GDPR Blog

GDPR: Finally Some Peace For Sales And Marketing. Or Not?

Mike Flache
by Mike Flache
3 minute read

The GDPR reporting over the last few weeks reminded me a little bit of the movie “2012” by Roland Emmerich.

Thank God …

… Europe “survived” May 25, 2018. And the rest of the world seems to have gotten off lightly 😉

The new General Data Protection Regulation (GDPR) is now in force. In recent weeks, this topic has tied up large resources in many companies. Across all departments.

As a business angel and investor in high-tech startups, but also as a digital adviser in companies from traditional sectors, I was able to experience live what that means in concrete terms.

I would like to share my insights on the challenges in sales and marketing in this article to raise awareness of the implementation tasks for the forthcoming ePrivacy Regulation.

First, let me say that the companies, their employees and most of the partners, such as lawyers, consultants and agencies, have done a stellar job. This is especially remarkable considering the fact that “digital business” certainly isn’t part of the core business for some companies like, for example, mechanical and plant engineering or companies in the oil and gas industry.

However, the behavior of individual partners of the organizations certainly gave me a few more gray hairs during the implementation process.

First of all, some lawyers could certainly (and really should) give much better advice on their “key issue of data protection”. On the other hand, some consultants and agencies could have demonstrated (and also have to) much more clearly how sales and marketing processes will continue to change in the future (long-term perspective).

Because the bottom line is mainly about two key aspects:

  1. Protection of personal data
  2. Expanding digital value creation in sales and marketing

The latter also includes the new framework conditions of the GDPR.

Unfortunately, my experience in the individual cases mentioned above is that both the quality of the process and the result were unsatisfactory.

This can be illustrated by looking at three challenges:

  • In terms of content, the main focus of many lawyers was the revision of the privacy policy. In individual cases, however, this was based on sample texts instead of the actual facts and procedures of data processing in the respective company. I have no other explanation for the sometimes “very thinly” formulated paragraphs (e.g. just 5 lines regarding the use of Salesforce as a global CRM system). And all that without considering all other necessary topics and issues that go beyond a privacy statement.
  • From a technical perspective, most of the consultants and agencies were busy converting sites to be GDPR compliant. Among other things, the focus was on implementation of SSL security certificates, adaptation of forms (keyword: data economy), as well as optimization of the handling of cookies and their various characteristics. My spot checks after May 25 showed that, while 9 out of 10 corporate websites have a cookie notification, 4 out of 10 continue to generate tracking cookies, even if the visitor has NOT EXPLICITLY AGREED TO them.
  • Of course, in terms of time, everyone involved, internally and externally, was under enormous pressure to meet deadlines until May 25. That’s completely understandable, especially when it comes to the implementation of such a comprehensive topic like the GDPR. For me, however, it is an absolute “no-go” that deadlines for projects with this significance were not met by individual partners on MULTIPLE occasions. Especially since all information and briefings were available on time. In the worst case, the preparation of a comprehensive privacy policy was simply “left alone for 4 weeks” without feedback.

(Note: All of the above challenges have been resolved to date.)

So, what is the conclusion of my findings?

One thing is clear:

The point is certainly NOT to blame individual attorneys, agencies or consultants for being categorically “incompetent” in terms of GDPR implementation. There’s no reason for that at all. This is highlighted by the many positive counterexamples – people and teams who tackle these tasks with passion, transparency and team spirit.

Instead, I would prefer to raise awareness among the companies and partners of how important (and ultimately crucial for success) proper teamwork is for such a complex topic as the GDPR. Every participant has unique skills and strengths. The key is to bundle them in the interest of creating value.

In addition, companies are well advised not to consider the tasks related to the GDPR completed as of May 25, 2018. Quite the contrary! The topic will continue to affect us over the coming months, especially in light of the upcoming ePrivacy regulation.

Sales and marketing will continue to change drastically. I will shed more light on what that means for the value creation in one of my next articles.

P.S.: Personal consent to data processing assumed 😉

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn how you can maintain better security and compliance in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

About the author

Mike Flache

Mike Flache

Mike Flache is a business angel and investor. Together with multinational teams, he builds digital business worldwide. Mike is involved in 15+ high-tech startups around the globe. As a mentor, he supports teams from traditional industrial companies in their digitalization efforts in selected cases. The analysts of Onalytica list him as one of the Top 10 global influencers in the field of digital transformation. As a recognized thought leader, Mike collaborates with global brands and Fortune 500 companies, such as Huawei.