Thank you for reading this. If you would like alerts about my future posts please enter your email address in the ‘Subscribe to Marketing Insights’ in the right-hand column.
Perhaps also connect with me on Twitter Linkedin Instagram Youtube or in our weekly chat in the SOSTAC® Plans Club in the Clubhouse App on Fridays at 1pm.
—
The General Data Protection Regulations (GDPR) is a great opportunity, if you work with it. It is also, however, a threat, if you dare to ignore it. You’ve only got until 25th May 2018 before it is fully applicable in the EU and elsewhere. We are using the popular SOSTAC ® Planning framework to help you to plan and embed your own GDPR. Part 1 explored what it is GDPR and why organisations and customers need it.
In Part 2, we will look at setting a clear GDPR ‘Objective’ and also a crystal clear strategy to help you to embed GDPR. Part 3 will explore Tactics, Action & Control (the final sections of a SOSTAC® Plan).
OBJECTIVES
SOSTAC® Planning Framework
Objectives
To be GDPR compliant within 12 months.
To protect customers, enquirers and visitors personal data & to only use it for legitimate purposes.
This is a major challenge and 12 months is deemed to be unrealistic by many experts. It might take 2 years. Be prepared.
Data Technology means GDPR is required more than ever before
Strategy
SOSTAC® Planning Framework
Strategy
Change the Culture/Attitude Towards Data (from C Suite across the whole business)
Improve Data Management, Data Understanding & the Customer Experience (CX) simultaneously.
Start managing data much more seriously. Manage data better, quicker, faster and with far better security. Adhere to GDPR Guidelines within 12 months by appointing a data controller, initiate training, testing and reporting using a budget of £xyz. Adding GDPR audits to board agendae.
Ensure the Board understand that data is now the world’s most valuable resource, or as the Economist front cover stated: ‘The world’s most valuable resource is no longer oil, but data’ (6 May 2017). Hence it has to be managed more carefully. In fact, competitive advantage can be carved out of clever use of data (just look at how both Uber and Air BnB use data to reduce the customer’s cognitive load, reduce prices, grow margins and establish an extremely competitive business). Watch Amazon & AliBaba use data to relentlessly improve the CX and thus create massive competitive advantage.
Build a Data Protection Culture. Cultural change is critical. Attitudes to personal data must change. Personal data is a new currency. Training is not mandatory (well it is! But think of it like ‘Training is an opportunity’). Embracing GDPR requires a cultural change. Michael winner once said that a ‘£60 fine for driving in a bus lane was very good value’ (source: Ruairi Thomas MD, DST Systems). So how do you stop people thinking that GDPR fines might be cheaper than changing the whole culture of the business into a customer-centric, customer caring, & data protecting – type of organisation? GDPR is indeed an opportunity, but equally, it requires a change in culture.
Build a data protection culture
Become transparent. The whole organisation must become transparent regarding collection and use of data and be accountable.
GDPR has a cost but also brings an opportunity for a better Customer Experience (CX) – which, in the long term, means better business.
Part 3 will explore Tactics , Action & Control – the remaining sections of a SOSTAC ® Plan.
PR Smith’s SOSTAC® Planning Framework
|
Powers Of Observation: Two goldfish in a fishbowl one says “it’s wet in here” the other says “wow, a talking goldfish”. Are some organisations fully observant as to what is happening with this new GDPR? Ruairi Thomas |
If you enjoyed this you might also enjoy:
Part 1 GDPR: Opportunity to Boost CX or a Threat of Closure?
Part 3 GDPR: Tactics, Action & Control
How Trump Won by analysing data to deliver extremely relevant and highly targeted messages that worked.
How To Write The Perfect Plan in 4 minutes using the SOSTAC ® Planning Framework (4 min. video)
References
Armstrong, Jonathan (2017) Cordery: ‘All you need to know about GDPR but were too afraid to ask’, GDPR Conference Europe, 27 Apr
Cameron, Gareth (2017) ICO: ‘The pathway to implementation’, GDPR Conference Europe, 27 Apr
Kolah, Ardi (2017) Henley Business School: Sizing the risk – carrying out a data protection impact assessment Lite
Miller, Nigel (2017) Fox Williams: Individuals’ Rights Under The GDPR, GDPR Conference Europe, 27 Apr
Smith, PR (2017) SOSTAC® Guide to your perfect digital marketing plan
SOSTAC® Portal for SOSTAC® Certified Planners
Thanks to
Ardi Kolah, Executive Fellow & Programme Co-Director, GDPR Transition Programme, Henley Business school, University of Reading.
Nick James, CEO of Amplified Business Content, hosts of GDPR Europe Conference
Ruairi Thomas, MD, DST Systems for the gold-fish observation!
GDPR will be regulated, non compliance will incur substantial financial penalties. As this in now mandatory, organizations should grasp the opportunity to not only implement compliant processes and systems but go one step further and select a system, with minimal incremental cost, that meets all GDPR criteria but is also a value added sales and communications tool. Check out Moxtra.
I had a look at Moxtra.com – it looks very interesting, Philip. Gartner seem to like it too! Not fully clear though – how does it adhere to GDPR? e.g. Does it replace using more vulnerable standard email systems by encrypting every email? If yes, can non-Moxtra people e.g. customers – use it?
Yes, with Moxtra, you can replace your email with a secure messaging system. And, yes, customers, can use it. Furthermore, Moxtra is an embeddable technology which means it can be put inside another product to add functionality or to supplement existing functionality. On the broader GDPR tenets, Moxtra supports the central concept of digital consent, authenticated audit trails where required, and, also, implementation of “right to forget” rules when requested.