Could you use GDPR to deepen your agency value and importance with clients?
Agencies may comply with GDPR from their own marketing perspective, but for those handling lots of data, is there a wider responsibility, or even an opportunity to set yourself apart?
Having led marketing functions of agencies through the implementation of GDPR in 2018, I felt that I was reasonably well acquainted with GDPR rules and guidance. Then I met Guy.
He’s got a very interesting agency background, and is a GDPR specialist. We talked about the opportunity for agencies to take a lead with GDPR guidance on campaigns, and how you could possibly use it as a differentiating factor for winning new business or to deepen your client relationships.
Here’s a few questions from our chat that I hope you find thought provoking.
Marketing departments are always under pressure and GDPR is another thing on the list. You believe there is an opportunity for agencies to help client side marketers grapple with this?
GDPR is still seen as a tedious box-ticking exercise that has rarely been thought about as a constructive part of running the marketing engine. Yet consumers’ loyalties are becoming shaped by how they perceive brands treat their personal data, and increasingly their custom is driven by their trust in how an organisation respects their privacy.
Marketers have no resource to help them understand the nuance and how to act on it; as their practitioners, agencies are their trusted partners who could be the white knight that helps them ensure not just that their marketing plans comply with the complexities of data protection law, but the way they engage with their audience transmits their commitment to respect their privacy.
So what responsibility do you think the agency has?
Firstly they may well fall into becoming a joint controller of personal data the client may pass to them (for example if they profile CRM databases to model for lookalikes or profile for tailored campaigns).
Even as a processor, they should understand that if a client’s campaign handles personal data unlawfully such that its subject raises a complaint, it will be their client’s brand that will be put under a possibly very public spotlight. Say a bought-in address list included data that was not lawfully acquired, and its subject complained when the client sent them some direct marketing material. The client isn’t necessarily liable under the GDPR, but it is their brand that could be making the news.
In this respect, the agency must be diligent to ensure that they never place their client at risk through unthinkingly processing personal data for them unlawfully, even if they are not liable for doing so.
So how can an agency use this as an opportunity to differentiate themselves?
Most agencies position themselves to be the specialist communication/marketing/advertising resource that brings their client’s vision and its strategy to life in the most expert and effective of hands.
So when you consider the purpose of marketing is to generate personal data for their client, then privacy should be inherent to every facet of how an agency operates, and be trusted to preserve and protect their client’s integrity in the way they process the personal data their work generates.
So as a trusted specialist to plan and deliver effective marketing campaigns, agencies could also be their client’s safe harbour for the personal data they will generate?
In a short answer, yes. Marketing is arguably one of the areas where an organisation is most exposed from a data protection point of view, yet it is often the least resourced legally, because all the issues it has to contend with tend to be potential or arising, to which their Counsel will point to the Privacy Policy and say they’re covered.
The trouble is that marketing is all about acquiring or generating personal data, and doing so lawfully needs careful attention. Acquiring personal data can mean suppliers offer every assurance they’re selling it lawfully, but if that’s not the case, it is the brand the consumer will take exception to, and whose reputation is at risk. Generating personal data through marketing is pitted with nuance, and recent EU case law shows how organisations can be liable, especially in digital, when their instinct was that their activities were well outside the scope of the GDPR.
The benefits of working with an agency who has this stance is that the client is intuitively reassured that in respect to their exposure to the pitfalls of data protection law, at least they know their communications strategy is in safe hands.
So effectively by building out their expertise in privacy marketing to clients, agencies could deepen their value and importance?
Absolutely. This could be done through running workshops, surgeries, thought pieces and guidance, all of which delivers value as you say, and consolidates the imperative nature of their service.