GDPR Should Be About Customer Trust, Not Just Compliance

By Ginger Conlon | 5.9.18

“We have a crisis of trust today,” SAP Hybris President Alex Atzberger said when kicking off SAP’s GDPR Roundtable, a half-day discussion on the General Data Protection Regulation and how it relates to customer experience (CX). And, he added, that crisis of trust impacts how customers interact with businesses.


It’s no wonder that the common theme throughout the event was this: Marketers who think of GDPR only in terms of compliance are missing a significant opportunity. That opportunity is to build and cement customer trust by giving customers transparency into and control of their data. “GDPR is not just about compliance and consent,” Atzberger said. “It’s about identity and profile. It’s about the notion: Do you trust the brands you do business with?”


That theme echoes the findings of a study by SAP Hybris and the CMO Council, which surveyed 165 senior marketers globally: 71 percent of respondents believe that GDPR will impact CX by increasing transparency into how companies are using customer data. But only 39 percent of respondents view GDPR as an opportunity to provide better customer experiences; and 37 percent see it as an avenue for building customer trust and loyalty.


Despite that disparity, 65 percent of marketers polled say GDPR is already impacting customer relationships primarily by heightening awareness around data and security issues; secondary, it’s helping to increase trust and increase customers’ expectations for improvements in personalization (tied at 40 percent).


Plus, more than half of respondents (56 percent) view GDPR as a responsibility to better protect customers’ data. And 30 percent see it as a call to action to overhaul their organization’s perspectives on customer data.


“Consumers don’t want relevance at any cost; they want transparency and control,” SAP/Gigya CEO Patrick Salyer said during the event. GDPR, he pointed out, is a direct result of consumer preference. “Think about trust as the new currency in our economy,” he added. “Everywhere you see GDRP, replace it with the word trust.”


So, is GDPR a business problem or a technology problem? Uh, yes

“Marketers are confused about what to prioritize [in terms of GDPR],” Liz Miller, SVP of marketing at CMO Council said during the event. “Many think it’s a technology problem. It’s actually a customer problem: If you have customers, you have a problem. You need to re-orchestrate your customer experience.” Miller recommends that marketers use GDPR as a “fulcrum” to work with IT, operations, sales, and the like to do so.


The reality is GDPR is a business problem and a technology problem, so GDPR compliance requires a partnership across the organization. “Marketers can’t do GDPR on their own,” Salyer said. Organizations have to connect customer data from the front and back office, he added. That data doesn’t need to reside in one warehouse; it just needs to be tied together in a way that allows it to be view holistically and easily updated across the organization.


Although many marketers have become the de facto “owners” of GDPR because of its focus on customer data, the reality is, “we all own it,” said Mika Yamamoto, SAP’s Chief Digital Marketing Officer. At SAP, for example, legal interprets GDPR on the company’s behalf, IT tackles the supporting systems, marketing enablement helps customer-facing teams with what they need to do differently as a result of GDPR, enterprise analytics recommends actions and track results, and the CFO is the executive sponsor of GDPR-related changes the company is making.


The goal of tackling GDPR, Yamamoto said, should be to provide a simplified, exceptional customer experience; not just to check off compliance boxes. “To do this” she said, “all parties have to be involved and bought in.”


According to the SAP Hybris/CMO Council study, not all marketers see the potential benefits, or necessity, of GDPR. About a quarter of respondents haven’t developed a GDPR compliance strategy yet; of those, 42 percent don’t believe the regulation applies to them. Perhaps not. But as GDPR raises the customer experience bar — and with it, customers’ expectations — companies that don’t at least apply its approaches to collecting and using customer data will quickly become customer experience laggards.


“The companies that are just getting started with GDPR haven’t been reading enough and haven’t been taking it seriously enough,” SAP CMO Alicia Tillman said. It’s only now that some companies are beginning to assemble a plan, she added, which could impact the trust consumers will put in them.


“[GDPR] gives us the opportunity to step up as a profession,” Yamamoto said. “We [as marketers] are stewards of customer data…. The priority should be building customer trust through providing transparency and control of data. We need to take the opportunity to raise the bar with how we’re driving customer experiences…and earning trust. Regulation aside, it’s the right thing to do.”



About a quarter of respondents to the SAP Hybris/CMO Council study say GDPR will help simplify “how they speak with customers about where, how, and why

they wish to collect and leverage” their data. In this time of increasingly digital interactions, privacy concerns, and heightened customer expectations, this

is imperative.


“We’re moving to a first-party permission-based world,” SAP/Gigya’s Salyer said. More and more companies now have the opportunity to build direct relationships with consumers. In doing so, he said, they need to find ways to deliver value at scale in return for customer data. Companies that do, he added, will have the advantage going forward.


“Driving an exceptional CX and GDPR are inextricably linked,” Yamamoto said.


All of the speakers emphasized that the GDPR/CX connection is another important reason why marketers must understand GDPR and how they need to change their operations to support it. “As you go through this learning process,” Tillman said, “think about how you can embrace GDPR; how you can look at it beyond compliance and instead as a way to build customer trust and create dynamic experiences.”


And do it now.


“For those marketers who think there’s time…it’s not a five-year project,” CMO Council’s Miller said. “There are companies that are GDPR compliant and that are already delivering exceptional customer experiences.... It’s now table stakes. Your time is up.”


Wrapping up the event, Salyer reiterated the day’s main call to action: Think beyond GPDR as a compliance hurdle; consider it an opportunity to build customer trust and enhance the customer experience. “Consumers want personalization and relevance, they just want it in a controlled way,” he said. “You can see GDPR as a carrot or a stick. If you see it as a stick, you’re missing the point.”

Ready to get started on GDPR? Read "GDPR Is Looming. Here's Your To-Do List" next.

About the Author

Ginger Conlon, chief editor and marketing alchemist at MKTGinsight, catalyzes change in marketing organizations. She is a frequent speaker on marketing and customer experience, and serves in advisory or leadership roles for several industry organizations. Ginger was honored with a Silver Apple lifetime achievement award for her contributions to the marketing industry.

Find her at @customeralchemy and on LinkedIn.