The ‘leaders’ and ‘laggards’ of GDPR compliance

Those who have embraced compliance are already 'reaping the benefits,' according to a report from the CMO Council.


It has only been a handful of months since the European Union’s General Data Protection Regulation (GDPR) came into effect, but new research from the CMO Council shows the organizations that have embraced it have already started to “reap the benefits.”

The council’s GDPR: Impact and Opportunity report outlines the stark distinction between what it refers to as the “leaders,” on the one hand, and the “laggards” on the other.

Broadly speaking, the leaders have embraced GDPR as an opportunity to make organization-wide changes to their data strategies, enhancing the customer experience along the way, while the laggards have viewed the issue as belonging to someone else. For instance, 40% of respondents said they do not believe GDPR applies to their organization.

“The thing that surprised me a bit, to some degree… is how many marketers were really just happy to run as fast as they possibly could away from any sense of responsibility around GDPR compliance,” says Liz Miller, senior vice president of marketing at the CMO Council. In many cases, she believes that attitude was the result of a “fundamental misunderstanding of a lot of the nuances and loopholes” of a legislation that was “unintentionally complex.”

The report, conducted with SAP Customer Experience, was based on a survey of 227 senior marketing executives across global markets, 54% of which were from North America.

According to the report, exactly half of the respondents had a plan that was already being implemented to comply with GDPR at the time of the study. Meanwhile, 16% said they had “no plan in place” and 11% said they were not sure if a plan existed. Among those with a plan, many had handed that responsibility to one person (18%), while the majority (56%) had put in place a cross-functional team.

Although the CMO Council concluded its analysis within days of May 25 (the day of compliance), it became clear that many organizations had fully embraced the opportunity for change, says Miller. For example, 57% had already initiated a data audit – 30% had already completed it and 27% were on the path to completion. In comparison, less than 10% of laggards had executed or partially executed an audit.

Completing an audit has enabled some marketers to gain C-level operation support while transitioning into compliance, says Miller. As a result, “all those points that, at one point, could have been blocked by marketing’s view (because of operational and functional silos and politics) have started to become more transparent,” she says.

Among those with compliance taskforces, the leaders are those CMOs who have viewed their role as being the “ultimate advocate for the customer,” responsible for answering questions, such as what customers have come to expect from the organization.

Those who have embraced the challenge are already being rewarded with heightened levels of engagement and customer trust. For example, 43% of respondents said the changes have resulted in increased trust, and 25% said it has led to more engaged customers.

Looking ahead, Miller says now that May 25 has come and gone, companies will need to constantly evolve what compliance means, in order to meet the ever-changing nature of their relationships to customers and data. Looking at GDPR as a “single data that is static and already passed” would mean missing out on what the legislation is truly meant to do, which is to protect customers, she says.

Ways GDPR will impact customer experience

GDPR chart


Source: GDPR: Impact and Opportunity Report. CMO Council. 2018