In the last months, there’s been a scramble, says Bear Analytics CEO Joe Colangelo, as organizations and companies that do business with the European Union have focused on making sure that their internal data practices were positioned to comply with the EU’s General Data Protection Regulation (GDPR), which went into effect May 25.
Bear Analytics’ clients, which include event producers, trade associations, and professional societies, were no exception, Colangelo said. And during the months when the deadline for the new data privacy, reporting, and transparency standards loomed, “that’s been the right way to look at it,” he added. But there’s a larger discussion that was lost in the run-up to the deadline, Colangelo said. And that is: “Let’s talk about how GDPR is actually going to help all of us.”
‘Not All Bad News Bears’
In the race to the compliance deadline, Colangelo said, no one was really talking about the opportunities that the new regulations could offer. “I totally get it,” he said, but the GDPR is “not all Bad News Bears.” Once they get over the compliance hurdles, Colangelo predicted, people are going to start shifting focus and seeing positive effects. “I think, in particular,” he said, the trade association, membership-based community is really going see some benefits from this type of legislation.”
Prominent among them is increased data security, Colangelo said. GDPR requires that organizations inform those who are in their databases when there has been a breach of data within 72 hours after it has occurred. “Seventy-two hours is a ridiculously short amount of time,” Colangelo noted. “But we all have to go through the exercise now where we actually have a plan in place. Before we had to have these discussions, not too many people had a data fire drill. Everybody thought — ‘Oh, data breaches, that’s an IT issue.’ Now the accountability of an organization and the discussion is a bit broader.”
[pullquote]We’re in an accountability environment — maybe for the first time.[/pullquote]
The biggest impact for event professionals and organizations that run large events is going to be the requirement that they map all their data, accounting for “their different repositories of information,” he said. “We’re in an accountability environment — maybe for the first time, from an event standpoint.”
A second pillar in the GDPR is transparency about how data will be used. For data regulated by the GDPR, Colangelo said, “You can no longer say, ‘Hey, check this box, and your data is going to be utilized according to our terms of service’ — and then somewhere else you’re going to see the actual term of service buried on the 50th page of their website.”
The law requires organizations to provide a clear and complete description of all the ways that data will be used, he added, whether for marketing, for analysis, or to be sold to a third party. One of the impacts of that requirement is that people will be able to judge for themselves whether they see value in an organization having their information and using it in the way they describe, Colangelo said. “If they don’t, you haven’t made a strong enough pitch or your argument isn’t compelling enough for someone to say: ‘Go ahead, do that with my information.’”
Data will become more valuable, not only to individuals but to organizations and companies, Colangelo said. “If you’re an EU citizen, now every time you have to write in your first name and last name and an email address, somebody has to tell you what they’re doing with that data. So, no matter what, you’re going to go, ‘Hmm. is this something I want to have happen?’ Because you have to check that box.
“The other thing I think we just opened up to, is the actual value of the information that you have from people is now higher,” Colangelo said. “People are going to start thinking about their events in terms of lists where people are actually saying: ‘Market to me.’ So, the size of the lists are going to go down, but the value of those lists, and the value of each person on them, is going to go up. For sure.”
‘Imagine a Future’
It remains to be seen whether global companies will create new data policies for all of their contacts that are GDPR-compliant, or segment their lists, creating one set of policies for EU contacts and another for non-EU, he said. But “imagine a future, where people are only getting communications that they’ve opted into, so, in theory, only emails that they want to see. Then you actually start moving away from having a shorter attention span to having a longer one. I’m getting fewer emails, but the emails I’m getting are more meaningful to me. The long-term consequences of this can really be ground-shifting.”
[pullquote]Internal data practices…are just going to be so much better.[/pullquote]
The prevailing attitude toward email in the U.S. has been: “We’re just going to keep getting a ton of terrible emails and it’s only going to increase,” he said. Also: “Your email is out there for anybody to hack.” But if a new way of thinking about data took hold, he said, “we could see an environment where emails matter more, and there’s less spam.” Or no spam at all. At the least, “the spammers are going to stand out so much more,” he said. “And internal data practices, from a human standpoint, are just going to be so much better than they are today. And that’s going to change the user experience.”