When the dust settles on GDPR

If you’re still looking for loopholes in GDPR, you’re missing the point, says Patrick Smith, CMO at Cvent. He urges marketing leaders and event professionals to look for the value instead.

“Maybe not now, maybe not next year, but one day, when the dust has settled on GDPR, when most businesses have absorbed it, a few have been fined and the rest are still looking for loopholes, those of us upholding the principles behind GDPR, those of us who embraced it wholeheartedly, those of us who created transparency in our businesses, we will have earned the loyalty of our marketplace.”

General Data Protection Regulation has struck fear into many businesses. I get it. There’s a lot we’re supposed to be afraid of. As of May 25th GDPR is enforceable law. And there’s only one right side to be on.

As business leaders we’ve got people poring over the regulation, looking into penalties, punishments, breaches, backups, fines, fallout. But as our teams go off to do their Data Protection Officer duties, data audits and due diligence, did we forget to tell them why? Did we mention what’s in it for them? What do we stand to gain?

It’s time we looked for the value.

Regulation wranglers

If, like me, you’ve been in marketing for a while, GDPR isn’t your first brush with compliance and it won’t be the last. In the 19 years since Cvent started, we’ve seen ISO27001, Soc 1 & 2, PCI, the Data Protection Act, Privacy and Electronic Communications Regulation, Privacy Shield and the forthcoming e-Privacy changes. Regulation is a thing we wrestle with day in, day out.

When regulators say ‘jump’

Every wave of regulation is a chance to raise our game, do more than we’ve been asked to do, jump higher. Like with PCI – we went to Level 1, when at the time, Level 3 would have been enough to tick the box. Why? Because when regulators raise the bar, it’s usually because our customers need something from us. Responding to compliance is responding to customer needs. They’re asking for reassurance or protection. In the case of GDPR, it’s trust. And without customer trust, our businesses are dead.

Watch our short video about the Spirit of GDPR

Best practice marketing

Let’s be honest fellow marketers, we’ve all been up against a campaign deadline. We’ve all made a last-minute push to meet Q4 MQL targets. We’ve all looked at our KPIs and wondered how we’re going to get there without doing things the easy way, not necessarily the honourable way. But now, let’s take GDPR as a chance to do what’s right by the consumer. GDPR won’t be the death of outbound marketing, but hopefully it will be the slow demise of spam, automatic opt-ins, shabby privacy standards and lazy list mongering. GDPR could herald the birth of best practice, honest, open, friendly consent-based marketing. And for those of us who pledge to truly respect our customers’ privacy, a chance to shine.

Trust dressed as compliance

Consumers have a rapidly growing sense of the value of their personal data, an increasing awareness of their right to privacy. The public demands and deserves to know the good guys from the bad guys. Transparency is a way to show you’re one of the good guys. Embracing regulation with open arms and going for better-than-it-needs-to-be compliance shows you’re one of the best – and worthy of trust.

Transparency makes you vulnerable

GDPR compliance isn’t easy. It’s a high standard to achieve, particularly as there are still so many grey areas. Despite our size, strength and tech security expertise, it’s taken time, money, an all-hands-on-deck mentality and extensive legal counsel. Not all businesses can afford this belt-and-braces approach. And as marketers, we’ve accepted that GDPR potentially means fewer names in our database, fewer prospects in our pipeline, fewer conversations. After all, asking people if they want to hear from you means you risk some of them saying “no”.

Spirit of GDPR

But just look at what we’re left with after all the GDPR deadline drama: prospects who want to have conversations, people who invited us in, who trust us, who really are listening. Good, clean honest data practices bring results – higher open, opt-in and conversion rates. Under GDPR, marketing will be better and do better. Understanding the spirit of GDPR, who wouldn’t want a world with GDPR in it? This is the vision that drives me – and everyone in the Cvent community.

Special place for events

And of course, there’s a special place in all this for events. Those among us who believe in the power of live – the power of face-to-face, sharing a space, looking people in the eye and shaking their hand.  We’ve always known that events are where business gets done and trust gets built. Where a willing business card swap is the start of a real conversation. In a world where trust is our most valuable commodity, events are right at the heart of the marketing mix. For event believers, GDPR is another reason to run the best events we can run.

Final nudge to automate

Automation plays a huge role in the quality and success of our events. End-to-end platforms like ours take much of the risk (and legwork) out of event planning. Data is handled with care across the platform and the dozens of other CRM and marketing systems it integrates with. For those organisations still working off delegate spreadsheets, GDPR is a compelling conclusion in the business case for automation.

It takes a village

As events professionals among us will know, events are never a one-man or one-woman show. There’s a whole ecosystem of third-party suppliers we rely on to make our events happen: venue owners, hospitality teams, caterers, temps, freelancers and travel agencies. Any one of our sub-contractors could let us down on the day. That worry already keeps planners awake at night and now GDPR adds a new dimension: if a supplier puts delegates’ data at risk, it’s the event organiser’s problem.

Be nudged

This new responsibility is a good reason for planners to grill suppliers about the steps they’ve taken towards GDPR compliance. It’s an extra reason to choose trusted businesses, ones that can prove their own compliance. When we trust our suppliers, our attendees trust us. GDPR is a nudge towards the best practice we’re aiming for. Welcome the nudge.

Willingness not readiness

A sense of urgency around GDPR is understandable. The EU data protection authorities are serious. But there’s a reason why they’ve given us two years to get our heads round GDPR: they know it’s big.

That’s why I believe it’s not about readiness, it’s about willingness. Businesses that can show they get it, share the faith in what it’s trying to do, prove they’ve made big changes, or are at least taking big steps towards it, should avoid the regulator’s wrath.

At Cvent we’ve already made hundreds of modifications to our processes and products to incorporate the principles of the new law – strengthening security, building trust, offering transparency, protecting privacy, respecting rights – and we’re making more.

GDPR is giving us an opportunity to show our true colours – let’s take it.


Written by Mansi Soni