Half of marketers risk hefty fines for GDPR complacency

09 December 2022 Consultancy.uk

Many marketing firms are taking huge gambles at present, with more than five-in-ten resisting measures to manage consent from customers as to how their data should be used. While Consent Management Platforms are an essential part of complying with GDPR requirements – key to avoid huge fines – around half of firms either think implementing such systems is unnecessary, or suggest they would diminish their ability to create effective campaigns.

The General Data Protection Regulation (GDPR) consists of a number of rules for the (automatic) processing of personal data. This EU regulation forces companies to act more carefully and responsibly when dealing with personal data of customers, personnel or others – or face hefty fines. And unlike many other regulations of the last decade, the impact of GDPR has therefore been witnessed clearly and quickly, with data commissions across Europe proactively enforcing the regulations with multiple fines or threats of fines coming at regular intervals.

These fines have been aimed at companies of all sizes from SMEs to some of the largest companies in Europe. Some sectors have had to be on the front foot when it comes to ensuring compliance because of the highly sensitive nature of the data that resides within their infrastructure. However, despite the efforts in some sectors, others have stalled in their focus on data security. After the initial ‘panic’ that set in after the high-profile launch of GDPR, many companies have sat on their hands – partially due to a weakening of legislation which changed to state that companies only needed a plan of their plan, rather than to necessarily implement it.

Reasoning for not implementing a CMP

As a result, some companies have tended to sit back and put their heads in the sand about the increasing threat to data from cyber criminals and their own internal handling processes. Now, at the busiest time for online shopping in the year, a study commissioned by data consultancy fifty-five has found thousands of UK companies are potentially failing the consumers visiting these websites, when it comes to data protection. 

The survey of more than 500 marketers on YouGov revealed that 54% of firms in the sector have not established a Consent Management Platform (CMP). CMPs ensure consumers give consent for brands to store and use their data for tracking and marketing purposes. Brands cannot store data or market to customers if they haven’t provided a correctly administered pop up (or privacy notice), which requires active consent.  

But the study highlights either widespread confusion about CMPs, or a wilful avoidance of them by the majority of marketing operators. A 47% portion stated they did not believe their firm needed a CMP, while 9% said their business did not know how to create one – and a worrying 2% claimed CMPs that could bring them in line with GDPR requirements would actually hinder their ability to “acquire customers” or track the performance of campaigns.

Statements since implementing CMP

According to Richard Wheaton, a Managing Director at fifty-five, however, this attitude could in fact be holding marketing firms back from being more effective in their work. In a new era for digital marketing, many may be putting customers off from their services by their rigidity to change.

Wheaton explained, “A CMP correctly installed need not be overly onerous and it is crucial to work with the right experts to ensure continued consumer trust and compliant data gathering. Implementing a CMP effectively can minimise the impact on marketing and build more content-driven and profitable relationships with more privacy-focused consumers.”

Indeed, 43% of those with a CMP reported that their customers were happy they had implemented one, in comparison to only 15% who said they were unhappy with the inconvenience of pop-ups and privacy notices. This backs up recent research from Google and Ipsos, suggesting 43% of consumers would switch from their preferred brand to a second-choice brand, if the latter provided a good privacy experience.