The General Data Protection Regulation comes into force on 25 May. It introduces new rigour around the ways organisations handle customer and prospect data (‘data processing’, in the vernacular of the regulation).
In short, it places new restrictions on any business wanting to contact clients and prospects via email.
If you’re not familiar with the regulation and its requirements, you can read more in our blogs on GDPR – sorting the myths from the reality and How to separate GDPR compliance myths from reality. Understanding the new rules is essential if you want to ensure your board is prepared for GDPR.
Firms will need to show that they are processing data according to one of six new ‘lawful bases’. In many cases, this will mean getting explicit consent to contact your clients and prospects with anything deemed marketing or promotional communications.
What are the implications of the new regulation?
For most firms, GDPR means both a massive workload before the 25 May deadline, and ongoing work to make sure you are meeting the requirements after that.
- Before 25 May, you need to get your processes in order, and secure opt-ins from as many of your contacts as possible, so you can keep emailing them afterwards.
- After the implementation date, you need to ensure any new contacts are processed compliantly.
It will mean changes to your marketing approach – and not just in terms of following the new data rules. The GDPR restrictions are predicted to result in an increase in social media activity, as this is a channel not affected by the new rules.
Other changes to your marketing strategy after 25 May might include a greater focus on producing high-quality content – as relevant content will be more essential than ever when you’re asking people to proactively opt in to receive it.
Your marketing team may also need to streamline their other processes, to counteract the extra work needed on data management.
Why should GDPR matter to your board?
There are four key reasons why GDPR should matter to your directors.
1. It will radically change your business processes
It represents a huge change in approach – not just for marketing, but operationally as well, in terms of the structures you need to put in place to contact clients. You need to be aware of the implications, in terms of workload and investment needed.
2. You should lead from the top
Your board members set the cultural tone for your organisation. Complying with regulatory requirements demands a culture where good governance is embedded, and this environment is created from the top of the business.
Because the new regulation represents such a step-change, it’s vital that it’s championed at all levels, from directors downwards.
3. The potential penalties are significant
The Information Commissioner’s Office (ICO) can impose fines of up to €20m (£18m) or 4% of the firm’s worldwide turnover for any organisation that fails to meet the GDPR requirements. This potential penalty will in itself be enough to make many C-suites sit up and take notice.
4. The damage might not just be financial
There is also the risk of reputational damage. Any compliance breach can result in negative publicity – and the high profile of the GDPR surely means that any failings will be widely publicised. Some have suggested that it has the potential to be the next PPI scandal, as the PPI window closes and claims firms look to new opportunities.
This potential for reputational damage is likely to be a particular concern to directors when boards are already in the spotlight for perceived governance failings.
The GDPR heralds radical changes in the ways most firms handle personal data. Any project of this size needs to be a board priority – let alone one that has such potentially significant financial and reputational implications.
We appreciate that keeping track of new regulations is just one of the functions of an effective board. To keep up with all the demands on your members, it’s essential that your board runs as efficiently as possible.
To find out how to make your board more efficient, read our recent blog on the topic. You can also download a copy of our free whitepaper, Board portals – what’s in it for directors? to read more about how you can use technology to improve board efficiency and effectiveness. Read a copy here.
Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.