On the 25th May, 2018, the General Data Protection Regulation (GDPR) will come into law, and will have huge implications for any business, from anywhere in the world, which holds, processes, exchanges and deals with the data of EU citizens. If a company is found wanting in any breach of EU customer data, or is caught sending unsolicited communications to their European base, nations that have signed up to the regulation are well within their right to exercise crippling fines – a maximum penalty of €20 million, or four percent of your annual global turnover. Whichever happens to be larger. Yikes.

Let’s put that into context. Coca Cola, registered in the US, announced an annual global turnover of $40bn last year. Let’s say, on the 26th May of this year, Gary Glummer, 53, from Grantham, UK, reports that Coca Cola has sent him their ‘sounds of summer’ emailer, despite never opting in to marketing communications. In a post GDPR world, the bill from the UK Home Office could amount to $1.6bn (service included).

Gary Glummer. Grantham. $1.6 bn.

This speaks volumes about the seriousness with which global lawmakers are taking the misuse of customer data. Arguably, given the huge breaches of private data over the last few years (think Facebook, TalkTalk and even the British Government), this is a knee jerk reaction to the good-guys of cyber security being caught out time and time again by the relentless appetite of cyber-criminals – and the public suffering as a result.

Given the potential fines outlined within GDPR, it’s surprising that inertia is the prevailing attitude amongst many businesses. Worryingly, even the marketing and CRM sector has been sluggish to readjust to the approaching new-normal – the feeling is that GDPR is simply too big to concern itself with Start-Ups and SMEs. It’s impossible to predict how far reaching and swift the long arm of the law will be when implementing GDPR, but given the ‘game-over’ fines on offer, is it worth taking the risk?

Now, before calling it a day and setting up that beach bar in Trinidad, you’ll be pleased to hear that it’s not all doom and gloom. Where GDPR taketh with one hand, it giveth with another – and savvy brands and marketeers could even profit against the sluggishness of the competition. We’ve outlined some quick tips to set yourself up to win in a post GDPR world:

1.Double Opt-In your Database

A customer on your base can’t be contacted (outside of legal/service messages) unless they have double opted-in to receive marketing communications. This means completing an online form, and then reconfirming they are happy to be included in marketing messages via an email or SMS confirmation link. This is retrospective, meaning GDPR will render the majority of your database unusable overnight, so putting in a clear, valuable, content-driven double opt-in programme before the legislation hits is vital to protecting and enriching your existing customer base. The temptation is to see this as a low priority, and a drag on resources when other short-term projects should take precedent, but why not try to be innovative? Why not opt-in and activate segments of your audience with the high value content you’ll need to create anyway? Later this year, when the dust has settled, you’ll find that you and you alone amongst your competition have a database worth cultivating. The long-term benefits of being diligent now could be critical to winning later.

2.Buy data now

If you work with list brokers, then you’ll know that they can be a cheap source of large lists that bolster the volumes of your sales comms. This is expected to change dramatically post GDPR – bought lists will be smaller, harder to procure, and almost certainly more expensive. Given that the price of data is set to rise exponentially come May 25th 2018, why not cash in now? Buying lists before the regulation kicks in, and including them in the double opt-in activity you are going to have to carry out anyway, could mean you wind up with an even bigger database than before – one you don’t have to invest in, and one that has already advocated to receive your GDPR compliant messages in 2018 and beyond?

3.Keep a clear record

Ironically, the one way that marketeers will be caught short post GDPR will be at their own hands – a rash email shot off to a not-so-opted-in prospect would be all it takes for Amber Rudd and her gang’o’bailiffs to come knocking. What’s more, consumers will be conscious of what GDPR means for businesses, and more inclined to whistle-blow if they suspect foul play. The key will be to keep a clear record of your data, use a good CRM and comms system that allows an adequate level of historical reporting, and build a round of assurance into your campaign delivery process that ensures all contacts are double opt-ins. This means that if one of your contacts does raise an eyebrow, you’ll be ready to put them, and the GDPR gods, at ease.

Use a good CRM system?

Sure.

No-brainer.

But the reality is that the majority of businesses will wake up on the 26th May without having thought of any of the above. Except for you, now, hopefully.

So, before you grab an arm load of baked bean tins and make for the Anderson shelter, be reassured that there is life after GDPR. The night is always darkest before the dawn, and with bases set to only be populated with engaged and advocate audiences, communication metrics are expected to rise, customers will actually want to hear from you, and you won’t be haunted by nightmares of sky-rocketing unsubscribe rates. Do GDPR right, and everyone wins.

At EarlyWMC, we consult on the communications strategies of both our B2B and B2C clients, within multiple sectors. Our strategy team understands the pitfalls and opportunities within GDPR, and the impact it has on how you will be able to continue to do business. Drop me a line at matt.valenzia@earlywmc.com to discover how we can help you to navigate the regulation, and build a results driven marketing strategy for 2018 and beyond.