HomeBlog Data Privacy Compliance: The Race Is On

Data Privacy Compliance: The Race Is On

March 20, 2017 | By Isabel Montesdeoca

  • In May 2016, the new General Data Protection Regulation (GDPR) became law for companies based in – or marketing to – prospects within the European Union. Will companies be able to meet the May 2018 deadline?

In May 2016, the new General Data Protection Regulation (GDPR) became law for companies based in – or marketing to – prospects within the European Union. If GDPR is news to you, I recommend viewing our webcast “Combatting Data Privacy Issues Through Better Inbound Marketing” sooner rather than later because the clock is ticking!

Will companies be able to meet the May 2018 deadline? The secret to success lies in getting a fast start; this is especially true for the portion of the regulation dealing with consent. Companies must use this period of amnesty to test out new approaches and strategies for consent acquisition and management. This means focusing on four key areas: opt-in consent, opt-out requests, right-to-be-forgotten requests and inbound vs outbound mix. In a recent European demand creation study that surveyed more than 470 marketing leaders across six countries, we asked European SMB and enterprise demand creation professionals to name the progress they’ve made so far.

The results are encouraging – more than a third of respondents say they have already implemented compliance measures in one or more of these four areas. Digging into those measures further, we gained valuable insight into the different strategies employed by SMB vs. enterprise companies.

  • Opt-in consent. Forty-two percent  of SMBs reported they have implemented a confirmed opt-in strategy. SiriusDecisions views this approach as best practice because of the confidence and engagement it drives with prospects. Conversely, enterprise organizations appear to be dragging their feet, with 63 percent reporting they are still relying on implied consent strategies – an approach no longer permitted under GDPR.
  • Opt-out management. However, when it comes to opt-out, enterprise organizations appear the more proactive group. Forty-two percent of enterprise respondents reported moving beyond simple unsubscribe links to offer prospects the ability to define their requirements via preference management centers. On the flip side, more than 40 percent of SMBs said they still rely on a one-and-done unsubscribe link. This means SMBs are missing out on valuable opportunities to retain prospects by offering the option to reduce the types, topics and/or frequency of communications they receive.
  • Right to be forgotten. In this area, both SMB and enterprise organizations still have work to do, although enterprise organizations appear to be further ahead. Almost half (48 percent) of enterprise respondents said they have defined a data deletion strategy and plan to implement it within the next 24 months. By comparison, almost 40 percent of SMB respondents said they currently do not have a plan for compliance in this area.
  • Inbound vs outbound. Finally, we examined the planned mix of inbound vs. outbound. As organizations become more constrained on the outbound marketing tactics they can employ, they must focus on increasing the usage and effectiveness of their inbound activities. SMBs are ahead of the game, with respondents highlighting plans to employ a 54 percent inbound and 46 percent outbound mix in 2017. Enterprise organizations are a bit slower off the mark, reporting a 50-50 inbound vs. outbound mix planned for the coming year. This suggests a continued overreliance on outbound activities to drive the bulk of marketing-sourced pipeline. 

Which group has the best approach? The answer may be both, if they follow through. SMBs typically rely on smaller in-house prospect databases and have smaller budgets with which to grow them. Perhaps because of that, they appear to be focused on winning new prospects from the outset by engaging them through strong inbound tactics and gaining explicit consent upfront. This strategy will help ensure every contact added to the database will be one they can continue to market to after May 2018.

By comparison, enterprise organizations have much larger in-house prospect databases amassed over several years. The requirement to obtain consent from all of those prospects means enterprises could see their usable databases drastically reduced. Enterprise organizations appear focused on retaining the hearts and minds of existing contacts by offering them the opportunity to tailor communications via preference management centers. This strategy will help retain as many contacts as possible post May 2018.

At this stage, SMB and enterprise organizations appear to be neck and neck in the race toward data privacy compliance. They would do well, however, to take a moment to learn from one another. At this stage, working together would ensure that come May 2018, everyone crosses the finish line together.

Isabel Montesdeoca

Isabel Montesdeoca is the Director of EMEA Research at SiriusDecisions. Isabel is an experienced European sales and marketing leader with an insatiable curiosity about how businesses can improve their b-to-b demand creation efforts. With more than 25 years of experience at companies both large and small in roles ranging from marketing and sales to product leadership, Isabel brings a unique perspective to the need for marketing, sales and product strategic alignment as an essential catalyst for business growth. Follow Isabel on Twitter @mimdeoca.

Join Us at #SDSummit