Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.
If your line of work involves, well, the internet -- chances are, you’ve heard about the General Data Privacy Regulation (GDPR).
You've most likely also heard about the ways it will impact your work -- especially if you're a marketer. After all, in marketing, our responsibilities largely boil down to outreach and building an audience, and sometimes, that involves obtaining, storing, and processing the personal data of users who come across our content.
But if you're not based in the EU and think the GDPR won't affect you -- think again. If you market your products to people in the EU or monitor the behavior of people in the EU -- even if you’re based outside of the EU -- the GDPR will apply to you.
So, how prepared are marketers for the GDPR? (Spoiler alert: The answer is "not very.") And for those who are, what are they doing to prepare for May 2018, when the GDPR comes into force?
To understand that, we'll go over how consumers view the GDPR, which informs the way marketers should be thinking about it. Then, we'll dive into the ways businesses are preparing.
How Consumers View the GDPR
HubSpot surveyed consumers in the UK, Ireland, Germany, Austria, and Switzerland about their general opinions on data privacy laws. In total, 81% agree these laws are a good thing. And after receiving a detailed description of the GDPR, 90% agreed that the principles established by the GDPR were good for consumers.
Consumers Agree the GDPR Is a Good Thing
Among EU consumers, data privacy laws are well-received -- especially the GDPR. It's interesting to note that this feedback comes from an audience outside of the U.S., where data breaches have been making headlines for years -- most recently, two of the more noteworthy incidents came from Equifax and Uber.
That reinforces the idea that U.S.-based companies should still be highly concerned with this European Regulation. Data security is a global issue -- and in this age, it's easy to observe what's happening in other countries.
Here's where regulations like the GDPR become the marketer's responsibility. In a recent webinar led by BetterCloud, digital security expert Jodi Daniels spoke to the importance of GDPR as a brand awareness issue. Calling it a "big competitive advantage," she noted that complying with and prioritizing data security laws sends the message to users that you care about their safety.
That concern and transparency is something that a growing number of consumers will not only expect, but demand. In fact, we found that 91% of consumers expect companies they work with to be completely transparent about how, exactly, their data is being used -- which can cause hesitation in submitting data.
But that's just the beginning. Even if a company is completely transparent about the use of personal data, less than a quarter of consumers would still find them "very trustworthy" -- and half would find them "somewhat trustworthy."
In other words, when it comes to truly earning the trust of consumers, marketers and their businesses certainly have their work cut out for them -- and we suspect that much of this sentiment is the result of the recent data breaches we mentioned earlier. GDPR compliance is a big, crucial step.
So, what are some of the ways in which businesses are preparing for this Regulation that will take effect in roughly six months?
How Prepared Are Marketers for the GDPR?
Marketers have about five months before the GDPR comes into force. But our data doesn't show the most promising picture -- of the 363 business leaders and marketers we surveyed, only 36% of them stated that they had heard of the GDPR.
Marketers Are Not Well-Prepared for the GDPR
Yes, you read the above information correctly: Less than half of the business leaders and marketers we surveyed are even aware of the GDPR. And as for how much preparatory knowledge they have about the Regulation in general -- well, that's not looking too encouraging, either.
But not all hope is lost. There is some preparation underway, and for the most part, companies (about half of those represented by those we surveyed) are addressing the GDPR by updating their contracts and data protection policies, many of whom are working with their vendors to do the same.
However, what's less encouraging is that 22% of our survey participants admitted that, at the time of taking the survey, they hadn't started doing anything yet to prepare for the GDPR.
That lack of preparation could be the indirect result of the fear that some marketers seem to have of the GDPR's impact on their businesses. Over half of them, for example, expect to see their email marketing lists shrink.
That expectation could stem from the GDPR's inclusion of “right to erasure,” which is essentially the right of an individual to request that all personal data about him or herself is erased by the "controller" of that data (i.e., the organization that collected the data) with undue delay in certain circumstances. And given that option, 59% of European consumers say -- they would take it.
Finally, it seems that marketers and business leaders are largely preparing to change the ways they collect consumer data. Email opt-ins and sales-related calling practices will largely be impacted, many expect, and marketing teams will continue to grow their focus on such outreach tools as social media and traffic-building content and SEO strategies.
Simply put, consumers in Europe view the GDPR with a highly positive sentiment, and marketers need to respond in kind. As transparency becomes even more valued, companies can view it, in part, as a vehicle of brand awareness -- one that will now be dictated by strict rules.
If you still have questions, we'll continue to follow the GDPR closely in the months leading up to May 2018, when it comes into force. In the meantime, visit our checklist to help businesses work on their GDPR compliance.