Now that European citizens are protected by this important EU regulation on data protection and privacy, marketers and relevant data-based platforms (such as Facebook and Google) are now more responsible in handling data, as expected.
I wouldn’t go so far as to say that GDPR was our decade’s Y2K. However, four months after the panic we all experienced preparing for its implementation, I don’t think GDPR has had the radical impact a lot of marketers were expecting either. So what exactly has changed now that hundreds of thousands of companies across the planet are supposed to comply with stricter data protection laws? What’s really changed?
What GDPR has changed
People are more conscious about data privacy
Since GDPR was implemented (and people got hundreds of emails informing them of changes to privacy policies, requesting confirmation of opt-ins etc), people are more conscious about how their data is being used and for what purpose. GDPR has given people a greater sense of entitlement over their personal data — we no longer have to feel submissive to the powers that be; whenever we want we can freely take away the permission to use or store our data.
The lawsuits that resulted from GDPR (Google and Facebook had suits filed against them pretty much immediately after the law took effect) have reiterated this sense of user entitlement. “My data is MY data,” is a feeling that reigns in Europe as opposed to our American counterparts who just assume “big brother is watching” and large enterprises will do what they want with data regardless of whether users have given consent or not.
This shift in attitude is actually an opportunity for marketers because now when prospects engage with content, they are really engaging. When consumers choose to give their permission to marketers by signing-up for a newsletter, or downloading a whitepaper, it’s because they are interested in learning more about a particular solution; whereas in the past, they may have been part of a (purchased) emailing list and never have requested the information in the first place. While email marketing pre-GDPR was like casting out the largest net possible in the hopes of catching a small fish, today reactivity rates are on the rise because targeted messages resonate with an audience who has already expressed interest.
I know for myself that I don’t give out my email freely. If I’m curious about a topic but am confronted with sites that immediately ask for my email in exchange for gated content, I often look elsewhere.
GDPR is inspiring other laws
California has now passed stricter data protection laws (the new privacy mandate: California Consumer Privacy Act, or CCPA), as have some countries in Asia, including the Philippines. GDPR got world attention (probably from the scare mongering press about the fines companies could incur if they did not comply), so it’s no wonder that other countries or states have started to give the topic some thought.
Companies are being more responsible
No-one can argue that companies have had to make major overhauls to the way they process data because of GDPR. I even had a recent call with a client of mine who admitted that it took them upwards of 18 months to become fully compliant. Because of this, companies have naturally become much more responsible, and the likelihood of major data security breaches has certainly decreased as a result.
As a European data subject myself, I can attest that when I opt-out now, I’m really opted-out. Pre-GDPR opt-outs were often ignored, or not taken into account by emailing systems as I used to continue to get spammed even after clicking the unsubscribe button. I think this is a good thing for both users and marketers alike. Marketers shouldn’t waste their time on people that are just not interested, and users can free up their inboxes for the messages they actually do want to read.
Telemarketing is making a come back
Telemarketing has often been treated as the black sheep of marketing methods, but when it’s done right it works. And with GDPR, it’s practically impossible to do conduct marketing without using it at all. One of the best ways to get explicit consent in a GDPR-compliant manner is through a phone call. Oral consent is allowed under GDPR, making telemarketing outreach a great way to engage with new prospects that may not have had any exposure to your offer previously.
Email marketing is still widely used
The myth was that after GDPR implementation, email spam would disappear. In a sense that’s true — much of the undesirable emails of the past have been eliminated (as I mentioned earlier) — but it hasn’t made email marketing go extinct. There are still a few marketers who hide behind the “legitimate interest” clause of GDPR (download our GDPR e-book to learn more) in order to send out mass email blasts to prospects; however, I do think that these numbers will dwindle in time as users will not hesitate to complain (and even threaten with lawsuits).
Third-party outsourcing is alive and kicking
Another myth buster here as well since many people pre-GDPR believed that third-party companies (data brokers, BPOs or other marketing outsourcers who process data) would close up shop once the law took effect. Well, let me tell you that I am certainly glad that didn’t happen or I’d be out of a job! But more seriously, third-party data handlers are still alive and kicking (although to be honest, I’m not sure how some of them survived) in large part because they had to update their processes, and improve their data handling methods too.
Life goes on
As with the change over to the Year 2000 back in the day, the world did not just stop once GDPR took effect. While I wouldn’t say it’s “business as usual” because people certainly did not ignore GDPR, I would say that businesses have done what they needed to do to keep calm and carry on. It’s perhaps a bit too early to tell if GDPR will cause a radical shift in data consciousness (perhaps lawsuit verdicts will determine that), but what’s sure is that marketers will still have work to do for many years to come.