Chief Commercial Officer, MPP Global
Companies are preparing for GDPR and the post-GDPR era. With a clear disruption in order of business, it’s time to envision the strategy to ensure that marketing and sales teams are equally prepared for the new state in the tech industry. To better understand the impact of GDPR on the B2B and B2C data marketing companies and how budgeting would be crucial in this battle, we spoke to Julian Morelis, Chief Commercial Officer at MPP Global.
Tell us about your role at MPP Global and how you got here.
I serve as the Chief Commercial Officer at MPP Global and I have been with the company for just over four years. I started off my journey at MPP Global as the Vice President of Channel & Strategic Alliances and progressed to this role within a year of starting. My remit covers sales, marketing, product, account management, channel and client experience.
How should brands prepare for the post-GDPR era? How would MPP Global’s latest survey help companies to sail through the disruption?
Brands should be preparing for GDPR by implementing the following disciplines:
- Establishing and implementing a risk committee
- Appointing a Data Protection Officer
- Conducting in-depth audits of all systems, applications, databases and third-party suppliers that would come within scope of GDPR compliance
- Sourcing third-party GDPR specialists to conduct in-depth GDPR readiness assessments on their business
- Achieving compliance with GDPR codes of conduct yet-to-be published by the Supervisory Authority
- Achieving certification with yet-to-be published certification bodies that are recognized by the Supervisory Authority
Why is there so much confusion on GDPR?
The GDPR framework is highly complex, as it caters to PII data that can be used in many different ways to commercially target and engage data subjects. It is also very new and there are many areas that still need to be properly defined over the coming months. Keep an eye out for the latest developments from the Article 29 Working Party Guidance.
Would GDPR affect B2B and B2C data marketing companies equally?
Yes, GDPR would apply to any company collecting PII data for professional or commercial purposes aimed at B2B or B2C customers located in the EU, regardless of whether or not the products or services are linked to a payment. GDPR even extends to include companies based outside of the EU that actively sell to businesses or customers located within the EU. An example of this, for instance, is a business located in the US that provides goods or services in:
- EU languages,
- EU currencies
- Or advertises to EU based companies and/or EU based customers.
GDPR doesn’t apply to:
- Identifiable information related to a business,
- A deceased person, or
- The processing of PII data by an individual purely for the purpose of personal or household activity and therefore not connected to a professional or commercial related activity.
Companies are setting aside anywhere between $1k and $10k for GDPR? Which areas would that budget be capitalized in?
Investment in any infrastructure required to become GDPR compliant could potentially be capitalized. Training is also a key investment requirement under the GDPR.
Why was GDPR really necessary given the kind of technologies we have to prevent data breaches?
GDPR was initiated because of the inconsistency in the interpretation, implementation and application of the current EU Data Protection Directive, as well as the rapid development of technology facilitating the large-scale collection and sharing of personally identifiable information (or PII data), together with the fact that customers are more willing to provide their PII data in order to receive a tailored or personalized service.
GDPR will also create a safe and secure framework that protects the rights of customers, which includes the right to:
- Be informed prior to collection of PII data,
- Access and change their details,
- Be forgotten,
- Transfer their information and
- Be informed of a breach.
The obligation on businesses will be to:
- Only collect PII data that is reasonably required to deliver the product or service being provided to the customer
- Only retain the PII data as long as is necessary to deliver such products or services
- Avoid collecting unnecessary sensitive information like racial origin, religious belief, sexual orientation, political viewpoints, medical conditions, etc.
- Treat PII data relating to children as sensitive
GDPR aims to drive economic development by allowing the free movement of PII data within the EU and therefore:
- Those companies that are willing to embrace this new framework and are prepared to operate in a diligent and responsible manner when providing products or services to customers living within the EU will benefit from this;
- Those businesses that do not embrace the GDPR framework and act negligently or recklessly will face fines of up to 20 million euros or 4 percent of annual group revenue.
Would GDPR affect the US-based companies with no direct connection with EU operations? If yes, please elaborate.
No, as long as these US companies are not actively targeting, selling or providing services to data subjects residing within the EU.
Which companies would be greatly affected by GDPR?
Companies that use AI, ML and other technologies facilitating the large-scale collection and sharing of PII data in order to deliver their product or service being provided to EU customers will be greatly affected by GDPR.
Apart from penalties levied by the regulators, what would be the impact of non-compliance on brands?
Data breaches could result in:
- Reputational and business risk of public notifications,
- Fines of 4 percent of group revenue or 20 million euros, whichever is greater and/or
How would AI/ML rescue companies from GDPR? Which companies are best placed to manage their GDPR strategies?
Initial reviews would suggest that AI/ML would add to the complexity of GDPR rather that rescue companies from it, however it is still very early, so time will tell.
Thanks for chatting with us, Julian.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org