We Want an Extension! Data Governance Under the Spotlight as GDPR Looms
Ensighten, the global leader in data privacy and omni-channel data management, today unveiled research suggesting that with just four weeks to go, 61 percent of marketers would apply for an extension to GDPR, if it was available. In fact, brands are preparing to pay penalties.
- 61% would apply for an extension to the GDPR deadline
- 45% have put money aside for ICO fines
- Merely 26% “very confident” that data governance procedures are GDPR ready
- Who is the DPO? No confidence in the new role
- 7% have not started implementing any procedures for GDPR at all
Ian Woolley, Chief Revenue Officer, at Ensighten commented: “Unfortunately we found that brands are aware of GDPR, but still uncertain in their final month of preparation. The research shows that 45 per cent of UK businesses have set money aside in anticipation of regulatory fines. The good news is that brands still have time to deploy and optimise customer privacy and consent options on their websites.”
Data Governance - preparing for GDPR
Marketers are nearly evenly split on the matter of GDPR potentially diminishing the quality of the data they receive: 34 per cent agreed, 28 per cent did not, and 29 per cent were unsure. Many commentators have predicted that those opting in would provide good, truthful data on themselves and their preferences following GDPR, but the research perhaps indicates a crisis of confidence in the data analytics community.
Organisations have been preparing for GDPR in a number of ways, yet it’s interesting that for a complicated regulation where technology plays a central role, ‘technology implementations’ were only cited by 44 percent of respondents. ‘Setting new data metrics’ was a tactic used by only 30 per cent of those surveyed.
Respondents have strongly (63%) put in place new policies to increase the quality of data they will receive after 25th May by regulating their customer data input channels. Over half (59%) have put in place stronger internal data policies. Worryingly, fewer than half (47%) are enforcing new policies on partner data acquisition, which may leave them open to GDPR non-compliance. Respondents who are enforcing partner policies also said that updating contracts with third parties was important for 36 percent of them.
No belief in the Data Protection Officer?
IT has become the department of choice for looking after customer data in the GDPR world (24% of respondents), followed by Marketing (23%) – with the Data Protection Officer a mere 1 percent.
Respondents gave a mixed bag of answers regarding who is in charge of the overall risks around GDPR, with the CEO in the driving seat for 32 per cent, the Chief Data Officer at 26 per cent, and then the Chief Marketing Officer at 22 per cent. Oddly, only 14 per cent cited the Data Protection Officer as the risk manager – yet this is a GDPR mandated position where organisers perform regular and systematic processing of data subjects on a large scale – and of these nearly a third (27%) had not filled this mandatory role
Deeper queries may indicate diminishing confidence
There are some interesting contradictory insights the research has illustrated, painting a picture of an industry in confusion in the final days before the GDPR deadline.
Marketers report their confidence is high (81%) that customer data is easily and effectively accessible enough for customers to get hold of it if they want to. However only 68 per cent say they have an organised single view of their customers. So, if they admit can’t see them all - it seems unlikely they can be so sure they can obtain their data.
Then, almost the same number agree that they currently have a clear, articulated and adhered-to data strategy (67%). Yet, compared to the 81 per cent referenced above, only 73 per cent are confident that they can manage new subject access rights.
As to how marketers are practically managing the GDPR regulations, only 5 per cent will be using consent overlays on their web pages, and only 13 per cent said they’d take on helping provide greater education on data rights and responsibilities within marketing communications. 9 per cent said that they would be using more frequent customer contact to educate/request permissions of users.
“Educating consumers on how their personal data is used and why their permission is needed is essential to building consumer trust and gaining their opt-in consent. GDPR is not just a legal hurdle to jump. Whilst brands are putting money aside for fines, they should not underestimate the damage to their reputation and business from not educating customers now,” continued Woolley.
Encouragingly, many benefits of starting the journey to GDPR compliance have already come through: Better quality of data (29%), data more easily managed (20%), and an improvement in sales success based on this data (18%). Only 5 per cent said that they had not started implementing yet.