Data protection is a vast concern to consumers and businesses alike, and the General Data Protection Regulation (GDPR), which entered in force in May 2018, was a significant step in realising this.  

The GDPR is designed to protect and put structure around the way personal data is stored, handled, and processed. Much of what’s in the regulation had been around for a number of years, with different countries having different degrees of it, but GDPR brought it all together under a centralised regulation. We’ve certainly seen more awareness of people’s rights around their data since the GDPR came into force, so we know just how important it is. But how easy is GDPR implementation for large organisations, especially when done on a global level? 

As Global Director of Database Marketing at Salesforce, I was part of the team that headed up the GDPR implementation for Salesforce EMEA. It was an intensive project that had its challenges and is a continuous process. At Salesforce, we go beyond GDPR requirements. Why? Because we think it's best for the customer experience. Trust is our #1 value. It’s at the centre of all of our relationships. We value transparency and privacy when it comes to our customers’ data, as you can see from Trust.salesforce.com

Here are some insights and lessons learned from Salesforce’s implementation.   

 

The impact of GDPR: better value-based customer relationships

According to McKinsey, email beats social by 40x for customer acquisition. Indeed, Marketers, in general, would often use this tactic to engage with a large audience. GDPR contribute to add great value for the customer relationships: 

  • It refocuses businesses on building trusted relationships.

  • It forces businesses to examine how we handle customer data, and that in turn has an effect on marketing activities. 

  • It made better understanding your audience an essential requirement and accelerated the need for value-based customer relationships. 

  • It brought back an awareness about the importance of taking the time to understand customers and their interests, to really understand them. 


Rather than focusing on less personal, volume marketing, or ‘the numbers game’, businesses need to refocus on building trust relationships with their audience – something many may have forgotten. This is all the more true after the last year when the global landscape has been so uncertain. 

 

Achieving global GDPR implementation for large organisations

The GDPR implementation within Salesforce EMEA Marketing was undertaken by a task force that included almost every part of the business. It’s an ongoing, evolving process because as a values-led organisation we realise that our customers’ privacy, and our relationships with them, are crucial. 

While EMEA was the main focus, the implementation took a global approach, which brought its own challenges. For such a large and important project, it was essential that the project team stayed hyper-focused, organised, and catered for the needs and capacity of every different department involved. 

 

Best practices for global GDPR implementation

As with any project on this sort of scale, it’s vital that consultation throughout the business takes place. It can be easy to decide that all the ‘experts’ are in one place, the legal team, for example, and focus your efforts there. But by missing out on other areas of the business, you risk missing a wealth of valuable information. Think of all the customer and data touchpoints there are, and where they happen throughout the business. By accessing all of those areas you get a much greater understanding of the needs of your customers, and the most effective strategies.

The more different use cases you can develop at the start of a project, the better.  Doing this will let you define better and more robust policies, meaning less risk to the business, and, ultimately, a much better customer experience.

Data is key here, so make sure you really look at what the data is telling you. For GDPR implementation, and any project that relies on data, it’s important to have a good quality database, with excellent policies and procedures around data and customer information. 

 

Lessons learned from the GDPR implementation

While the practical implementation side was vital to our success, even more, important was the focus on perception and strengthening of values around building strong customer relationships that came out of it. It’s about finding the right balance between technology and education/training, something that, as an organisation, Salesforce strives to do on a daily basis. 

 

Looking forward

The lessons learned from the global implementation echo the results of the Salesforce sixth edition of the State of Marketing report. Made up of insights from thousands of successful senior marketers across the globe, the report revealed that marketers’ top three priorities are as follows:

  1. Innovating

  2. Engaging customers in real-time

  3. Complying with privacy regulations


What’s particularly interesting is that ‘complying with privacy regulations’ was a new entry to the top five priorities in 2020, showing just how important it is to businesses now. We know that customers demand a unified, relevant, personal journey when they work with us. Complying with the GDPR and being able to unify and securely handle their data, while sometimes challenging, is a huge factor in creating those customer journeys.
 

Survey result: Marketers and Privacy


Building and maintaining customer trust is essential, and properly handling their data is a large part of that. That’s why we’re seeing that the most successful marketers are going beyond the basic compliance with GDPR, and instead of looking to exceed the regulations. 

So what would be my number one takeaway from Salesforce’s global GDPR implementation? It’s simple, going into it with the right mindset was crucial for success. We needed to view it as being something we were putting in place to help customers as well as helping the business, not simply as a policy exercise.
 

Take this trailhead and learn about the General Data Protection Regulation (GDPR) and how to comply.