Marketers at risk of hefty fines for breaching GDPR rules

gdpr-Image by Mohamed Hassan from Pixabay

Confusion over Consent Management Platforms (CMPs) is leaving businesses at risk of receiving hefty five-figure fines from the Information Commissioners’ Office for breaching GDPR rules.

GDPR rules

That’s according to new research commissioned by data company fifty-five. The survey of over 500 marketers revealed the majority (54%) haven’t set up a Consent Management Platform, or CMP, which is critical for managing consent in line with legal requirements. 

Some 47% say they do not need one, potentially putting their business at risk if they are not otherwise meeting the complex needs.

CMPs ensure consumers give consent for brands to store and use their data for tracking and marketing purposes. 

Brands cannot store data or market to customers if they haven’t provided a correctly administered pop up (or privacy notice), which requires active consent.

However, the study highlights widespread confusion about this mainstay of the increasingly privacy-first internet. Of those surveyed who have a CMP in place, 37% agreed the complexity of regulations and policies is confusing.

More than a quarter of all marketing managers surveyed (27%) admit they are not sure who was responsible for its implementation. 31% think senior leadership are responsible and only 16% thought it fell to the marketing department, despite marketers having most use for the information collected. Six per cent said the legal team is responsible, focusing on the compliance elements of a CMP.

Misplaced confidence

For those who hadn’t implemented a consent management platform (CMP) there seemed to be a degree of potentially misplaced confidence about their reasons for not doing so. 

Nearly half (47%) said their business didn’t think it was necessary and 29% were confident their business was compliant as it was.

According to Richard Wheaton, Managing Director at fifty-five: “We are in a new era for digital marketing and it is imperative that marketers act to fully ensure compliance with the law. 

“Our study shows a majority of businesses have failed to implement one and this is concerning. A large part of the confusion stems from not understanding who has primary responsibility. 

“However, confusion about complexity is not an excuse. Marketers as the brand communication owners must ensure they comply.”

Alongside widespread confusion, marketers are concerned about the impact implementing an CMP could have on their results and reporting. Of those who have implemented CMP, nearly three in 10 (28%) said it had impacted marketing’s ability to win customers, increasing to 35% of large businesses. 

Meanwhile 17% admitted they were confused about what to do in respect to data collection for website visitors.

With 43% reporting that their customers were happy they had implemented a CMP, in comparison to only 15 per cent said they were unhappy with the inconvenience of pop-ups and privacy notices. 

Brands that provide a better privacy experience will benefit from increased trust and enhanced customer loyalty, which is crucial in a deteriorating economy, while a recent study found that 43% of consumers said they would switch from their preferred brand to a second-choice brand if the latter provided a good privacy experience.

On the back of these findings fifty-five is warning brands that they must adapt to the new era to remain relevant for privacy-concerned consumers. 

Those that don’t risk going out of business in a tougher economic climate.

Wheaton continued: “A CMP correctly installed need not be overly onerous and it is crucial to work with the right experts to ensure continued consumer trust and compliant data gathering.

“Implementing a CMP effectively can minimise the impact on marketing and build more content-driven and profitable relationships with more privacy-focused consumers.”