Has the fog of GDPR cleared away?
GDPR came into force on 25 May, the culmination of months of debates and discussions. In this guest blog, Jenner Carter, Head of Marketing at Lime Venue Portfolio and Marketing Chair for the UK's Hotel Booking Agent's Association (HBAA), explores the aftermath of GDPR with HBAA members.
In the run-up to deadline day, there was clearly still great uncertainty about GDPR and many people saying ‘let’s wait and see’. Reflecting on this, a series of campfire sessions with HBAA members provided a good opportunity to invite more than 30 event industry professionals to share their thoughts and experiences, to see if any of GDPR's feared consequences had occurred, or if there was any greater clarity. The discussion created an interesting snapshot of how far GDPR has evolved so far.
The months leading up to 25 May
Looking back, the majority of industry professionals recall a huge amount of scare-mongering in the press and dozens of organisations looking to make a quick buck by offering advice, seminars, training et al. Intelligence was being collated from the ICO website, internal legal teams, business white papers and many, many more. It all created a ‘fog’: a lack of clarity and major conflicts of interpretation, and none of it was fondly remembered.
The general amount of frustration within organisations should not be underestimated. Some remember open arguments within their organisations on exactly what the law was saying, what they could do, what they couldn’t do. Many empathised with this; in every office there seemed to be one person who said, 'let’s just carry on regardless’, and another who thought that absolutely everything and anything could result in trouble under the dreaded GDPR regulation.
Whether conversations had begun 18 months ahead of deadline day, or just in the final weeks up to 25th May, there was universal agreement that the cost was great, both in time and financial output. This has been a costly process.
Is the reaction to mention of GDPR calmer now? No, not really; companies are still incredibly worried about the enforcement of GDPR. Fear is caused by the potential that organisations could have got things wrong and may find out the hard way, with penalties including financial and reputational damage. Most people seem to be waiting for the ICO to fine the first company; a major blue chip company or someone smaller? Either way, seeing where people went wrong could produce a little more clarity for everyone else. Quite a few people even equated GDPR as a PPI claim issue waiting to happen, foreseeing call centres driving legal action against companies who may or may not have breached GDPR.
B2C or B2B?
The campfires revealed that some organisations believe that the GDPR was more predominantly aimed towards consumer data and less so business to business. What was not in question is the fact that most businesses had responsibly made efforts to ensure best practice on both sides of the B2B and B2C coin.
When the campfires explored the tangible effect on the volume of data carried by businesses post GDPR, some had heard of instances where B2C lists had been cut by up to 90%, others felt that data had actually been cleaned and that it was richer because of GDPR. Those that now have compliant databases didn’t seem so worried by it, everyone seemed to accept that data is about quality rather than quantity.
Where are we now?
The majority of the participants felt they were well on the way to GDPR compliance. This may mean that they weren’t compliant yet, but that they would be very soon, and were comfortable that the process was an ongoing one.
But was it all worthwhile? Would it make their data richer and therefore their marketing and business better? Most said that the whole process has been painful and costly (again, that’s time and money) but predicted a longer-term benefit from the process they went through as a result of GDPR; that this was a pain worth bearing in order to look at new ways of using data to benefit their businesses.
So, in the post GDPR events industry, which businesses have created a framework for GDPR compliance? Most had put in place the continual removal of old data and regular ‘check-ins’ with customers on their data etc. Statistics do show that consumers value their data, but have no problem with sharing it, as long as they get something in return. The question is now, what can events businesses give to customers to incentivise them? It’s something the industry needs to wrestle with, and the answer isn’t obvious.
The scars from GDPR are still there. The event industry has had to look deep into itself and change the way it acts around data. For some this was simple and easy, for others it presented a clear and present risk to their businesses and the need to invest a great deal of money to protect themselves.
In the run up to deadline day, the words GDPR were met with a mixture of confusion and frustration and, according to those that attended the campfires sessions, still are.
The lessons are still being learnt, the fog still clearing so it will be interesting to revisit this later, perhaps around the first anniversary next year.