GDPR and the Data Culture War
We had an internal "summit" about GDPR yesterday here at NAPCO Media, Target Marketing's parent company. (BTW: The regulations mandate privacy awareness training for everyone involved in processing data. So if you haven't done yours, you have about three weeks.) Stephan Garcia, founder of GDPR Superheroes, called in from his home in the U.K well after business hours local time to help us get a handle on everything GDPR is about.
On thing Garcia mentioned was that many of our concerns about GDPR compliance aren't shared in certain E.U. countries, like Germany, because those countries just don't have the same culture of data collection and purchasing that we have in the U.S.
This law and it's extra-territorial enforceability are about more than some new rights for E.U. citizens. It's a response to the fast-and-loose privacy attitude that's fueled the American Internet boom.
Backlash Against American Privacy Exceptionalism
The E.U. wants to get away from the fast and loose silicon valley approach to data. No more "Collect it all, we'll figure it out later." GDPR says privacy must be in your design from the beginning. Systems and business processes must be designed to protect citizen data and privacy rights from the beginning, not as an after thought.
American companies like Facebook and Google, and really all of the post-social-media digital world, were built on casual, almost accidental collection of data that could eventually be exploited to turn a profit — since none of them launched with viable business models.
Personal data is the market inefficiency these companies exploited to conquer the world. They collected it virtually for free and sold access to marketers for revenue. Users hardly batted an eye at offering data for the services. In many cases, users didn't even think of follows and likes as a form of personal data. Consequently, they assigned no value to these items and the resource of data was wildly undervalued.
GDPR is a recognition of this imbalance and the pendulum swinging back the other way.
It's also European governments taking some power back from mostly U.S.-based economic juggernauts. And old world culture re-asserting itself in a digital world that's been mostly built on Wild West rules. And across the world, it's people rectifying the value imbalance these data exchanges have exploited.
In other words, this is a culture war. GDPR and a raft of similar regulations in the E.U. and other countries is a sort of data conservation movement responding to Silicon Valley's data libertarians.
Marketers in the Middle
Marketers are caught in the middle. And, not to sound cynical, but the only right strategy here is to play both sides against the middle.
Make no mistake: Brands must embrace at least some aspects of privacy reform if you want to maintain customer trust. "All your data belongs to us" is not a viable PR position.
At the same time, we need data to do the kinds of marketing consumers want. You can't deliver personalized, optimized customer experiences without the data.
And there is a huge opportunity here to prove to customers that they can trust your brand with their data. Some companies have even taken wild leaps of data faith to prove it.
For example, Garcia talked about the U.K. pub chain J.D. Wetherspoon that actually deleted it's entire customer email database — on purpose — to show customer it was serious about privacy. Instead, Wetherspoon told customers to follow it on social media and visit the website for deals. It also launched a mobile app not long after, which of course is another way of collecting data.
Look for solutions like that; solutions that allow you to build customer trust and your data pool at the same time. That's going to be key to navigating the post-GDPR digital future.
A lot about GDPR looks daunting. But for savvy brands, it's a great opportunity to prove you're on the customer's side while building new ways to work with data and build higher quality customer experiences.