GDPR Data Governance: Progress and Challenges After Year One

6 minutes
View all blog articles
GDPR_Progress.png

It is almost a year since the full introduction of GDPR. Has your company fully adapted to the new regulations?

Unfortunately, more than half (56%) of companies say they are far from compliant or believe they will never fully comply.

While the General Data Protection Regulation (GDPR) was adopted by the European Union in 2016, there was a two-year grace period to allow companies to adapt their data governance processes and technology. Since May 2018, companies have been held to these regulations and face strict penalties for lack of GDPR compliance.

What does the current landscape look like after this massive change in information management regulation? Let’s look at the winners and losers, the progress and challenges, and how the best companies have adapted to GDPR.

Different Approaches to GDPR Compliance

It has been clear from the beginning that companies were approaching GDPR from several directions. Based on our experience, there are three types of companies responding to GDPR:

Limited Understanding of GDPR: Many companies have a very limited understanding of what is required for data protection under GDPR and have not changed their martech or put together a robust data governance adoption. This is the group mentioned above that feel they may never fully comply. They are most likely to be liable for severe penalties under the new regulation.

Bare-Minimum GDPR Compliance: Other companies want to comply as cheaply as possible without really changing their marketing or data management operations. They have “ticked-the-box” on all requirements and believe themselves to be in full compliance. Whether they are or not, we’ll explore how these half-measures can impair their marketing operations.

Companies Using Data Protection as Competitive Advantage: A smaller amount of companies are using GDPR as an opportunity to improve how they communicate with leads, capture lead data, and engage in marketing activities. Because they are open to making more all-encompassing changes, these companies are seeing GDPR as a competitive advantage rather than a hindrance.

Promoting Good Inbound Marketing Practices with GDPR

All companies need to be compliant with GDPR. The IAPP-EY Annual Privacy Governance Report released in Q4 2018 found that nearly half of respondents appointed a Data Protection Officer (DPO) just to comply with GDPR. Meanwhile, 48% created the role to serve a valuable business function in addition to the compliance requirement.

This 48% understand if these regulations must be met no matter what, they might as well get additional benefits out of them. In fact, 61% of companies can see further benefits of remediation activities beyond simply maintaining compliance, specifically citing competitive advantage, improved reputation, and business enablement.

Here are a few ways companies have used GDPR to promote good inbound marketing practices in the past year:

  • Redefined Lead Scoring: With implied and soft opt-ins no longer acceptable, many companies used this as an opportunity to redefine what their company considered legitimate interest. This allowed marketing to better focus on leads that had engaged with the company in the past and had a better chance of becoming customers.
  • Improved Lead Nurturing: When some companies were faced with the prospect of opting-in all their EU leads, they recognized these leads had not been sent an email recently. This presented an opportunity to update their lead nurturing - after gaining opt-in - to make sure active leads never fall through the cracks.
  • Better Segmentation: With GDPR only affecting leads in certain regions, accurate segmentation is more important than ever. Companies that improved lead generation to collect location data when leads are first captured can now use segmentation to better target their audience.
  • Strong Data Integrity: The “right to be forgotten” requires companies to completely delete all personal information for a lead that has opted-out. Companies can use this as an opportunity to clean their lists and create processes to maintain better data integrity moving forward.
  • 5 marketing strategies to tackle GDPR

Data Governance Challenges Still Present with GDPR

Companies that are performing the bare minimum to meet GDPR compliance will continue to see problems arise further down the road. However, even those that are making the most of the new regulations face challenges. Here are some of the biggest challenges with maintaining data governance and GDPR compliance.

Lack of Form Governance

Some companies complied with GDPR by deploying a double opt-in on their global website and on all related forms. However, local teams are then able to produce additional lead forms that may not comply. This could mean companies who were compliant in May 2018 could be non-compliant today because of the addition of new forms.

The challenge is to build a process that not only ensures GDPR compliance at a given point in time, but to build a fool-proof system that enables the company to keep extending its marketing reach without jeopardizing compliance. Through centralized form governance, the central marketing team can provide guidelines and solutions for regional marketing teams to use so no GDPR issues ever arise.

Forms Linked to Regional Webpages

Compliance is determined by the user’s location, not the location of the website. A citizen in the EU that lands on a .com website could expose the company to a violation if the lead is not presented a GDPR compliant form or isn’t sent the proper opt-in emails.

Forms must be adaptive to the location of the user and not attached to the page they are on. Decoupling of forms from pages allows for flexibility in how forms are delivered. This requires that forms be global and centrally managed rather than being in the hands of the local marketing teams in charge of the specific webpage or campaign.

Companies facing these challenges are finding solutions like GatedContent.com to help centralize data collection and avoid potential data governance issues. In addition, it will help these companies use GDPR for their improved marketing data collection. The number of companies investing in technology to meet GDPR compliance rose to 57% in 2018, more than twice the number of companies as in 2016 (27%).

Conclusion: The Next Wave of GDPR Compliance

The next wave of GDPR compliance will show the companies who care about lead data integrity and who understand that it’s not a one-off effort moving towards centralized data governance. While some may see this as a chore, others recognize the competitive advantage. When data is captured through strong inbound principles that generate interest in addition to GDPR consent, marketing has the opportunity to better engage leads and drive more sales.

GatedContent.com acknowledges the importance of GDPR compliance, not only for avoiding hefty penalties but also for ultimately ensuring business growth through improved data collection. To keep you up-to-speed, since it still remains relevant today, here’s an in-depth look at how to prepare for GDPR.

Tim Bohn

Article by Tim Bohn

Head of Product Development, GatedContent.com

After 15+ years of technology and development, Tim moved to cross over into the marketing world where for the past 10 years he has been working to help multi-national corporates build best-in-class marketing technology eco-systems.

View related articles
GDPR Global Governance