In a move to give back the EU’s citizens control of its data, the EU has passed on the GDPR and was approved on April 26 2016, which will take into effect this coming May 2018. Though EU-centric in nature, the regulation will have – and have had – a profound effect on countries outside the union as well.
That includes us, ThinkLogic, who operates from across the world serving organizations based in Southeast Asia.
GDPR in a nutshell
One phrase perfectly summarizes the GDPR: “privacy by design and privacy by default.” This concerns the way data are stored and secured against attacks, as well as the means in which data were collected in the first place. In other words, consumers must be explicitly made aware that information were collected, and that these collected data must be safe from any form of attack.
Furthermore, it requires data controllers – people directly involved in the collection and processing of data – to be more transparent with the data they collect and that they adhere to subject rights such as:
- right to be forgotten – data removal must be as simple and straightforward as its collection.
- right to access (and to portable data) – Consumers must be made aware of what data was collected about them, as well as the purpose of having collected them in the first place. All of this in a format that is easy to transmit and read.
- notification to data breaches – data processors are required to notify customers and data controllers of breaches within 72 hours.
Organizations in the EU found to be non-compliant with the regulation can be fined 4% of their annual global turnover or 20 million euros – whichever value is higher. The GDPR’s scope also extends to companies outside the EU if they are controlling, storing, or processing data containing EU citizen information.
The final text of the GDPR can be found here.
Regardless of the how specifically it will affect nations outside the EU, one thing is clear: consumer expectations worldwide will shift, and they will demand for greater transparency, more control over where and how their data is collected, and, of course, greater control over what they give out.
ThinkLogic and the GDPR in the context of technology
Perhaps the most straightforward – but not in any means easy – topic of discussion is that of data storage and protection.
ThinkLogic has long appointed an internal Data Protection Officer (DPO). The DPO has sole access to the individual entries to the database. During data processing, the DPO himself allocates individual rows to the lead generation specialists and collects them back after they are spent. Everything is accounted for, and only those that have been qualified to a level matching the campaign requirements are released to the client.
The DPO has been appointed on the following grounds:
- he has a thorough understanding of how data is processed.
- his responsibilities as the DPO and database manager do not conflict, as both job titles share the responsibilities of data safety.
- he is familiar with IT systems, and is in constant communication with the IT heads in keeping the systems regularly maintained and updated.
As for the storage and management themselves, ThinkLogic operates an in-premises server for our in-house contacts management platform. It is only accessible from within our local network or through a VPN, and its disks are protected with full encryption.
ThinkLogic and the GDPR in the marketing context
ThinkLogic’s commitment lies in driving meaningful results for our clients. To do that, we place the greatest value on making the telemarketing and lead generation process as positive as possible an experience for our prospects. That said, we continually refine our qualification process with the prospects in mind. The changes we introduce are aligned with what prospects expect from a brand – the clients we represent. Genuine concern for their user base and interest towards a more efficient workflow, we believe, should top the list of consumer expectations brands should meet.
Not much has changed in our qualification process between before and after the introduction of the GDPR. Not because we’re beyond the scope of the regulation – we actually often find ourselves dealing with European data – but because our interest-based approach has always had consumer consent baked into the core of our lead generation process.
We work only through contacts that have been prequalified and have agreed to receive further qualification, even at the very top of the funnel. As we nurture and qualify them further to pass on as leads, the same set of permissions are acquired before they are delivered to the clients’ sales teams. The key to our process is the genuineness of our messages and its consistency across the funnel, without which our conversions rate wouldn’t be as it is today.
What we foresee will change is how B2B marketers, especially those at the top of the funnel, will have to evolve and be more creative in the collection of data. This will shape the future of the competition for years to come.
As a company that puts its clients and customers first, ThinkLogic sees the GDPR as a major step forward in improving the marketing landscape. Because let’s face it: marketing and advertising will only continue to work effectively if everyone involved has the same positive experience around them.
The road ahead is filled with onerous challenges. No matter the region, consumer expectations will grow to be more defined and stricter about their rights to privacy. As such, top-of-the-funnel marketers are going to have to put a lot more effort and ensure opt-in explicitness. The competition will be an interesting one as message creativity starts to become an integral part of marketing.
In the end, the GDPR is going to make consumers win by default – and with a head start to boot. That’s the first step to creating a positive experience for them. All marketers now have to do is to play their cards right, find a way to meet them halfway, and keep things positive for everyone.