With so many data-driven apps available, the digital world is an exciting one for marketers. But it’s not without threats and challenges.

Creative agencies are a target for cybercriminals, and consumer trust around data is plummeting faster than marketers realise. This is reflected in new, upcoming data protection regulations too.

The bottom line: you need to be thinking about data management. Not just to get compliant, but for innovation and your growth strategy too.

At Pensar, we’ve been working with marketing agencies from the start. Here’s what you need to know about managing your data in the modern world.

1. New regulations (and why you shouldn’t fear them)

Everyone’s heard about the upcoming GDPR and the updated PECR. And unfortunately, scaremongering around challenges have left marketers calling for clarity and businesses in operational paralysis.

But at the core, the new regulations are pretty straightforward. They just mean people have the right to:

  • Privacy, security and ownership of personal data collected by businesses.
  • A data profile that is accurate, relevant, necessary and justified for your job
  • Access all of the data you have about them in a nice neat file format
  • Take their data away from you, move it somewhere else, swap and change your access to it, or make you delete it all.

Marketers will have to rethink how they collect, store and process data to achieve compliance. But you shouldn’t see this as a huge task or insurmountable challenge. Instead, look at it as an opportunity to be proactive around security, make new business discoveries, and build a resilient data protection strategy.


2. Data audits are more valuable than you think

Reviewing and ‘cleaning’ your data across all channels - from spreadsheets to social media - is the first step to compliance. But data audits are important your business’ sake too. Why? Because bad data happens to all good marketers.

You’ll probably find some dodgy data somewhere, or you’ll find that you’re targeting people with wrong or irrelevant messaging which, as we know, is marketing suicide. But fear not, quality data and a 360-degree view of your customer are actually legitimate ways to get compliant. Win-win.

 New call-to-action

3. It’s all about people and processes 

Lots of modern companies are adopting ‘unified communications’ technology for data management. But this is really about people and processes. The point is, everyone has a digital identity and data is logged, categorised and accounted for on one secure platform.

This makes data sharing efficient and collaborative, and pulling off reports a breeze. But as everyone who processes data is accountable, make sure educate and train employees properly and get an IT security policy.


4. Getting a handle on access and permissions

Managers are often guilty of giving the whole team access to data, and don’t necessarily track where it is or who has it. This can leave you wide open to accidental data leaks or data breaches - especially in today’s increasingly mobile workforce.

Luckily, the GDPR promotes a stricter and more deliberate approach to information sharing and access. People should only have access to data they really need, and you should be able monitor data and grant or revoke permissions easily.


5. Advanced security measures are paramount

Security has always been important, and many of us feel we could be doing more. But now you need to do it. And prove that you're doing it.

We recommend getting certified with Cyber Security Essentials, which is backed by the government. This is a start, but eventually you’ll need to protect data comprehensively - whether it’s static, in transit or in a different location.


6. The changing rules of customer consent

New regulations only reflect public interest and the studies you already know about - people want brands that are upfront and honest about data, privacy and communications. This means there have been changes to how and when you collect consent from individuals:

  • Privacy and usage policiesAmbiguous or technical/legal jargon policies won't cut it under the GDPR – you'll need to write clear policies so your audience understand how you use their data. A pre-ticked box for consent is specifically banned under the GDPR, too.  
  • Marketing communications. To contact a prospect and use their data, you need to obtain a positive (opt-in), specific, informed, recent agreement. For e-marketing, we'd recommend double opt-in, where people actively tick an 'I agree' box, then give a second layer of confirmation via an email link.  
  • Marketing automation. This is still fine if you're honest about how you use automation, but a serious decision about a data subject cannot be made purely though automation - there needs to be some level of human intervention. 
  • Voice and video recordings. You need get proper consent first. But you can still record client interviews without it as long as you have a legitimate or contractual reason. 
  • Cookies and ad-retargeting. This can still be used, but again you’ll need to have a clear policy and get consent - people can opt-in and opt-out as they wish. 

Greater consumer power around data doesn’t mean you should sacrifice the effectiveness of your marketing strategy. Double opt-in actually improves your click-through rates, and new modes of consent set you up for more qualified leads while putting an end to chasing people who aren’t explicitly interested.


All in the mindset: a culture of compliance is the best the way forward

New regulations aren’t just about compliance. They are about setting the global bar for best practice, and encouraging a culture of trust, transparency and privacy round data management. This is perfectly achievable with a good partner on hand.

At this stage, you just need to prove you’re making steps towards a better data culture. And if you take an iterative approach and show some social responsibility now, you’ll earn trust and be more popular with prospects than your competitors.

New call-to-action

Data protection IT Security