GDPR fines shouldn't be the biggest concern for marketers, according to marketing tech company Dotmailer - instead, they should be worried about the reputational damage that arises from not acting in customers' best interests.
GDPR comes into force in just over a month, and one of the biggest concerns for companies is the hefty potential fines for breaching the new regulation, with a maximum penalty of 20 million or 4% of the company's global annual turnover - whichever is higher.
However, while these figures are particularly alarming for many marketing departments (which by definition deal with vast amounts of personal data), Dotmailer's client service director and Digital Marketing Association non-executive director, Skip Fidura, said that the more pressing danger is not the response from regulatory bodies but from customers.
"Forget about the fines! That's the headline; that's what they want you to hear," he told attendees at Dotmailer's annual customer summit in London. "Think about the cost to your business if you lose your reputation by betraying that trust."
As GDPR has not yet come into effect, there are currently no examples of this effect, but to illustrate his point, Fidura cited the case of TalkTalk, which suffered a catastrophic data breach back in 2015. The company received a fine from the Information Commissioner's Office of 400,000 for its poor handling of the incident, but even though the corresponding penalty it could have incurred under GDPR would have totalled almost 60 million, Fidura argued that this still didn't compare to the company's loss of reputation.
"TalkTalk was fined 80% of the maximum possible fine at the time: 400,000. Peanuts for TalkTalk," he said. "But they lost 1 billion off their market capitalisation. Way more than any percentage of the maximum fine under GDPR they would have faced. The fine is just the headline - it's the loss of reputation that you've got to worry about."
However, he stressed that GDPR "does not fundamentally change what [marketers] are trying to accomplish, and that's to get the right message to the right person at the right time".
John Mitchison, director of compliance at the Digital Marketing Association, called the legislation an evolution of the UK's current law, the Data Protection Act 1998. "Many of the problems that people come to me with as director of compliance at the DMA... they explain the problem that they've got, and I realise that it's not a problem with GDPR, it's a problem with the [Data Protection Act]."
"They've been doing things wrong, or in contravention of the DPA, for many years, and only now starting to worry about rules. The stretch between the current Data Protection Act and GDPR is not a huge distance. If you're doing things under the current regulations compliantly, then coming up to the standard of GDPR shouldn't be that big a stretch."
As part of the summit, Dotmailer also announced a series of product updates to its email and marketing automation platform, including new data protection features to help companies work towards GDPR compliance. This includes a new tool called Consent Insight, designed to give marketing departments more information about their customers' consent in order to prove compliance to regulators, including the text of the consent agreement they signed as well as their location, IP address, browser and more.
A new tool has also been launched to allow quick and easy exporting of this data in order to comply with Subject Access Requests - another GDPR component that allows consumers to request a copy of any data held on them by a company. This is also combined with a new functionality for deleting all of a customer's data from Dotmailer's platform if required, which includes a recycle bin to protect against accidental deletion.
All of the new features will be available for free to all Dotmailer customers.
