Aren’t we supposed to be working together?

We’re half-way to the deadline of GDPR compliance …

And yet I don’t hear Privacy Groups discussing the risks of non-compliance in 1-to-1 marketing. I don’t see Digital Marketing Groups questioning the impact of GDPR compliance on their favourite 1-to-1 practices, either. Which is curious, because the EU definition of PII (Personally Identifiable Information) covers pretty much all uses of Customer Data for 1-to-1 marketing.

So, is GDPR already done and dusted? Or are they ignoring each other?

In my view, Governance Frameworks that don’t deal direct with Marketing are flawed. Here are two reasons why:


1: Marketing Communication isn’t what it used to be.

Marketing communication has changed a lot in the last few decades. And in a very positive way: better targeting has made it more effective.

We’ve gone from Mass Marketing through Versioning, to ABC marketing, onwards to Segmentation, beyond that to Marketing Automation to realise the vision of true, 1-to-1 Marketing. We’ve learned that more target groups means more work and that  beyond a certain point, returns diminish. Yes, it’s a tricky balance. We’re still a way from perfection.

But: marketing communications has also learned two things that work really well. One is personalisation; the other is customisation of content. When combined they deliver significantly increased results. There is simply no way that marketing communications will give these techniques up and go back to anonymous, one-size-fits-all messaging.

In practice, both personalisation and customisation rely on detailed and accurate information about the interests and needs of individual prospects and customers. In short, 1-to-1 Marketing relies on the sort of customer data that the new EU-GDPR classifies as PII (Personally Identifiable Information). So compliance is a top priority ‘must-do’.


Marketing Technology: acquisition and use.


Last century






physically, on Disk

virtually, via Internet


on PC

in the Cloud

Data Storage


at Vendor


approved by IT

chosen by Marketing


by Purchasing

online, Standard T&Cs


by Finance

direct from Marketing budget

User Support

via IT

via Vendor


checked by Privacy Officer

unknown to Privacy Officer?


2: Marketing isn’t what it was, either.

Thank goodness for that, too. Right up to the end of the last century, marketing had to go cap-in-hand to IT and almost beg for resources. Only to be told that Finance, HR and Sales all had higher priority.

After the arrival of the internet, customers went online. This triggered three big changes.

The first change was RoI. When online clicks and orders became measurable, CMOs could at last demonstrate a Return on Marketing Investment to the Board. And RoI translates into a convincing reason to have even more budget.

The second change is that marketing software went online, too. The extra budget was used to buy Cloud-based SaaS software to do even more online marketing. Specialised solutions that only marketing experts would get excited about*. Systems that promote, track and measure the customer’s preferences, behaviour and sales by processing data that EU law classifies as PII.

The third change is how Marketing buys that software. Signing up for a new SaaS system is often an online transaction that need not involve IT, purchasing or contracts. Or even finance, if the monthly fee can be paid via Chargecard. The reality is that – internal rules aside – marketing budget can be spent without reference to other departments. And quite often is.

Just to make it plain: the Marketing technology budget is now huge. According to Gartner Group, 2017 is the year when Marketing spend on technology is likely to exceed the IT department’s own budget.*


“Yes, CMOs Will Likely Spend More on Technology than CIOs by 2017”
Jake Sorofman, Gartner Group


Privacy and Governance: theory and practice

What’s privacy about? A marketer will probably say ‘customer behaviour’; a lawyer will probably answer ‘compliance’; an IT expert will probably mention ‘data protection and security’. The privacy officer will agree that each are right in their own way, and get them to work together at the governance table.

But if governance is about managing risk, then here’s a very real risk scenario:

  • the marketing department is probably using Cloud-based SaaS software
  • that is probably supplied by non-EU vendors
  • which handles data about EU customers
  • and exports it outside the EU for processing
  • using innovative techniques that do not necessarily conform to EU laws
  • … and other departments – including IT, Legal and the Privacy team – might not even know about it.

Scary. That risk needs to be evaluated and possibly plugged, by 25. May 2018.



So my questions are these:

  • is Marketing aware just how much of its EU customer data counts as PII and must comply with GDPR?
    (Pretty much all of it.)
  • does Governance rely on IT for a complete view of the systems that handle customer data?
    (Or does it also talk directly with digital marketing?)
  • is Marketing taking a pro-active role in the compliance and governance discussions?
    (Or is it waiting for the Privacy team to send an invitation?)



* Now, US-based software developers have some very, very innovative marketing ideas. But I’d argue that they can implement many of those novel techniques precisely because they have not – to date – been obliged to follow EU data privacy laws.

** Reccomended: “Yes, CMOs Will Likely Spend More on Technology than CIOs by 2017” (Gartner Blog Article)

Leave a Reply