'Next Time We’ll Do Better': How to prepare for regulation

The introduction of GDPR in May caught many businesses off guard, with some withdrawing entirely from Europe rather than becoming compliant. More regulation is on the way as the online space matures. Here’s how to prepare.

The D-Date for GDPR has come and gone. While we’re ready for the new policy to cause havoc in the space post-implementation, most of the industry is breathing a sigh of relief and saying, “finally.”

But don’t get too comfortable. More policy changes are imminent. The ePrivacy regulation, which specifically pertains to electronic communications, is expected to release soon in Europe. In the states, Senate Democrats recently proposed the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. This bill would place new constraints on data collection for online services.

Mandatory regulations like GDPR are valuable, but they also distract organizations from their business objectives. For many, GDPR was an “all hands-on deck” scenario, which meant companies had to delay projects and revenue-generating activities, and senior level officials were strapped overseeing policy changes rather than helping their businesses grow. GDPR was first, the ePrivacy regulation and CONSENT Act may be next, and who knows what will come after that. So how can we stop policy from thwarting our growth? Let’s take a look at a few lessons hard-earned in the wake of GDPR, and how we can use them to better handle future policy change.

The Problem with Procrastination

Based on the volume of “privacy changes” emails sent within a day or two of GDPR’s implementation, many organizations waited until the last minute. It is human nature to procrastinate, but doing so affects your business, as well as your clients and vendors, as they may need to take action based on your GDPR preparation.

Research shows that people tend to overestimate how long it will take to complete short tasks and underestimate the time needed to complete large ones. It is like being back in school again. Many of us are guilty of waiting until the last minute to tackle a term paper. Often, doing so took longer than we had anticipated.

In the case of GDPR, many companies made a strategic decision to wait so they could see how their competitors and other market leaders were handling the new regulation. No one wanted to roll out changes that were too stringent, or conversely, too relaxed. It was almost like an industry game of chicken. We have to accept that these days, compliance will be fluid. We will need to refine our strategies, policies, and even our technology regularly to ensure we are law-abiding. When you think this way—that change is inevitable—and purposefully build an organization equipped to handle change effectively, it is easier to deal with external factors like GDPR and less tempting to procrastinate.

Organizations should start preparing for policy changes the moment they find out about them. Savvy business leaders are already calculating the implications of the ePrivacy regulation and CONSENT Act. When a regulation change is announced, create a project plan and break it into chunks. Assign each task a clear deadline, round up your time estimates, and be sure to delegate.

Procrastination Costs You Money

Many businesses put off addressing GDPR because they were busy with other projects. Often, those projects were simpler to tackle or could result in immediate business gains. It is normal to want to focus on those types of tasks, but procrastination always backfires. When you wait until the last minute, you are forced to drop everything and sink all of your resources into the self-inflicted fire drill. I have talked to companies that had to pull their entire tech teams off other projects so they could address GDPR-related issues. When most of an organization is focused on one thing, important business functions like customer service, sales and product development will suffer.

Procrastination Negatively Affects Clients and Partners

Like many companies, we rely on tools and portals, including a CRM, to run our business. Most of those solution-providers waited until the eleventh hour to announce their GDPR-related changes and the steps clients need to take to make sure they are compliant. Even though we had our GDPR activities under control for at least a week, we were left scrambling because our vendors waited until the last minute. Additionally, some of our clients had GDPR-related requests and questions but did not communicate them until a day or so before the regulation’s implementation. Again, that required us to urgently address GDPR issues, even though we planned in advance.

The advertising industry has no choice but to ensure it is compliant, and given the global-nature of business today, compliancy is more complicated than ever. Next time, we can do better. In the future:

• Consider how your actions will affect your clients and partners. Waiting until the last minute is not a good look, especially if your changes will require action from others.
  
  
• Reach out to similar, non-competing businesses and ask them how they are handling the new regulation, or consider joining an industry or leadership group in which you can bounce ideas off other members.
  
  
• Don’t be afraid to delegate. Trust your team and legal counsel to help you make the right decisions.
  
  
• Start early, do a little at a time, and pad your deadlines in case things take longer than you think.

There will be future regulation changes. It is not a matter of if, but when. As an industry, let’s do ourselves a favor and vow to consider the implications of our actions, share ideas and avoid procrastination the next time around.