Nearly one in two companies will not be ready, its research suggests. One in four has yet to start preparations. The DMA figures show that awareness is 96%, so it's not like the new regulations are a surprise and throughout last year its polling suggesting companies were increasingly realising which parts of their operations would be impacted.
Interestingly, the message has come across that GDPR will happen in the UK regardless of what happens with the Brexit negotiations -- more than nine in ten marketers concur that the law changes are an inevitability. I blogged the other day, in fact, how the Conservative manifesto talks of a new privacy law post Brexit, should the ruling party be re-elected. While it will most definitely start out as GDPR when it becomes law next May, it will definitely be UK law after Brexit, but perhaps with a different name to make it look more British and less Brussels.
The warnings are easy to make. Nearly half of all companies, and particularly the quarter who haven't started a plan yet, could be at risk of massive fine for non compliance. If fines of up to 4% of global turnover don't make you sit up and take notice than it's hard to know what might.
Well, actually, maybe the Information Commissioner has a point? Elizabeth Denham mixed the usual warnings of dire consequences yesterday with a statement that also referred to the carrot, and not just the stick, of GDPR implementation. She summed it ups as compliance being good for business.
There's not a lot fleshed out in what the benefits are. There's the obvious one of avoiding a 4% of global turnover fine, which must surely help the CIO and CMO sleep better at night.
However, that's not everything. I've blogged before that new compliance rules are never universally welcomed without hesitation. However, with GDPR I firmly still believe many brands will put on a brave face and use repermissioning campaigns as a new way to connect with customers.
To be clear, you can only now email customers if they have given clear, informed and free consent for you to do so. There's no mission creep either. If another part of the business wants to piggy back on another's list, they're going to need permission.
So, the rules are tougher but repermissioning can easily be portrayed as brands taking time to think more about their customers, seeking permission to keep on chatting to make sure they get the right info. Permission centres will pop up with increased regularity to help consumers tell a brand what they want hear about and, crucially, what they don't. The whole thing could easily be set up as a VIP Shopper club. Brands will tell people they will have access to the latest deals and discounts so long as they tick to say yes to emails.
However it's presented, it going to be a pain to do but it's has the potential to deepen trust between companies and their email list subscribers. Many will be worried about lists shrinking for the very good reason, they will. But that's not the end of the world. If people don't respond to invitations to reappraise what they want to hear from you, the chances are you're removing subscribers who've moved on, changed address or simply aren't that in to you. A heavy spring cleaning of such people can only improve the quality of your lists.
GDPR would not be the kind of initiative email marketers would vote for but it's happening. Those who will do best are those who frame the new law as an opportunity, rather than a threat they can avoid and then hope to keep their head down and not get noticed.
For the one in two companies who believe they won't be ready, there really is no time to spare. Maybe the carrot message is what's needed here, after years of stick? Maybe VIP Shopper clubs and smaller, better-performing lists are the plus points we need to look at, and not just the massive fines?