GDPR isn't just an issue for your marketing department. Every business unit in your organization needs to be mindful of how they're collecting and using customer data. Companies that fail to prepare for these new privacy laws will end up as the weak link in their organization's supply chain and will put critical business relationships at risk. Forrester notes some situations that many companies may not have considered.
- Data processors bear joint liability, so they won't work with you if you aren't compliant. This includes vendors like cloud service providers, marketing technology vendors, agencies, and more. If your firm fails to collect, manage, and handle European subject data in accordance with GDPR and ePrivacy, why should they expose themselves to a massive fine in order to win your business? Many of these vendors are already on the path to GDPR readiness themselves, and as they hire data protection officers (DPOs) and run their privacy impact assessments (PIAs) they'll be reevaluating their risk tolerance as it relates to clients, too.
- And if you're a non-compliant data controller or data processor? Prepare to lose most of your multinational customers. These clients simply won't have the luxury of choosing whichever vendor they prefer anymore — their DPOs and CISOs are going to require that every vendor that comes in contact with any customer data — from device IDs to social security numbers — is compliant with GDPR and ePrivacy. The requirements will be written into every RFI and RFP by the end of this year, and your firm better be able to check that box (pun intended!).
Firms that don't prepare will be the weak link in their organization's supply chain, and will put critical business relationships at risk. Don't let your company be one of these weak links! It's only a matter of time before these kinds of regulations protecting the customer become truly global. Get ahead of the curve and become fully compliant now.
Eric V. Holtzclaw is Chief Strategist of PossibleNOW. He's a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. His book with Wiley Publishing on consumer behavior - Laddering: Unlocking the Potential of Consumer Behavior - hit bookstores in the summer of 2013. Eric helps strategically guide companies with the implementation of enterprise-wide preference management solutions.
Labels: customer data, data protection officers, ePrivacy, European subject data, GDPR, marketing, privacy impact assessments, privacy laws, RFI, RFP, supply chain