Michelle: Is that only for those companies that have EU headquarters? Or is it for those who are doing business in the EU? What companies are really impacted and really starting to have to hire for this role?
David: That’s a good question. The hottest job right now in the European Union is the data protection officer. If you do a Google search, you’ll get numerous hits. But the point being is that the GDPR law is applied to any company that has European citizens within their database. So regardless of where you are on the planet, if you are marketing to European citizens, and you are a certain size, or a certain vertical, then you’re required to have a DPO on staff. In the case of Act-On, because we have a very large chunk of our customers in Europe, and we exceed 250 employees, then we will be required to nominate a data protection officer before May of next year.
Michelle: That’s interesting. Can that person reside anywhere in the world? Or do they have to reside in the EU?
David: It depends. It’s funny because I was just at the GDPR meeting last week in Brussels. And that example was at one of the session I sat in, where you had a multinational company within multiple countries within the European Union. And it was a very complex answer to a very complex question. The net/net is you should have one. Where that person actually sits, physically sits, I think is one of those things that will be determined based on how it’s managed moving forward once it’s rolled out. As most of these things do, they end up going back to legal teams for an opinion.
Michelle: Why is it needed?
David: Essentially, it’s sort of the ombudsperson, in terms of best practice adoption at the end of the day. Because out of the 99 articles in the GDPR and the 173 recitals, that’s a lot of heavy lifting as it relates to how you operate your digital business or your marketing business regardless of the law itself. I think it’s more of sort of a stopgap solution to ensure that you or anybody who’s required to follow GDPR is following it. And it’s one of those roles I think that will be matured over time. It sounds great in concept, but the reality is when it kicks off, we’ll see how that works.
So being able to manage through GDPR and certainly manage the requirements of GDPR is a massive undertaking. And it’s not necessarily just a business role. This role is really intended to be a very highly technically-oriented type person. So, you think about chief privacy officer. This person is gonna be more technically inclined, as well as business process inclined. They’re going to be able to talk the technical chops, as well as the business chops at the same time.
Michelle: How can someone think about this on the brighter side, making lemonade out of lemons? How do you think companies and marketers could really think about this DPO positively instead of thinking of it as a burden, or just a requirement that we have to adhere to?
David: I think it’s one of those things where you leverage the experience of the individual. The GDPR is a massive piece of legislation. And there’s nobody out there that can say, I fully understand. And this person’s going to be able to help facilitate the understanding of the GDPR within your organization. I see that as a benefit, not as a negative. Because you might find ways to do things better and more efficiently. And you might be able to find more sources of revenue, being able to leverage the experience of that individual in your future product marketing developments or product developments.
If we’re having the same conversation five years from now, while we have three or four years under our belt of this particular individual functioning within the company, I think you’ll find it’s gonna be very more fruitful than painful.
But there will be some initial bumps in the road like there always are when things go live. But I think ultimately leveraging that knowledge base is certainly something that is an advantage. And I see that person definitely joined to the hip with the marketing organization because everything begins when a customer is engaged as it relates to revenue and engagement. If I was a marketer, CMO of an organization, I’d be joined at the hip with that person because I think that’s got nothing but benefit to the overall function of that group of the organization.
Michelle: Where can people learn more? Or are there things outside of Act-On that people should really go to and learn more?
David: It depends where you are physically. Some countries are far ahead of others in terms of communicating GDPR notification. We have our GDPR hub, which is up and running now on our website. We’ll be posting a lot more information there as we get closer to the day. But every country is responsible for rolling this out. You’re going to see after the holidays a massive promotional push from the European Union in terms of getting ready for GDPR.
And feel free to reach out to us at email@example.com. That email will come directly to me. And I’m more than happy to steer you in the right direction.
Michelle: Thanks, David. Always insightful. It’s great being able to just talk through it.
David: Thank you. Good luck, everyone.