You’ve seen the headlines and received the e-mails: “Get your business GDPR-ready or risk fines of up to 4% of your global turnover”. It’s great that we’re getting focused on this important new legislation, but I worry about the way in which we’re doing it.
A strategy which starts with the premise of not being fined will be entirely different to the one designed to be transparent and customer-centric. I’m sure the Regulator wants the latter, so that’s where I’d start.
If a culture of fear surrounds the implementation of the GDPR, we will stifle our creativity and innovation, and we’ll fail to create new and exciting ways to engage with consumers that are authentic and mutually beneficial.
GDPR must not be a box ticking exercise
In my role as the Chairman of the DMA, I’m determined to ensure that the data-driven creative industries in the UK lead the world in terms of best practice, and that includes innovation.
That’s why I really hope the GDPR is seen as much more than just a box-ticking exercise. In fact, I admire those businesses who are using GDPR as a catalyst to overhaul their brand and customer communications strategies. I acknowledge that the ramifications of GDPR go beyond those, but with this mind-set they are off to a great start.
If a brand’s purpose has any element of customer-focus, then GDPR is an opportunity to prove it, make it easy for customers to understand and manage the data they hold on them. Additionally, a customer-centric strategy will then go on to create a competitive advantage.
Your strategy must come from the top
For any business leaders reading this, giving your GDPR strategy a greater purpose than just ‘compliance’ will mean that your whole organisation can get behind it. So where does the responsibility lie for making the changes that GDPR requires? With you. That’s because an effective customer strategy will require the collaboration of almost every part of your organisation, led by you. And the Regulator has indicated your role in this by explaining that your Data Protection Officer should be independent and report directly to the top of the organisation (that’s you again).
So, what’s it all about
I’m convinced that if we approach this opportunity positively, the outcomes will also be mutually positive. Those outcomes are greater transparency, improved brand accountability, better rights for the public, and stronger customer relationships.
Scaremongers, and those preaching fear for their own personal gain, should not be entertained by the data-driven creative industry. Their information is misleading and from my previous conversations with the Regulator, the message is clear: issuing fines has always been and will continue to be, the last resort. One my most trusted advisors is the DMA’s own legal team. They are truly impartial, and their advice for members is indemnified.
Yes, the ICO has the power to impose hefty fines, but instead, the ICO and the DMA aim to guide, advise and educate organisations. Let’s not forget what the whole point of the new law is.
Simply put, GDPR scaremongering must stop if the long-lasting benefits are to be felt.
About Mark Runacus
Co-Founder of Karmarama. Chairman at DMA UK. President of PrideAMuk (LGBT+ diversity in advertising & marketing)