Headlines surrounding the imminent arrival of GDPR give dire warnings of the potential fines for not adhering to the new regulations.
Additionally, there is a fair amount of conflicting information on what needs to be done to be ready for the implementation of GDPR and to comply with the new laws.
It is important to be prepared for the new legislation, but with so little time to go many people are wondering what actual impact the new regulations could have on their business and what will happen after 25th May.
A chaotic first day
This first prediction is one covering the practicalities of implementing new legislation. As GDPR comes into force on a Friday, the business world is anticipating a manic day on 29 May – the first working day after the regulations begin in the UK.
Experts are expecting that thousands of people in the UK and other EU countries will begin to submit SARs (access requests) for their data. Tuesday 29 May will prove to be a major test of how prepared UK businesses are to deal with GDPR in reality.
After this, there will be a period of adjustment, during which strategies will be put to the test and inevitably adapted as they are implemented in a new regulatory landscape.
Data protection officers to become influential in business
The body enforcing GDPR, the Information Commissioner’s Office (ICO) will be looking for any large-scale data breaches and more than likely will be looking to make some key examples to set a precedent with large, medium and small businesses.
Data protection officers will be required for any organisation with over 250 employees and will be responsible for considerable risks within the business.
Over the last year there has been an increase in security risks to data held by large companies with ransomware like WannaCry and BadRabbit, as well as other data breaches such as the recent Cambridge Analytica scandal.
As GDPR comes into force we can expect to see more attacks on businesses by criminals looking to exploit insecure systems as data becomes more and more valuable – providing even more weight to the importance of the new data protection officer role.
This responsibility for real business risk will see a rise in courses and qualifications, which will all result in the job role becoming very influential in business, liaising with top level management.
Two approaches to marketing databases
It is estimated that a huge 75 per cent of UK marketing data will become useless on 25 May as it will no longer comply with GDPR laws. As a result, what are being called ‘re-permissioning’ campaigns are top of marketers’ agendas to try and mitigate as much loss of data as possible. Many of these campaigns are well underway with business after business asking consumers to opt-in to continue receiving communications.
However, this isn’t the case for everyone. For example, Virgin Holidays have explicitly said that an opt-in campaign will be a last resort for them, ‘At the end of the day we’ll have a much smaller base but they’ll be much more engaged; we’ll have people who actually want to hear from us,’ Saul Lopes, head of CRM and loyalty at Virgin Holidays, says.
We can also expect to see some smaller businesses look at starting over to build up their marketing databases from scratch.
The positive impacts
Businesses who are GDPR ready and are complying with the regulations will begin to use this as a marketing tool. It is possible that some kind of certification could arise and that companies who are GDPR-certified build a stellar reputation for handling data and being secure. This would therefore help attract more clients and employees.
A market around the regulations will grow. People who are well-versed and eventually well-experienced in implementing, running and handling GDPR processes will be able to charge a healthy fee for their services.
Not just this, it is possible that new pieces of software that help companies to comply with the new laws could begin to be developed to aid data protection officers in their responsibilities.
A substantial 83 per cent of marketers believe that it is integral to the future of the UK’s marketing sectors that we are seen as a hub for data-driven expertise. To that end it is key for the government to secure a free flow of data between the UK and Europe in a post-Brexit landscape.
And finally, GDPR is likely to kick start a creative revolution. Businesses will need to get creative and innovative in their approach to marketing to their customers in this business world where complying with data protection laws and customer permissions is a top priority.
Almost three-quarters (71 per cent) of marketers are predicting a creative revolution stretching over the next five years.
Harriet Thacker is an account manager at RizkMcCay, a creative design and strategic marketing agency
Further reading on GDPR
Is your business GDPR compliant?