The new marketing landscape - and the proliferation of fake GDPR news

The new marketing landscape - and the proliferation of fake GDPR news

Marketing has never been simpler - or more complicated.

Simplicity comes in the form of immediacy. If you want to react to a trend or build momentum, there are now multiple channels where you can have content, offers, links and reaction posted within minutes or hours. You can change an offer in a heartbeat and engage your audience with images, video and commentary and build customer data in a multiplicity of different ways.

But the advent of the GDPR brought the complex legislative and ethic frameworks in which marketing operates into sharp focus. It wasn't as if data protection laws hadn't existed before - it's just that many organisations found it relatively easy to ignore the EU directive 95/46/EC (DPA 1998 in the UK). Consider, for instance, the number of high profile data breaches that have been exposed since 25th May 2018: Air Canada, Superdrug, Ticketmaster; now that reporting is mandatory. Did those organisations suddenly become super leaky because of GDPR? It's probably best not to extrapolate back to what might have been lost over the last 20 years.

So how are marketers supposed to keep up? They already have a remit to understand an ever changing array of channels and platforms. Then there are audiences and micro-audiences to consider. All this within tight budgets (the internet is free after all...) and tighter timelines. It is little wonder that the complexities of data protection have fallen down the priority list.

The danger is, however, that the imperative to understand the GDPR and its burgeoning family members: PECR, UK DPA 2018; plus a realisation that every other country's data protection legislation must be considered; forces time-poor marketers to get their learning from attractively produced, bite-sized white papers produced by vendors who themselves have an incomplete understanding of the law. These documents seek to distil the regulation down to single applicable facts that are usually one of three things: 1) correct; 2) correct but only in certain circumstances, or 3) erroneous; the veracity of the information is often directly related to the geographical location of the organisation producing it.

Applying the GDPR to marketing is a bit like raising children. With the first one you read all of the books; pick out the advice you like and stick to it doggedly, only making changes when something patently isn't working or goes disastrously wrong which forces you to invest in some personalised expert advice. Next time around, you think you have it sorted, only you forget that the product is unique, making you realise that your skillset is incomplete and once again you have to go back to the books and the experts. When number three arrives, you have bags of experience, and the flexibility to understand what you should apply to the situation and what simply won't work. The book is on the shelf, but you know what pages to reference and when to ask for a second opinion.

What is key for marketers is the ability to acknowledge what you don't know. It isn't enough to say 'I used legitimate interests because vendor x said it was OK in their whitepaper' or something similar. A privacy professional will tell you that your legitimate interests basis needs to be backed up by an LIA and that it will have ramifications in your database with regards to retention times, data subject rights etc., all of which need to be recorded. It isn't enough to rely on hearsay and soundbites gleaned from internet searches.

They say it takes 10,000 hours of deliberate practice to become world-class in any field. Marketers would be hard pressed to find this time to get up to speed with the data protection legislation that permeates every aspect of their work, and they probably don't need to, but that's no excuse for avoiding the task. Some investment is required, whether this be face-to-face training, attending live events or using the learning tools provided by their industry bodies; if only so that they can spot the fake GDPR facts that have proliferated over the last 12 months in order to avoid them.