Protection of your data. 

Data protection has become a chief concern for digital users – and with good reason. Most people are worried about what a company will do with the information they provide. There’s also a real feeling that even a small indication of interest will result in countless follow up, unwanted sales pitches. It’s frustrating, and someone is finally doing something about it. 

The introduction of GDPR

GDPR stands for General Data Protection Regulation. It’s a new set of rules implemented by the EU parliament and is set to come into effect on the 25th May 2018. 

I’ll offer a quick breakdown of the major changes in data protection GDPR will bring about, but you should also take the time to study the full official site at 

In short, the GDPR is a replacement to existing data protection rules across the EU. The aim is simple, to protect the private data of all EU citizens through a more stringent set of rules for how organisations deal with contact data. 

The major changes include clearing up ambiguous rules, enforcing EU law for any companies who transact with EU data subjects – regardless of location and imposing larger penalties for infringements (up to €20,000,000 or 4% of global revenue). Thing is, the majority of third-party information available focuses on the difficulties in compliance. Articles highlighting the sizeable penalties are syndicated across the web in an effort to elicit an emotional response to GDPR. 

It’s little more than scaremongering. 

Yes, GDPR will bring some major changes to the way your organisation handles data. And yes, it will be a difficult change. 

However, the rules GDPR will enforce shouldn’t be seen as a challenge, but as an opportunity. 

These rules are going to ensure that your organisation is providing a more secure, trustworthy service. 

GDPR will change data collection (and protection) globally

The rules for GDPR are focused entirely on the protection of EU citizens’ data. But that doesn’t mean the issue begins and ends within EU borders. 

One of the key changes is removing ambiguity within existing rules. Specifically non-EU business’ responsibility when dealing with EU user’s data.  

GDPR aims to standardise the way personal data of EU citizens is handled globally. It might not sound like a big deal, but that standardisation is going to have a huge impact on the way users view brands. 

With an iron-clad, highly defined set of rules consumers will be able to rest a little easier when handing over their details. They won’t have to worry about opting in for a series of irrelevant emails or calls which will make them more open to brands they’re actually interested in engaging with. 

But more importantly these changes are going to be enforced worldwide. This means GDPR is not a European issue. These changes are an issue for any company who markets or sells their products and services to EU data subjects. 

An e-commerce brand based in the States marketing or selling their products/services to the EU will have to be just as aware of the GDPR as any European based store. As will a Hong Kong based SaaS brand who has users within the EU. 

GDPR is not an EU issue. This is going to change the way brands across the globe collect, store, and secure the data of their users. 

The challenges the GDPR presents

The biggest issue is around awareness. Despite being approved in April 2016, it seems that most individuals and businesses still aren’t aware how the GDPR will affect them and their processes which is going to lead to some serious compliance problems.  

According to an NTT study awareness rates within various countries range from as low as 15% all the way up to 58%. 

The UK is at the back of the pack within the EU with only 39% of companies identifying and understanding the law as a compliance concern. Outside the EU, the US brings up the rear with only 15% of businesses believing the GDPR will affect their organisation. 

At Hubspot, we conducted our own studies into brands’ awareness of GDPR and found similarly worrying levels of understanding. 

gdpr awareness

Econsultancy’s own research, carried out a few months later in January 2018, gives greater cause for optimism and shows awareness is perhaps increasing, with 42% of clientside marketers saying they were ‘very aware’ of GDPR and its implications.

econ gdpr survey

However, at HubSpot we found less than 50% of brands are prepared for the GDPR merely months before it’s due to be enacted. And Econsultancy’s research shows only 33% of marketers have a marketing strategy or framework for compliance (though a further 50% said they are planning to implement one).

Awareness, and thus compliance, is proving to be one of the major challenges brands face. Whilst educating staff on the new rules might be a pain, it’s far more preferable than the penalties of breaking the rules which can reach either 4% of global turnover or €20,000,000. 

There’s enough advice out there which borders on scaremongering already.

Yes, the GDPR is going to present some serious challenges for brands around the globe, but it’s a move in the right direction. And with the right strategy, the GDPR offers far more opportunities than challenges. 

It’s a move to ensure a quality of service for internet users, and that’s something to be celebrated. Think of it in the same vein of Google’s algorithm updates. Yeah, they’re a pain and change the landscape of digital marketing, but it’s all for the benefit of the users. 

Brands who are already providing a quality service aren’t impacted by Google’s changes, just as organisations who treat their user’s data security with the seriousness it deserves will find this an easier transition. 

Rather than taking the approach others have taken (such as Wetherspoons’ infamous email database deletion) and believing the GDPR as some apocalyptic event that could sink your business, look at the opportunities this shift provides. 

The hidden opportunities GDPR presents

Whenever there’s a big shift in policy, be it in international policy or at a local organisational level, look at the driving reason behind the change.

Understanding that reason is key to making the most out of new opportunities. 

With the GDPR, the core reason is simple. To protect the personal information of individual EU citizens. 

However, another consequence from this legislation is the standardization of data protection across the globe. 

That standardisation is important because, according to Philippe De Backer – Belgium’s secretary of state for privacy – It’ll help businesses better identify opportunities. He says: 

The GDPR is also about enabling companies to know what data they have, securing that data, and managing that data effectively to enable them to identify new business opportunities,

The GDPR has the potential to go a long way in rebuilding the trust many consumers have lost in digital companies. 

As I mentioned earlier, a chief concern for web users is how their data is going to be used. Whether handing over their personal details is going to result in a deluge of spam email, unsolicited cold calls, and frustrating snail mail. 

Effective marketing has always relied on the ability to serve your ideal customers the offers most valuable to them. It hinges on your ability to understand user preferences and desires. 

But just as much, it depends on whether you’re able to respect those preferences. And this is something that’s been abused in marketing in the past.

The GDPR is set to abolish that ambiguity. 

The GDPR is quite simply a more stringent set of rules that will lead to better user experience. 

It might limit what you’re allowed to do with the data you’ve collected (and can collect), but it also means you’ll be using that data far more effectively. 

The biggest opportunity within the GDPR is in how it will force brands to think of the user experience first.  

Successful marketing is about serving the right offer to the right people at the right time. This new piece of legislation has the potential to help you do that. If brands can serve the right people at the right time, the following would happen:  

  1. They’ll be more receptive to offers because each one will be more closely tailored to their needs.
  2. They’ll be more trusting of offers because the chance of being conned is much reduced.
  3. Your business will have a stricter set of guidelines to operate within which will greatly help with the handling/leveraging of contact data.  

The GDPR can seem a little scary. However, if you focus on this as an opportunity to improve how you handle data and how you engage with your prospect and customers, you’ll see that this is a step in the right direction. 

In my opinion, GDPR is going to ensure that businesses across the globe have a standard to adhere to. One that more clearly defines the rules improving data management and creating more value around data sharing.

And overall, the the potential benefits far outweigh the costs. 

Is your company ready for the GDPR? You can watch Econsultancy’s webinar looking at key issues for marketers, as well as register for HubSpot’s webinar giving an overview of the GDPR and how to get started on your GDPR compliance journey.

Looking for GDPR training? Take a look at Econsultancy’s elearning and face-to-face courses.

The views and opinions expressed here do not reflect the official policy or position of HubSpot, and is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. You may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding. You should consult an attorney if you’d like advice on your interpretation of this information or its accuracy.