25. I asked if it was permissible to write to those people who were on my own database and gain consent to continue marketing to them post-GDPR.   Drew brought up the examples of Honda and Royal Mail as they were attempting to do just this, asking if consumers “still wanted to hear” from them. They fell foul fo the law doing this months before GDPR is enforceable.   So now that GDPR brings the 20 year old data protection act into the 21st century, we find Marketeers are left way behind.   Another simple example proves this. Drew and I met for coffee at a well known chain of restaurants. As the bill was presented, we we’re given a business card sized piece of paper inviting us to sign up to their newsletter.   Without boring you with the details, the card, and the subsequent website we were directed to would have lead to five separate breaches of the GDPR legislation post May 25.   It is clear that ,marketers, and I include Facebook in this group are keen to grab our data, and then decide what they want to do with it without any concern for our own needs, and ownership of this data.   As I have been saying for years now as the Practical Futurist - this is not sustainable.   I believe that the collision of the Facebook crisis with the launch of GDPR will put the value of consumer data at the heart of many discussions going forward.   Marketers need to up their game in the next 6 weeks before GDPR and the potentially huge fines come into play.   Instead of seeing GDPR as a huge headache, see it as an opportunity to innovate how you collect consumer data and think about a fair value exchange rather than a one sided transaction.   I fear that Facebook is about to find out the hard way that consumers do put a value on their personal data.

The fact that large firms such as Royal Mail and Honda are being fined huge amounts for marketing communications thinly disguised as a way to keep people-opted into databases post-GDR should ring alarm bells for any firm thinking of doing the same.
The upgrade of the privacy legislation with the GDPR is a step-change in regulation and has actually been in place for the last 2 years. It is enforceable on 25 May meaning there is no “grace period” to get it right.

Marketers need to up their game in the next 6 weeks before GDPR and the potentially huge fines come into play.

Instead of seeing GDPR as a huge headache, see it as an opportunity to innovate how you collect consumer data and think about a fair value exchange rather than a one-sided transaction.

If you’re still confused about what to do to get GDPR ready, I’ve partnered with Drew Fobbester to put on a 1-day GDPR workshop with everything you need. Find out more and grab a 50% discount at practicalfutur.ist/get-gdpr-ready

People reading this post also read ...

About 

Futurist Keynote Speaker and former IBM Global Managing Partner, Andrew is a popular and sought-after presenter and commentator on issues around digital disruption and emerging technologies. He is a multiple TEDx & International Keynote Speaker. Watch his speaking showreel here, enquire about availability & fees here or listen to his latest Podcast - "The Practical Futurist Podcast" on your favourite app.

Leave a Comment