Despite considerable attention from a variety of vendors before it came into effect this past May, a survey by DemandBase and Demand Metric shows only 32 per cent of B2B marketers are fully compliant with GDPR and 80 per cent worry that a lack of compliance among their vendors will put their firm at risk.
DemandBase and Demand Metric surveyed close to 250 marketers from large organizations for the study, which showed that nearly a quarter, or 22 per cent, of marketers weren’t aware of GDPR, a privacy regulation from the European Union that affects any organization that does business with EU customers. GDPR, which stand for General Data Protection Regulation, requires organizations to take a greater opt-in approach to gathering and using data from their customers, and charges fines of up to four per cent of a firm’s annual revenues if they fail to comply.
One of the more interesting findings in the survey was the relationship between companies with revenue growth and the level of investment they are making in GDPR compliance. Revenue-stagnant firms, for instance, were twice as likely to spend nothing on GDPR, compared with growing firms, which were spending 50,000 or more. Overall, 22 per cent are spending nothing on compliance with the EU’s directive.
DemandBase’s chief privacy officer, Fatima Khan, suggested companies should take a long-term view of GDPR compliance and consider the value it brings to customer relationships, rather than merely the cost or inconvenience.
“It’s important to think about privacy in a post GDPR-world as an opportunity for a company to develop data transparency within their organization and build trust with customers,” she told B2B News Network. “Marketers should also realize that compliance with the GDPR is a journey – it’s a multi-stakeholder effort that requires continuous evaluation of data practices and updates in light of evolving law and technology.”
Perhaps understandably, understanding GDPR topped the list of challenges at 57 per cent, while 44 per cent said they struggled with data management and 37 per cent cited technology barriers. Khan said the results from her firm and Demand Metric also reflect the difficulty in ensuring the ecosystem of marketing technology providers a B2B firm works with is up to par with the regulation. She said DemandBase has responded by creating a summary of its security practices and other documentation to answer any immediate questions.
“Companies are reasonably concerned about the associated risk,” she told B2B News Network. “Wendors should be prepared to address questions about their security and data practices in advance to minimize the effect this diligence requirement may have on purchasing cycles.”
Demandbase has also created a variety of internal resources to further employee education and awareness on privacy, security, and data responsibility, Khan said. Among other things, these resources include written materials on privacy and security like an internal wiki, privacy awareness through company-wide meetings, and a roadmap for future training.
Getting customers to give consent in advance of GDPR led to a flurry of e-mail messages from many companies in early May. The DemandBase and Demand Metric research backs this up, with e-mail cited as the dominant channel by 80 per cent, followed by online forms at 70 per cent and web site notices at 48 per cent. Khan said DemandBase has put in place control mechanisms to address its obligations, such as allowing individuals to opt-out of marketing emails.