On Wednesday 10th October, we hosted a panel discussion in Dublin Institute of Technology to look at GDPR’s impact so far, who is benefiting from it, how it is being implemented and why it should still be on marketers’ list of priorities. The panel featured:
- Robert Dunne, barrister specialising in data protection and employment law
- Carl Kane, Data Management Tech Lead at Bank of Ireland
- Evelyn Wolf, Co-founder & Marketing Strategist at BusinessBrew
- Barry Hand, Growth Lead at Pointy and lecturer in Analytics
Robert Dunne opened the evening by reminding us all of how we felt in the lead up to 25th May. A big change was coming! Speaking on 20th May, Data Protection Commissioner Helen Dixon described the GDPR as “terrifying and exciting”. Although it’s fair to say that the marketing community felt a little more terrified than excited at the prospect of it.
And now? The sky hasn’t fallen. The apocalypse hasn’t come. And GDPR feels a bit like yesterday’s overhyped news. But is it really?
Where are we now?
While we are busy moving on, a lot is happening in the background that we should pay attention to. The just-announced 2019 budget is quadrupling the DPC’s budget for 2019 to €15.2 million. The DPC’s office have hired 45 new staff to date and will grow to a total of 180 staff by 2019. So make no mistake here: there WILL be stricter enforcement.
While there were 2,600 complaints made to the DPC in 2017, there are already 1,700 since June 2018. The hype around the GDPR has created more awareness, and in turn more complaints. Another change brought by the GDPR is that the fines are no longer decided by a judge (or in the district court). It is now the DPC that decides how much a company will be fined. And as EU law is now standardized, the levels of fines in Ireland have to be equal to those in other EU countries.
Who’s at risk?
There is a common misconception that big data companies such as Facebook and Google will be the DPC’s main targets. Robert Dunne highlighted an example that proves otherwise: a funeral planning company in the UK that was recently fined £90,000. Would your company be able to take such a hit? Evelyn Wolf acknowledged that a lot of businesses have been “in hiding”: they assume that the DPC will go after the big guys first, and in the meantime, they are adopting a “wait and see” approach. But what they do not realise it that it only takes one complaint to put an organisation in trouble. So safer to get on top of things now instead of letting our organisations’ issues grow bigger and bigger.
There is a point to be made for cleaning databases indeed. Removing old and probably incorrect data from inactive customers is simply good housekeeping. It can save organisations time and money in the long run as we stop wasting our resources going after customers who have moved on. GDPR is also a win for individuals as it forces companies to respect their data and to stop doing lousy marketing. Carl Kane adds that GDPR is also a win for bigger organisations, as it has allowed them to gather data from numerous business units into one integrated master database. And as they have large number of customers, they can afford to clear their data and still be left with lots of “clean” data.
Unfortunately, this doesn’t always work in the way it was intended, notes Barry Hand. The term Barry uses to describe how many organisations are implementing GDPR compliance is “horrendously”. Are consumers really benefiting from the constant popping up of endless consent forms, privacy notices and tick boxes? Does anyone really read those? A reason for those implementation issues is that the GDPR can be quite unclear. Professionals need a clear list of what it is exactly that they need to do. Instead, everyone is basing decisions on their own interpretation of the text.
Finally, let’s not forget about the e-privacy regulation coming our way in 2019, an update of the current e-privacy law from 2011 which regulates direct marketing. And we will need to be ready for this too.
Executive Diploma in Data Protection for Marketers
To answer those many questions and help marketers create a clear GDPR compliance plan for their organisation, we have partnered with DIT to bring you the Executive Diploma in Data Protection for Marketers. Running every Wednesday evening for 8 weeks, the course led by Robert Dunne will equip you with the knowledge and skills to become fully compliant.
Learn more about the course.