4 Principles of GDPR for Brands to Keep in Mind

It isn't such a bad thing, especially for consumer-facing companies

GDPR gets a bad rap, but companies who are customer-first have nothing to fear.

With policy violation fines of up to 4 percent of total global turnover, it has been called the world’s strictest data protection regulation, and many companies are scrambling to implement compliance processes and personnel by the May 25 deadline.

In reality, the companies who should fear the General Data Protection Regulation are the brands who aren’t customer-centric in the first place. The European Commission correctly believes that consumer trust is essential to the growth of the digital economy. As a result, GDPR is not just about compliance, data and technology: It’s a major cultural shift that presents brands with an opportunity to improve how they manage and respect data, and by extension, how they show respect to their customers. Ultimately, brands need to deal with data better and improve the quality of their data management. When treated with respect, data can create a value exchange between brands and their customers, a quid pro quo in which consumers provide access to their data and brands deliver value and only use it for mutual benefit.

But if you happen to find yourself dreading May 25, you’re not alone. Recent research by Wunderman found that 68 percent of senior business decision-makers still struggle to bring data, creative and technology together. How can GDPR help fix that? For starters, it forces brands to get their data in tip-top shape and pushes them to use technology in a smarter way. Compliance issues aside, this is a meaningful growth opportunity for the industry.

At its core, GDPR is a celebration of the rights of the individual, and the marketers who rise to the challenge will have more loyal customers in the long-term. By putting the privacy back into personal data and enabling consumers to manage how businesses collect and process their personal information, we’re creating a new social contract between brands and customers with a deeper commitment to showing respect. After all, personal data belongs to customers, not companies.

While you can find endless advice on GDPR, I believe it boils down to four core principles that every marketer should keep in mind.

Don’t be a jerk

The companies who should fear the General Data Protection Regulation are the brands who aren’t customer-centric in the first place.

No one likes uninvited guests at a party. Hold only the data you need for as long as you need it, and don’t overestimate or oversell your legitimate interests. GDPR is forcing you to keep it real, and customers are trusting you with their information—don’t assume permission and consent is permanent. Like that invitation to a guests’ party, it will only last if you’re polite and considerate.

Master the journey

You can attempt to skirt by and do the bare minimum to be GDPR compliant, or you can embrace and appreciate that with big data comes big responsibility. Take the time to understand the total context in which customers experience your brand and product and how you can drive value. But at every step, prioritize privacy: It should never be an afterthought.

We now equate best practice in the GDPR era as Privacy by Design + Customer Journey Design = Customer Experience.

Keep yourself honest

Transparency is the cornerstone of GDPR, and you don’t need to be a data czar to understand that consumers value their privacy. Be transparent about your customer relationships and data policies with everyone in your ecosystem. It’s time to fully commit to your customers’ interests. Ask yourself if you’re making more money from your core service or product or out of your customers’ data. If it’s the latter, the equilibrium in the value exchange between you and your customers’ data might be out of sync.

Embrace innovation

The GDPR is not a reason to retreat; it’s a clear call to innovate and move the industry forward. Improving customer experience requires that we not fear new technologies and data processes but instead think about them in new ways. Now is the time to use new technological advances; for example, the application of identity resolution and identity management solutions to innovate and scale the persistence of your customer relationships.

When it comes to GDPR, it’s time to look beyond compliance and recognize that we’re ushering in a fundamental paradigm shift, one in which brands will need to understand—and embrace—the importance of being responsible stewards of customer data. If we can focus on the right priorities and drive out bad actors, we can gain high-quality insights that will help us design remarkable and memorable customer experiences. It’s a win-win.

So let’s earn the right to keep data, nurture it and give it proper stewardship. Our industry and customers will be better for it.