GDPR enforcement may be driven by fears of liability
But its implementation could be hampered by a lack of clarity about exactly what kinds of consumer data it covers.
As GDPR Day (May 25, 2018) approaches, the experience of at least one complying marketing firm illuminates two major but hidden factors — one that could drive compliance and one that could hinder it.
The hidden factor that could drive compliance with the General Data Protection Regulation: liability.
Yes Lifecycle Marketing is a Portland, Oregon-based cross-channel marketing services firm, helping client companies with website customer preference centers (where email newsletters might be selected), email, SMS, push notifications and Facebook.
SVP Marc Shull told me that his company has been working toward compliance by initiating new processes, consulting with outside experts, reviewing “every single screen” it offers, instituting new data governance policies, coding new capabilities to readily accommodate requests to change or delete personal data and other efforts.
In other words, Shull said, Yes Lifecycle is making a good faith effort to comply. About 10 to 15 percent of the company’s business comes from the European Union, he said, plus his company interprets the regulation as applying to any EU citizen wherever they are, or to any resident of the EU, whether an EU citizen or not. That pretty much covers all markets.
Yes has about 200 client companies, some of which are in the Fortune 500. But each of those companies also has dozens if not hundreds of other service providers.