"If a captain's highest goal were to preserve his ship, he would keep it in port forever" (Thomas Aquinas). This powerful reflection opens the summary of the survey on regulatory compliance prepared by the digital identity company Gygya. With regulations that have caused rivers of ink to flow, such as the General Data Protection Regulation (GDPR), and with increasingly intense debates oncompliance issues in many business environments, the research seeks to identify the extent to which leading companies are directing the challenge of compliance toward generating a competitive advantage in their market sector.
The company's CMO Council report posed the following question to 200 senior marketing executives: "Who is responsible for ensuring GDPR compliance in your organization?" In light of the results, this question has proven to be particularly relevant, given that there is a division in the market that is precisely defined by the opportunity vs. burden approach.
The results of this survey are as follows:
- Slightly fewer, 27%, have chosen to put the chief information officer (CIO) in charge.
- Around 1 in 6 (17%) believe that this role falls to the chief marketing officer (CMO).
- For 1 in 10, the chief operating officer (COO) takes on this task.
- Below that, 8% assign these functions to the chief financial officer (CFO).
- Only 1 in 25 believes that a chief data officer (CDO) should be at the helm.
- And finally, one in three decided to create interdisciplinary or multifunctional teams to address the situation.
The apparent overweighting of IT/CIO departments is determined by the preeminence of security and risk mitigation approaches. Given that these professionals are responsible for "keeping the lights on and protecting the business," and given that regulatory non-compliance can result in significant penalties, it is somewhat normal for these departments to take the lead in this task. This can even go so far as to jeopardize the effectiveness of other programs, such as marketing.
There is a second reason for the size these departments have grown to, which is that European regulations focus on data collection and processing. And technical experts may be best equipped to find gaps in companies' systems. However, according to the research, "by viewing this project as a checklist of system and policy updates, you miss the opportunity to put the customer first and differentiate yourself in a market increasingly driven by customer experience." Added to this problem are the costs in time and resources of launching an IT-focused approach in the first place. In short, "the ship may sail to its destination port, but it will have taken a longer route than necessary."
On the contrary, the marketing-focused approach, the study estimates that "the database of prospects, leads, and customers has the best chance of remaining robust," as "marketers are hungry for data." This approach, however, may lead to the risk of GDPR violations, as evidenced by the fact that a large proportion of emails sent by companies in the days leading up to May 25 (the deadline for compliance with the European regulation) did not, in fact, comply with GDPR requirements. A race at full speed to preserve data... which may end in a complaint, an investigation, and a more than likely penalty.
The middle ground can be found in the large percentage (33%) that has opted for multifunctional teams, an approach that "allows stakeholders to align behind a comprehensive strategy that balances customer experience, technical, regulatory, and business requirements." This is a critical factor when you consider that, according to the study, 4 out of 10 respondents said that their GDPR readiness audits uncovered more data collection points than initially estimated. If these points are not addressed, the company risks non-compliance with GDPR and a breach of customer trust.
In fact, according to the company, multifunctional devices enable GDPR compliance with the following features:
- Standardized: Consent requests are unambiguous and verifiable, even as policies evolve
- Centralized: facilitates the application of explicit consumer consent options across the digital ecosystem
- Integrated: Seamless digital experience, regardless of platform or device.
- It helps address GDPR requirements and, more importantly, build trust with customers who differentiate themselves in the market.
In smart companies, compliance policies go beyond an attempt to avoid some type of administrative sanction. "To be successful, these companies go beyond the technical requirements of regulation to refocus their customer experiences with trust at the forefront. They are balancing regulatory compliance with customer needs," the study notes.
These efforts require full buy-in from stakeholders across the enterprise. When successful, the company will reap the competitive advantage: more trustworthy customer relationships, better ROI, and more brand advocates. "The value of customer data is at an all-time high, and ensuring that it is accurate and available at every touchpoint will create experiences that truly differentiate your business in the hearts and minds of your customers."
The goal is to create unique, unified profiles for each registered customer, consisting of customer identity information, consent information, preferences, and information on the status of each customer account. Unified customer profiles strengthen customer trust because they encourage the application of these preferences throughout the organization and because the resulting analyses will yield more accurate and actionable results for marketers. Personalization in the form of recommendations, communications, customer service, and even in-store experiences will be "more relevant, consistent, and valuable."
Photo byCharles Deluvio ????onUnsplash
