Many Marketers Aren’t Prepared for GDPR, SAP Study Says

Only 30 percent fully conducted a data audit

Mika Yamamoto, SAP’s chief digital marketing officer, said marketers who believed they still had time to vet their operations at the time of the survey were most likely mistaken.
Getty Images

Not all marketers seem to have a very clear idea of what GDPR means for them, according to a recent study from German business software company SAP.

The study—which surveyed 165 marketers within a couple months of today’s deadline—found that around 26 percent said they either didn’t have a plan for complying with the regulations or didn’t know whether there was a plan in place. Another 19 percent said they believed there was still time to draw one up, and only 30 percent had fully conducted a data audit to confirm compliance.

The report gauged readiness weeks away from the May 25 deadline, by which brands and publishers were to have rolled out new privacy policies explaining what data they collect on users and how they use it, as well as options to give consumers more of a say in the process.

Mika Yamamoto, SAP’s chief digital marketing officer, said marketers who believed they still had time to vet their operations at the time of the survey were most likely mistaken.

“When we released this study, if you weren’t on your road to being compliant, by this day, you’re probably not—unless you have super simple operations,” Yamamoto said.”It’s unlikely that a couple weeks is enough to get compliant. Most companies started to prepare a year and a half ago.”

The law’s implementation has already caused several U.S. news sites to go dark in EU countries, including Tronc Inc. newspaper properties like the Los Angeles Times and the New York Daily News. At least one advocacy group has also filed a complaint against Google and Facebook, claiming that the tech giants are using “forced consent” to coerce users into handing over data.

Yamamoto said there was a lot of confusion around how to handle preparing for the law, especially among companies not already familiar with European regulatory regimes.

“Some of them just don’t have the resources from a legal standpoint to have someone interpret the law on their behalf,” she said. “So you look at mid-market companies and small companies—a lot of those companies don’t have internal legal counsel, and if you’re not based in Europe, you might not be as acutely apprised of the law.”

Despite the general lack of preparedness, marketers surveyed seemed optimistic that the law would eventually lead to better customer service and more operational transparency in general. Around 56 percent see it as a mandate to better protect consumer data, 39 percent see an opportunity to build a better customer experience and 37 percent say it will help towards building customer trust and loyalty.

“If you just look at what’s happening in the media—either with security breaches with companies like Equifax or Cambridge Analytica—consumers are becoming more and more aware of what’s happening with their data, and I think we need to be stewards in protecting that data,” Yamamoto said. “That’s becoming a cost of doing business, regulation or not.”

GDPR has also caused ad tech companies with presences in Europe to close shop. Drawbridge, Verve, Kargo are some of the casualties already. We can expect more companies to follow suit.

“It’s a blessing that GDPR puts users’ trust first—a long overdue step in the right direction,” said Shaul Olmert, CEO of Playbuzz. “As with every ‘revolution,’ things will get worse before they get better. There will be a lot of confusion as the industry tries to uncover the right tactics in order to be—and stay—compliant. But once all parties align with the core purpose and goals behind GDRP and don’t simply conform with the technical requirements, users will feel safer and ultimately, feel more secure consuming content.”

Recommended articles