Offence, Defence and The GDPR Balancing Act
In the never-ending commentary surrounding General Data Protection Regulation (GDPR), it has become a cliché to suggest that the regulation should hold no fear for those who take data compliance seriously. What this overlooks, however, is the wide spectrum of data maturity on which many different businesses sit.
Take advertising. In the not too distant past, most “personalised advertising” was managed through the not-so-high-tech medium of a letterbox, or perhaps telephone. Advertising was targeted, but little of that targeting was personal.
How things have changed.
In the blink of an eye, agency groups have become data giants. The “big five” in our sector have spent billions acquiring data businesses – including our own acquisition of Merkle, a leading US data-led marketing business in 2015. Beyond our own businesses, we operate in a marketing ecosystem now dominated by data. This transformation has been fast and dramatic. At the turn of the century, money spent on digital advertising channels barely registered on industry surveys. Today, nearly 40 per cent of advertising spend worldwide flows to digital channels - in markets such as the UK and China it’s 60 per cent and still growing in double digits year-on-year.
Amidst this incredible pace of change, the GDPR has also had massive impact on consumer perceptions. This year, Dentsu Aegis Network’s surveyed 44,000 people across 24 countries as part of its Digital Society Index. The report’s central question is a simple one: how do people feel the digital economy is working for them?
The results make uncomfortable reading for those of us in the data business. Whether thinking about the rise and rise of digital technologies, or the data that fuels them, people are far from convinced that these innovations are always serving their best interests. An overwhelming majority (64%) believe misuse of data is driving distrust, others point to fears about automation, the tax arrangements of digital giants or the unequal and excessive accumulation of wealth in the technology sector.
Today, nearly 40 per cent of advertising spend worldwide flows to digital channels - in markets such as the UK and China it’s 60 per cent and still growing in double digits year-on-year
For all of the progress we’ve seen - and the vast potential still to come - it’s clear that as consumers and citizens, we lack confidence that the digital economy is working for everyone.
What fascinates me is how the speed and scale of these changes are forcing marketers to blend data “offense” with data “defense” (a hat-tip here to Leandro DalleMule and Thomas H. Davenport’s excellent HBR article “What's Your Data Strategy?”). Faced with access to volumes of data unimaginable just a handful of years ago, a near-vertical learning curve and the high-profile arrival of the GDPR, data specialists in the marketing field are grappling every day to get this balance right:
1) Balancing consumer expectations – Marketers face sky-rocketing consumer expectations in terms of personalisation, convenience and seamless experiences – whilst simultaneously managing fast-rising concerns regarding the use of personal data. There is, of course, an inherent tension between the two.
2) Balancing risk – Like oil, extracting value from our data resources involves risk. It may suit some to claim so, but GDPR is not a binary question of right or wrong, compliant or non-compliant. It demands a managed approach to risk (both reputational and regulatory) if businesses are to extract value from data in a sustainable way.
3) Balancing client demands – For agencies in particular, GDPR is changing the nature of relationships with clients. Where compliance around marketing data was once “outsourced”, the GDPR’s demands of those with “controller” status is shifting the onus back to clients. As agencies, we find ourselves increasingly occupied in helping clients understand where the risks are in terms of technologies, vendors and data ethics – whilst being careful to avoid our role over-extending into the provision of compliance itself.
4) Balancing the need for growth – Like many global advertising businesses, M&A is core to Dentsu’s growth strategy. Over 100 companies have joined our group in the past four years alone. Across, technology, process, governance and culture, the imperative is to ensure that these businesses (most of which are SMEs) are quickly integrated into a single data enterprise. It has not escaped our attention that Marriott’s impending £99 million fine from the UK ICO traces back to an acquired business.
Many CDOs reading will recognise the dilemma. We’re under pressure to stay on the data offensive, you will find us working in the CMO Suite or as a Growth Officer and our numbers are growing. I’ll confess, I’m more Joe Montana than Tedi Bruschi myself, but the GDPR is just one dimension of a sea- change in attitudes towards data that means that at every turn, those of us who are offense minded must continue working with peers who cover the data defensive.