Marketers’ approach to data privacy is quickly evolving in the wake of GDPR—but perhaps not quickly enough. New research from account-based marketing firm Demandbase, in partnership with research firm Demand Metric, found that 23 percent of marketers surveyed were not even aware of GDPR, and of those who are aware, only 32 percent report that their companies are fully GDPR compliant.
Third-party vendors may be an even larger concern, as 80 percent report concern that their marketing technology vendors may expose their company to legal risks because they are not GDPR compliant. Based on these results, it is not surprising that nearly 75 percent of study participants also report that their companies will invest in technology to improve their approach to data privacy.
The study, Privacy and GDPR Survey, conducted about one month after the GDPR deadline, demonstrates that there remains much for marketers to learn and implement after the GDPR deadline. Survey respondents listed the top GDPR challenges for marketers as:
- Understanding the GDPR (57 percent)
- Data management (44 percent)
- Obtaining consent from users (40 percent)
- Technology barriers (37 percent)
“GDPR compliance is particularly important for the B2B industry because no company wants to do business with another company that’s going to be a liability for them,” said Fatima Khan, chief privacy officer at Demandbase, in a news release. “Marketing teams have a lot at stake to implement the GDPR regulations properly, which is why we have invested in taking steps toward GDPR compliance, such as internal training to protect ourselves and our customers from data privacy issues.”
Marketers are particularly concerned about obtaining rights to use data through consent. The research found that the main channels that companies use to obtain consent include:
- Email (80 percent)
- Online form (70 percent)
- Website notice or banner (48 percent)
When it comes to refreshing consent for customer email lists, respondents were nearly evenly split between:
- Asking everyone to re-consent (36 percent)
- Taking a limited country-by-country approach (35 percent)
- Not refreshing consent (30 percent)
In addition, the majority of companies surveyed (60 percent) are changing their global approach to privacy in light of the GDPR, with Europe and North America as the most affected regions.
“Companies have to recognize that the GDPR isn’t a single compliance action, but instead is the start of a continuous process of reevaluating privacy compliance as technologies and data processes evolve,” said Khan. “With that said, I do believe that these privacy changes will ultimately create more transparency and provide new opportunities for marketing departments to be more engaging, clear and customer-centric.”
The survey found that 86 percent of organizations value the protection of data from a significant to a moderate extent, citing customer expectations (73 percent) and legal responsibilities (72 percent) as the top reasons. Over 90 percent of respondents believe that ensuring data privacy will help their marketing team build trust with customers and also help their marketing team deliver a better customer experience.
The study results also examined companies’ investment in the GDPR compliance and found that 22 percent of study participants report that they are not spending any money on the GDPR compliance. In an analysis correlating investment to revenue growth, results found that revenue-stagnant companies are nearly twice as likely to report they are not spending any money on the GDPR. Revenue-growth companies were much more likely to report spending $50,000 or more on compliance.
The research surveyed 255 marketers globally from June 13 – June 28, 2018. The majority of respondents are employed at organizations with between 20-10,000 employees and come from a diverse set of industries, including business/professional services, consulting, education, financial services, healthcare, Internet, manufacturing, marketing, non-profit, retail, telecommunications and others.