Building on our December learnings, GDPR is a hot topic within many of our client companies and all companies right now – even if they are US based selling into either US locations or selling outside US.

The fines for non-compliance are heavy at 4% of global revenues per year and the risk of inability to sell/market in the European region on an ongoing basis.  Surprisingly, many companies are not putting much energy behind compliance of their data processes or systems.

What sometimes gets lost on the compliance penalty is the actual benefit of embarking on this project – for the first time, Marketers will have true intention indicated by relevant database prospects.  GDPR forces out the ‘great unwashed’ of disinterested prospects or non-relevant contacts.  Said differently, reporting from a Marketing viewpoint will be pinpoint accurate in the EU region or on EU affected records.  Never has there been a time with such Marketing measurement precision.

We’ve conducted nearly a dozen free diagnostic tests (let us know if you want one?) to benchmark performance for our clients on their databases and have a few observations on the GDPR projects and data results:

1. We see GDPR projects falling across two lines:
   • Part 1: prospecting part which impacts primarily systems and processes that are outbound oriented in nature (eg Marketing Automation, some aspects of Salesforce, and the processes that touch those)
   • Part 2: customer data which primarily impacts systems and processes that house or store customer level data (systems like Salesforce, Salesforce communities, and any other IT system that houses billing information or product information, etc.)

2. Every company is approaching GDPR differently organizationally
   • Usually the initiatives are marketing led initiatives for prospecting processes, IT led initiatives for customer processes
   • Legal is almost always involved regardless of the prospecting or customer aspect
   • Legal/Finance/IT are often funding the initiative that Marketing and/or Sales is executing

3. Benchmark data
   • We’re finding US companies with US focus surprisingly having some records in their database that would cause them to be in jeopardy of violating GDPR. We’ve seen upto 1% of the database contain GDPR records on our testing.
   • Of the non-US focused companies, we’re finding global SaaS companies having a 4% or more impact on overall database of records that would also be considered GDPR eligible.
   • We’re finding there are two levels of testing records – matched and unmatched records.  Unmatched records require a deeper investment to assess properly but statistically fall in line with matched records relative to the entire database.

4. What is less noticeable are records that are tabbed as GDPR records but are NOT in the EU but are owned by the EU.  These types of records are the ‘gotcha’ records so be careful!
   • Primary territory records (eg French Guiana – and others – owned by France)
   • Outermost territories (eg Aruba and others owned by Netherlends)
   • These kinds of records are not going to be as easily detected by automation systems and are the ‘gotcha’ type records.  Studying your record types and origins is important!

A prediction – I’d expect to see GDPR for US based companies in 2019.  We’ve seen the recent data issues with Facebook in the news, so expect to see more, not less, privacy regulation in the US.

What trends are you seeing in GDPR for your company?