Marketers looking to succeed in a privacy-first world can no longer afford to overlook the role that data protection officers (DPOs) and legal advisors have to play.
Picture the scenario: You’ve spent months on a product launch. You get to the final hurdle, and your legal team comes in at the last minute with concerns about data usage that put the business at risk and cause you to miss your deadline — or worse, cancel the launch altogether.
Sound familiar? It’s really frustrating. But at the same time, it’s frustrating for your legal team. There’s nothing a lawyer dislikes more than hearing: “We want to launch this tomorrow, is that okay?”
Data privacy and compliance have never been hotter topics. The size of data protection fines on the table has transformed this into a board-level issue. Customers and regulators are increasingly interested in how personal data are used in advertising, whilst privacy-driven ecosystem changes like third party cookie deprecation are rapidly approaching, risking performance drop-offs for marketers who don't get ready now.
The combination of financial and brand risk with potential impacts on how advertising campaigns are run and measured means this can be challenging for marketers to navigate.
The key to smoothing this journey is to proactively forge stronger relationships between marketing and the teams responsible for privacy compliance. Here are three ways that marketers can succeed:
- Set up a technical review with legal and/or your DPO team during a project’s infancy
- Ensure all teams have the same shared vision
- Understand privacy yourself — it’s multidisciplinary now
Good timing is everything
Marketers today know how important privacy compliance is. They’re dealing with people’s data and want to do the right thing by their customers. But last-minute compliance issues can occur when marketing and legal teams aren’t properly synced, potentially wasting many hours of planning and engineering work.
In other words, legal teams need time. Time to set up their own technical review and analysis, to understand how a product really works, and to give an early steer on any potential issues.
That’s because the advice legal teams give frequently involves a lot more than: “add another piece of legal text here.” A successful launch could rely on something more fundamental than that — like building in a mechanism to delete a user’s data once it is no longer required, for example.
Gareth Burkhill-Howarth is global data protection officer at marketing and communications company WPP. He believes cross-discipline knowledge and collaboration on privacy considerations are vital to identifying any issues early on.
He says: “Our clients expect the people they're working with on a day-to-day basis to be able to talk confidently about privacy and to raise concerns, or to be able to demonstrate that they're thinking about it early in the design process, and right through the life cycle of a project.”
Privacy is a two-way street
To appreciate legal input, marketers need to appreciate legal thought processes. It's not about trying to understand what may seem like impenetrable legalese — it's about understanding the key issues that keep your legal counterpart up at night.
But information flow is critical in both directions. As we’ve seen, rarely is a privacy decision purely a legal call. It can be a decision that impacts brand, consumer trust, and business objectives as well. When it comes to common issues, many difficulties we see stem from a lack of shared vision. Maintaining a singular focus based on clear privacy principles takes time. But it ultimately prevents different teams working on ideas where strategies may clash.
The two functions have to be able to talk the same language. Legal teams equally need to understand marketing objectives, and why in a changing technological landscape it’s crucial for the business to adopt privacy-based tools — such as Consent mode — to forge better customer relationships and drive performance. This mutual understanding makes it clearer for teams to work towards a common goal.
Burkhill-Howarth explains that he’s able to work through challenges with teams and clients by having a more holistic perspective across WPP. He says: “Understanding the business, particularly in large organisations, is just as important as understanding the regulations around privacy.”
Privacy is a team game now
Clients are also making privacy a priority. “We [privacy teams] are now often part of the pitch process; there are more questions than there ever were around how we approach privacy and data protection,” says Burkhill-Howarth.
He adds: “The C-suite recognises that privacy culture and practices across the business all contribute to the compelling offer to clients. Gone are the days where privacy was the preserve of the legal team. Everyone needs to know about it.”
Across an organisation, everyone needs to ensure they have at least a base level understanding of privacy issues — and teams such as Burkhill-Howarth’s are in prime position to help bridge that gap.
In recent years, Data Protection Officers (DPOs) have come to play a critical role in bringing marketing and legal teams together. The advent of the GDPR was a ‘ramping up’ point for DPOs — the point at which privacy became a concern that could really impact a company’s bottom line.
Now, when an organisation hires for a DPO role, they should look for someone to own privacy compliance and be able to look beyond just compliance too. A good DPO should be educating and training people across the business on how to use data responsibly and effectively.
Burkhill-Howarth educates teams and clients through regular communications and privacy events, where all stakeholders can meet to discuss privacy matters. Interest in these events has grown exponentially in just a few years.
“People want to know about this, because it’s relevant to them,” he says.
Joining forces, driving results
Businesses must forget all talk of working towards a privacy-safe ‘future’. The time to tackle privacy as a team sport is now. And collaboration is critical to deliver better privacy. Ask yourself:
- Is your legal team and DPO adequately resourced?
- Do they understand your marketing objectives and the tools and approaches you want to implement?
- Do you understand the privacy issues potentially at play?
Legal teams can bring the critical insights to ensure that compliance doesn’t come at the cost of performance. Marketing can bring the creative thinking needed for communicating in a cookieless world. And the DPO can strengthen this relationship, driven by a robust knowledge of overarching business needs.
Burkhill-Howarth explains: “Through ingraining privacy in the culture of the business, they can get people to talk about it, and not be afraid to ask questions. You’re creating a culture of openness around privacy.”
The more closely these functions work together, the more readily they can prepare for any future, upcoming regulation.