GDPR: 3 Tips for Compliance

Posted on by Ben Jackson

GDPRData is the currency of the digital economy. On social media we share our interests and experiences to connect us with others, on ecommerce sites we share our preferences to inform more personalized recommendations – whether we realize it or not, value is the basic exchange rate. But given data’s role in powering the most basic functions of businesses today, it’s not surprising that global regulatory bodies are increasingly focused on establishing guardrails on how data is collected and used.

It’s a trend that truly kicked off in earnest in April 2016, with the passing of the General Data Production Regulation (GDPR) by the European Union. Under GDPR, any business which collects data from an EU citizen must, under penalty of a hefty fine, communicate in clear terms how that data is being collected and the explicit purpose for which it will be used, alongside the option for consumers to opt out entirely.

Since going into full effect just one year ago, GDPR has become a catalyst for a global movement around data protection and privacy. With similar legislation passed in California, Brazil and Japan, and further legislation being considered in India, giving customers a voice in how their data is used is a worldwide priority.

Here are a few important takeaways as businesses continue to navigate these new standards.

Trust Above All Else  

One of the most significant factors driving us towards data regulation is the lack of trust and visibility between brands and customers. Every interaction, every touchpoint gives businesses greater insight into the individual, and that’s a responsibility that shouldn’t be taken lightly. Customers understand that business success in the digital era hinges on data, and therefore want to be treated as an equal partner in the relationship. Furthermore, customers are keenly aware of the potential personal risks in sharing their data. Without the proper infrastructure in place, personal data could be at risk to malicious actors.

You May Also Enjoy:

One of the biggest year-one lessons of GDPR is that the data itself comes second to trust – trust that businesses are collecting data responsibly, treating it respectfully and leveraging it appropriately. Customers are not willing to settle for a one-sided relationship; they want an equal say in how and when organizations are engaging with their most precious resource. It’s a critical metric in ensuring customer loyalty in today’s environment.

Enforcement is a Marathon, Not a Sprint

There’s an important reason that each piece of data protection legislation comes with built-in lead time for compliance—it’s a tremendous endeavor. The sheer magnitude of transitioning an entire organization to compliance cannot be understated. This is further compounded by the lack of structure around how to become compliant. GDPR itself is among the first of its kind, but the “why” and “what” were established without the “how,” certainly a nerve-wracking prospect for executives considering the scope of fines.

The result has been a relatively measured approach to non-compliance fines as organizations determine what path is right for them. In fact, there has been only one major instance of enforcement, and even that was issued seven months after the initial implementation in May 2018. Do not mistake that, however, for lenience. The farther away we tread, the more likely regulatory bodies are to hold organizations accountable. And, enforcement will only continue to ramp up.

Putting the Customer in the Driver’s Seat

The price of inadequate data protection is not one today’s businesses can ignore. Just as interpersonal relationships require trust, so do those between organizations and their customers. Then there’s the financial component – research has found a direct correlation between customer data breaches and total financial loss, including fines and resulting loss of business.

As the very nature brand-customers interact change, organizations need to hold themselves responsible to ensuring they’re delivering value back to customers in exchange for their data. In the past year, we’ve seen customers declare loud and clear how they expect brands to engage with their personal information, and that they want a seat at the table. As these regulations further establish themselves across the world, each with their own set of standards, the common denominator is the need to deliver a positive customer experience based on trust – that should inform any strategy moving forward.

Ben Jackson is general manager of SAP Customer Data Cloud.



Related Posts

Chief Marketer Videos

by Chief Marketer Staff

Check out this replay of crowning the winners of the 2022 Chief Marketer PRO Awards, which began with a lively conversation between two PRO Awards judges, Visible CMO Cheryl Gresham and Disney Parks’ Senior Manager, Multicultural Marketing, Angela Burgin Logan.


PRO Awards 2022

ProAwards 2022

Click here to view the 2022 Winners.


CM 200


Click here to view the 2023 winners!