2. Table of Contents
33
40
44
45
25
17
9
5
3Introduction
Executive Summary
Marketing and Data Privacy
Data Privacy and Revenue-Growth
Data Privacy and the General Data Protection Regulation
The GDPR and Revenue-Growth
Analyst Bottom Line
Acknowledgements
Appendix: Survey Background
DATA PRIVACY AND GDPR
4. Data Privacy and the GDPR 4INTRODUCTION
For many organizations, the effective use of personal data has become a
source of competitive advantage.
Recently, however, the court of public opinion and new legislation has
forced countless organizations to review their approach to data usage and
privacy.
Demand Metric and Demandbase partnered to research how to better
understand marketers’ approach to data privacy, how the use of
customer and prospect data will evolve, what challenges exist, and areas
of investment.
The research effort also pursued an answer to the key question: are
companies that report revenue-growth approaching data privacy differ-
ently than those that are revenue-stagnant?
These study results provide insights and data useful for comparing, plan-
ning, and improving your marketing team’s approach to data privacy.
5. Data Privacy and the GDPR 5
DATA PRIVACY AND GDPR
Executive Summary
6. Data Privacy and the GDPR 6EXECUTIVE SUMMARY
Most of this study’s participants were from B2B or mixed B2B/B2C orga-
nizations that have experienced modest or significant revenue growth
during the past fiscal year. The respondents came from a diverse set of
industries, with finance, banking, and insurance being represented the
most, followed closely by manufacturing and professional services.
Key Findings
86 percent of study participants report
their organization values the protection
of prospect and customer data from
a moderate to significant extent.
Just under half of this study’s participants came from companies with less
than 100 employees, and 26 percent of participants came from companies
with 500 employees or more.
Nearly three-quarters of study
participants will invest in tech-
nology to improve their approach to
data privacy.
The top reason why organizations value
the protection of data is “customer
expectations,” followed closely by
legal responsibilities and government
legislation.
59 percent of marketing teams report
they will become more dependent on
data moving forward.
The top three channels used to
obtain consent from customers and
prospects are email, online forms,
and website notices/banners.
Only 32 percent of study participants
are tracking metrics to measure
their approach to data privacy.
7. Data Privacy and the GDPR 7EXECUTIVE SUMMARY
The top 3 metrics that study
participants will track to measure
the success of their data privacy
efforts are the number of permis-
sions received, the number of
permissions retained, and the
number of subject access requests.
Over half of study participants
listed “Understanding the GDPR”
as their top challenge.
20 percent of study participants are
still unaware of the General Data
Protection Regulation (GDPR).
60 percent of participants are
changing their global approach to
privacy in light of the GDPR.
Only 32 percent of study partici-
pants are fully GDPR compliant.
22 percent of study participants
are not spending any money on
GPPR compliance.
8. Data Privacy and the GDPR 8
This report details the results and insights from the analysis of the study data. For more detail on the survey participants,
please refer to the Appendix.
EXECUTIVE SUMMARY
They are more likely to value the
protection of customer and prospect
data to a significant extent.
They are more likely to report that
ensuring the privacy of customer
and prospect data will help them
achieve their objectives to a
significant extent.
They are more likely to report lever-
aging customer and prospect data
to a significant extent in order to
achieve key business objectives.
They are much more likely to
report they are GDPR compliant.
The analysis of this study’s data also revealed the following relationships between companies that reported revenue-growth in the last
fiscal year and data privacy:
10. Data Privacy and the GDPR 10
FIGURE 1: VALUE OF PROTECTING CUSTOMER AND
PROSPECT DATA
Significant Extent
Slight Extent No Extent
Moderate Extent
Some Extent
64%
7% 2%
22%
5%
To what extent does your organization value the
protection of customer and prospect data?
Only 2% of this study’s participants report they do not value the
protection of customer and prospect data.
MARKETING AND DATA PRIVACY
The effective use of data can act as an enabler, empowering a company
to engage with its target audience by delivering personal, timely, and
relevant experiences to customers and prospects. However, with great
power comes great responsibility.
Companies that leverage data in their marketing efforts must build trust
with customers and prospects. One way to build trust is to ensure the
privacy and protection of the data that is being provided.
This study first set out to understand the extent to which organizations
value the protection of customer and prospect data, as shown in Figure 1.
No one doubts the value of protecting customer and prospect data: only
2% of this study’s participants report they do not value the protection of
customer and prospect data.
11. Data Privacy and the GDPR 11MARKETING AND DATA PRIVACY
FIGURE 2: WHY COMPANIES PROTECT CUSTOMER AND
PROSPECT DATA
Which of the following factors have caused your
organization to value the protection of customer and
prospect data?
The top three factors that have caused companies to value the
protection of customer and prospect data are customer expecta-
tions, legal responsibilities, and government legislation.
Customer Rights 59%
Benefits to the Customer 51%
Potential Fines/Charges 39%
Customer Expectations 73%
Government Legislation 61%
Benefits to my Organization 44%
34%Data Strategy
Legal Responsibilities 71%
15%Executive Influence
Other 5%
A wide variety of factors have caused organizations to value the protec-
tion of customer and prospect data, as shown in Figure 2.
The top three factors that have caused companies to value the protec-
tion of customer and prospect data are:
Customer expectations
Legal responsibilities
Government legislation
Consumers have come to expect that their data will be protected when
they engage with a company. Nearly three-quarters of study participants
acknowledge that customer expectations have caused their organiza-
tion to value the protection of both customer and prospect data.
Since so many marketing teams are at least partially responsible for
providing an exceptional customer experience, satisfying expectations
for data protection can have a significant impact on customer success.
Legal responsibilities and government legislation were also cited as
reasons why organizations value the protection of customer and pros-
pect data.
Although speculative, it is possible that the negative consequences
associated with non-compliance, such as substantial fines, have moti-
vated companies to value the protection of data.
New government legislation, including the General Data Protection
Regulation (GDPR), will be discussed in detail later in this report.
12. Data Privacy and the GDPR 12MARKETING AND DATA PRIVACY
Even the best customer and prospect data is useless if you don’t have the
right people, process, and technology in place to leverage it effectively.
High-performing marketers are able to leverage customer and prospect
data to achieve a number of key objectives, as shown in Table 1.
TABLE 1: HOW MARKETING LEVERAGES DATA TO ACHIEVE
OBJECTIVESTo what extent does your marketing team currently
leverage customer and prospect data to achieve the
following objectives? The vast majority of marketers leverage customer and prospect
data to achieve key business objectives.
More than half of study participants leverage customer and prospect data
to a moderate or significant extent to achieve the following objectives:
Create more targeted messaging
Deliver a more personalized customer experience
Develop better products and/or services
No Extent Slight Extent Some Extent Moderate Extent
Significant
Extent
Create more targeted messaging 5% 13% 19% 36% 27%
Deliver a more personalized
customer experience
4% 13% 23% 33% 27%
Optimize communication frequency 6% 16% 29% 31% 18%
Provide a more consistent
multi-channel experience
12% 17% 25% 26% 20%
Develop better products and/or services 8% 11% 18% 31% 32%
13. Data Privacy and the GDPR 13MARKETING AND DATA PRIVACY
Marketers are already leveraging data to help them achieve their busi-
ness objectives.
Not only will the use of data continue in the future, but the dependency that
marketers have on data will continue to intensify, as shown in Figure 3.
Over half of study participants report they will become more dependent
on data moving forward, while only 6% of respondents report they will
become less dependent on data.
We will become
more dependent
on data
59%
FIGURE 3: HOW MARKETING WILL LEVERAGE DATA
MOVING FORWARD
Which statement best describes how your marketing
team plans to leverage customer and prospect data
moving forward?
59% of study participants will become more dependent on data
moving forward.
We will become less
dependent on data
Our approach to
using data
will not change
6%
35%
14. Data Privacy and the GDPR 14MARKETING AND DATA PRIVACY
Since data usage will continue to grow, we wanted to understand if
study participants will be tracking any metrics to help them measure their
approach to data privacy.
The results of this analysis are shown in Figure 4.
When asked if they will track any metrics to help measure their approach
to data privacy, over two-thirds of study participants reported the following:
They will not be tracking any metrics
They do not know if they will be tracking any metrics
Metrics are what enable marketers to measure the success or failure of a
program. Those who believe data privacy metrics are superfluous must
reconsider their perspective.
Marketers who want to understand if their approach to data privacy is
working must measure a variety of metrics.
FIGURE 4: DATA PRIVACY MEASUREMENT
Will you be tracking any metrics to help you measure
your approach to data privacy?
Only 32% of study participants will track metrics to help measure
their approach to data privacy.
I don’t know
40%
Yes
No
32%
28%
15. Data Privacy and the GDPR 15
Study participants who report tracking metrics to help measure their
approach to data privacy use a wide variety of metrics, as shown in Figure 5.
The top 3 metrics that study participants will track to measure the success
of their data privacy efforts are:
Number of Permissions Received
Number of Permissions Retained
Number of Subject Access Requests (SARs)
Since most marketers seek to communicate with as many well-qualified
contacts as possible, obtaining and retaining consent are both vital to
success.
Marketers who chose to measure the number of permissions received
and the number of permissions retained have selected metrics that can
indicate the growth or decline of their marketable audience.
By measuring these data points and experimenting with different tactics,
the process of obtaining and retaining consent can be optimized.
MARKETING AND DATA PRIVACY
FIGURE 5: TOP 3 DATA PRIVACY METRICS
What metrics will you be tracking to measure the
success of your approach to data privacy?
The top 3 metrics that study participants will track are the
number of permissions received, the number of permissions
retained, and the number of subject access requests.
# of Data Breaches 45%
# of Erasure Requests 40%
% of Staff Trained 31%
# of Permissions Retained 63%
# of Permissions Received 74%
# of Reactivations 45%
% of Data Protection
Authorities (DPAs) Signed
38%
24%# of Portability Requests
# of Subject Access
Requests (SARs)
51%
12%I don’t know
Other 3%
16. Data Privacy and the GDPR 16MARKETING AND DATA PRIVACY
However, experimenting with different tactics can be a costly endeavor.
Those who want to optimize and improve their approach to data privacy
are often required to make investments.
The top areas of investment are shown in Figure 6.
For nearly three-quarters of study participants, technology was selected
as the top area of investment that respondents believe will help improve
their organization’s approach to data privacy, followed by legal and
staffing/resources.
Data can only be leveraged effectively if it is kept private and secure.
Investing in reliable and stable technology that can ensure the security
of data presents an opportunity for marketers who want to improve their
overall approach to data privacy.
FIGURE 6: TOP DATA PRIVACY INVESTMENTS
What areas will you be investing in to improve your
approach to data privacy?
Nearly three-quarters of study participants will invest in technology
to improve their approach to data privacy.
None 12%
Other 4%
Legal 40%
Technology 73%
Consultants 21%
Staffing/Resources 38%Now that we have looked at the state of marketing and data
privacy, the next section of this report examines if companies
that report revenue-growth are approaching data privacy differ-
ently than those that are revenue-stagnant.
17. Data Privacy and the GDPR 17
DATA PRIVACY AND GDPR
Data Privacy and
Revenue-Growth
18. Data Privacy and the GDPR 18DATA PRIVACY AND REVENUE-GROWTH
FIGURE 7: REVENUE GROWTH IN THE LAST FISCAL YEAR (FY17)
What statement best describes the revenue growth
at your company during the most recently completed
fiscal year?
Over two-thirds of study participants report a slight or significant
increase in revenue growth in the most recently completed fiscal
year (FY17).
Flat or no
growth
18%
Significant increase
in revenue
Significant decline
in revenue
Slight increase
in revenue
22%6%
46%
Slight decline
in revenue
8%
One of the key research objectives that drove this study was to under-
stand if revenue-growth companies approach data privacy differently
than those that are revenue-stagnant.
A study hypothesis was that revenue-growth companies take data privacy
more seriously and are more likely to leverage data to achieve their
objectives.
To begin to prove or disprove that hypothesis, the study first examined
what revenue-growth companies are doing differently than their peers.
To analyze this relationship, participants were first asked to categorize
revenue, and the following category options were provided for this rating:
Significant decline in revenue
Modest decline in revenue
Flat or no growth
Modest increase in revenue
Significant increase in revenue
The results of this revenue rating are presented in Figure 7.
Over two-thirds of study participants report a slight or significant increase
in revenue growth in the most recently completed fiscal year (FY17).
19. Data Privacy and the GDPR 19
Revenue-stagnant companies value the
protection of customer and prospect data
to a significant extent.
Revenue-growth companies value the
protection of customer and prospect
data to a significant extent.
FIGURE 8: THE VALUE OF PROTECTING DATA AND REVENUE
GROWTH
To what extent does your organization value the
protection of customer and prospect data?
Companies that report revenue-growth in the last fiscal year are
more likely to value the protection of customer and prospect data
to a significant extent.
Decline/No GrowthIncrease in Revenue
12%
17%
30%
5%
4%6%
5%
46%
73%
Significant
Extent
Some
Extent
Moderate
Extent
Slight
Extent
No Extent
0%
For the analysis that follows, responses to the revenue rating ques-
tion were grouped into two broad categories: the "Revenue-Stagnant”
category, which includes the “significant decline in revenue,” “modest
decline in revenue,” and “flat or no growth” responses, and the “Reve-
nue-Growth” category, which includes the “modest increase in revenue”
and “significant increase in revenue” responses.
A correlation exists between the value of protecting data and the revenue
categories shown in Figure 7. Figure 8 displays this relationship.
Compared to revenue-stagnant companies, study participants who
report experiencing revenue growth during the most recently completed
fiscal year were more likely to value the protection of customer and pros-
pect data to a significant extent.
DATA PRIVACY AND REVENUE-GROWTH
46%
73%
20. Data Privacy and the GDPR 20
While it is important to value the protection of customer and prospect data, leveraging data effectively can have a substantial impact on the likelihood of
achieving an organization’s objectives, as shown in Table 2.
DATA PRIVACY AND REVENUE-GROWTH
TABLE 2: HOW MARKETING LEVERAGES DATA TO ACHIEVE OBJECTIVES AND REVENUE GROWTH
Revenue-Growth companies are more likely to report leveraging customer and prospect data to a significant extent in order to achieve key
business objectives.
To what extent does your marketing team currently leverage customer and prospect data to achieve the following objectives?
Deliver a more personalized
customer experience
33% 36% 20% 8% 3%
16% 29% 23% 25% 7%
Decline/No GrowthIncrease in Revenue Significant Extent
Moderate
Extent
Some Extent Slight Extent No Extent
Create more targeted messaging
72% 17% 6% 4% 0%
46% 30% 5% 12% 5%
21. Data Privacy and the GDPR 21DATA PRIVACY AND REVENUE-GROWTH
Provide a more consistent
multi-channel experience
24% 29% 24% 12% 11%
13% 22% 15% 30% 20%
Develop better products and/or services
37% 35% 14% 11% 3%
25% 21% 21% 13% 20%
Compared to revenue-stagnant companies, study participants who
report experiencing revenue growth during the most recently completed
fiscal year were at least twice as likely to report that the use of customer
and prospect data helps them achieve the following objectives to a
significant extent:
Create more targeted messaging
Deliver a more personalized customer experience
Optimize communication frequency
Provide a more consistent multi-channel experience
Study participants who report revenue growth in the last fiscal year were
also more likely to report the use of data to develop better products and/
or services.
Marketers belonging to the revenue-growth category are much more
reliant on customer and prospect data.
The effective use of this data is what allows high-performing marketers
to create more targeted messaging, personalize the customer experi-
ence, optimize communications, build better products, and ultimately get
results.
Decline/No GrowthIncrease in Revenue Significant Extent
Moderate
Extent
Some Extent Slight Extent No Extent
Optimize communication frequency
21% 32% 27% 14% 6%
9% 29% 36% 20% 7%
22. Data Privacy and the GDPR 22
FIGURE 9: HOW MARKETING WILL LEVERAGE DATA MOVING
FORWARD AND REVENUE GROWTH
Which statement best describes how your marketing
team plans to leverage customer and prospect data
moving forward?
Revenue-growth companies are more likely to report they will
become more dependant on data moving forward.
Decline/No GrowthIncrease in Revenue
11%
3%
50%
62%
39%
35%
We will become
more dependant
on data
Our approach to
using data will
not change
We will become
less dependant
on data
DATA PRIVACY AND REVENUE-GROWTH
The current state of data usage suggests that high-performing marketers
are already leveraging customer and prospect data to help them achieve
their objectives.
This use of data will continue to be a crucial part of the marketer’s toolkit
moving forward, as shown in Figure 9.
For companies that report revenue growth in the last fiscal year, 62
percent acknowledge they will become more dependent on data.
By contrast, only half of the revenue-stagnant companies in this study
predict their data usage will increase moving forward.
At the opposite end of the continuum, revenue-stagnant companies are
over three times more likely to report they will become less dependent
on data moving forward when compared to revenue-growth companies.
Table 2 established that revenue-growth companies are more likely to
report leveraging customer and prospect data to a significant extent in
order to achieve key business objectives.
Since revenue-growth companies are already more likely to report lever-
aging data to achieve key business objectives, it is likely that the use of
data in the future will continue to support the attainment of objectives.
Companies that find themselves in the revenue-stagnant category
should consider increasing their use of data to support their business
objectives.
23. Data Privacy and the GDPR 23
Now that the importance of leveraging data has been established, we wanted to investigate if the marketers believed that ensuring the privacy of
customers and prospects can lead to better results. Table 3 shows the results of this analysis.
DATA PRIVACY AND REVENUE-GROWTH
TABLE 3: ENSURING PRIVACY OF CUSTOMER AND PROSPECT DATA AND REVENUE GROWTH
Revenue-growth companies are more likely to report that ensuring the privacy of customer and prospect data will help them achieve their
objectives to a significant extent.
To what extent do you think ensuring the privacy of customer and prospect data will help your marketing team achieve the following objectives?
Decline/No GrowthIncrease in Revenue
Build trust with prospects
56% 30% 10% 2% 2%
36% 32% 20% 10% 2%
Deliver a better customer experience
50% 27% 14% 4% 5%
36% 34% 18% 8% 4%
Significant Extent
Moderate
Extent
Some Extent Slight Extent No Extent
Build trust with customers
57% 28% 9% 3% 3%
41% 32% 16% 9% 2%
24. Data Privacy and the GDPR 24
Compared to revenue-stagnant companies, study participants who
report experiencing revenue growth during the most recently completed
fiscal year were much more likely to report that ensuring the privacy of
customer and prospect data will help them achieve the following objec-
tives to a significant extent:
Now that we have looked at the relationship between data privacy
and revenue-growth, the next section of this report examines the
impact of the General Data Protection Regulation (GDPR).
DATA PRIVACY AND REVENUE-GROWTH
The act of ensuring the privacy of customers and prospects is to make
certain, or guarantee, that customer and prospect privacy is protected.
This is where the rubber meets the road. Companies that report revenue
growth in the last fiscal year are more likely to believe that ensuring the
privacy of data will help them build trust and deliver a better customer
experience.
Build trust with customers
57% revenue-growth vs. 41% revenue-stagnant.
Build trust with prospects
56% revenue-growth vs. 36% revenue-stagnant.
Deliver a better customer experience
50% revenue-growth vs. 36% revenue-stagnant.
25. Data Privacy and the GDPR 25
DATA PRIVACY AND GDPR
Data Privacy and the General
Data Protection Regulation
26. Data Privacy and the GDPR 26
FIGURE 10: GDPR AWARENESS
Are you aware of the General Data Protection
Regulation (GDPR)?
78% of study participants are aware of the General Data Protection
Regulation.
No
22%
Yes
78%
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
The GDPR, a piece of legislation that was approved on April 14, 2016 and
came into force on May 25, 2018, has been a hot topic of conversation
for marketers this year.
The GDPR applies to companies located within the European Union
(EU) and those located outside of the EU if they offer goods or services
to, or monitor the behavior of, EU data subjects.
It also applies to all companies processing and holding the personal data
of data subjects living in the EU, regardless of the company’s location.
This new piece of legislation has forced many marketers to reconsider
their use and storage of personal information, as well as their overall
approach to data privacy.
Since coming into effect, the majority of marketers are aware of the
GDPR, as shown in Figure 10.
While the vast majority, 78% of respondents, are aware of the regula-
tion, 22% of study participants remain unaware of the GDPR.
The consequences of not complying with the GDPR are severe and
include fines up to 20 million Euros, or 4 percent of annual global turn-
over, whichever is highest.
Those who remain unaware of the GDPR must make it a priority to learn
about the legislation, understand its potential impact and if the GDPR
applies to their company, and take steps towards achieving compliance.
27. Data Privacy and the GDPR 27
FIGURE 11: GDPR CHALLENGES
As your marketing team works towards GDPR
compliance, which of the following challenges have
emerged?
The top 3 challenges that marketing teams report are under-
standing of the GDPR guidelines/restrictions, data management,
and obtaining consent from users.
Technology Barriers 37%
Acquiring Leads 21%
Staffing/Resource Constraints 33%
I don’t know 9%
Marketing is not responsible for any
of these challenges
5%
Obtaining Consent from Users 40%
Training 23%
Data Management 44%
Communications 24%
Understand GDPR
Guidelines/Restrictions
57%
Budget Constraints 25%
Retaining Consent from Users 29%
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
Unfortunately, achieving compliance is not an easy task. Marketing teams
within companies that continue to work towards GDPR compliance are
faced with several common challenges, as shown in Figure 11.
Over half of this study’s participants report that understanding GDPR
guidelines/restrictions is a challenge that has emerged as their
marketing team works towards compliance.
The fact that so many marketers are still struggling to understand the
GDPR guidelines and restrictions highlights the need for better educa-
tion, training, and subject-matter expertise.
Other top challenges reported by marketing teams include:
Data management
Obtaining consent from users
Technology barriers
28. Data Privacy and the GDPR 28DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
FIGURE 12: IMPACT OF THE GDPR ON GLOBAL APPROACH TO
PRIVACY
Are you changing your global approach to privacy in
light of the GDPR?
60% of study participants are changing their global approach to
privacy in light of the GDPR.
No
40%
Yes
60%
Although the GDPR only applies to companies located within the EU and
those located outside of the EU if they offer goods or services to, or
monitor the behavior of, EU data subjects, the GDPR is acting as a cata-
lyst for global privacy change, as shown in Figure 12.
The impact of the GDPR clearly extends beyond the EU. Over half of
study participants report they are changing their global approach to
privacy in light of the GDPR.
29. Data Privacy and the GDPR 29
FIGURE 13: GDPR AND EXPOSURE TO LEGAL RISKS
Are you concerned that your marketing technology
vendors might expose your company to legal risks
because they are not GDPR compliant?
80% of study participants are not concerned that their marketing
technology vendors might expose them to legal risks if they are
not GDPR compliant.
Extremely
concerned
Moderately
concerned
Somewhat concerned
Slightly
concerned
Not at all
concerned
9%
12%
20%39%
20%
Since the GDPR applies to all companies processing and holding the
personal data of data subjects living in the EU, the impact of the GDPR
on the marketing partner ecosystem was examined.
Study participants acknowledge they are concerned about the risks
associated with marketing technology vendors, as shown in Figure 13.
Most study participants report they are slightly, somewhat, moder-
ately, or extremely concerned that their marketing technology vendors
might expose them to legal risks if they are not GDPR compliant, while
only 20% of study participants report they are not concerned at all.
If the GDPR applies to your company, it would be ignorant to ignore the
potential implications of working with marketing technology vendors that
do not meet compliance requirements.
Our strong recommendation is to audit your marketing technology stack
and ecosystem to ensure that your partners do not expose your company
to any legal risk.
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
30. Data Privacy and the GDPR 30
The impact of the GDPR on publishers and advertising companies has
the potential to disrupt both industries.
Currently, however, most study participants will continue working with
their existing suppliers, as shown in Figure 14.
The vast majority, 86% of study participants, will not be changing the
publishers or advertising companies they use in light of the GDPR.
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
FIGURE 14: CHANGES IN PUBLISHERS OR ADVERTISING
COMPANIES DUE TO GDPR
Are you changing the publishers or advertising
companies that you use in light of the GDPR?
The vast majority, 86% of study participants, will not be
changing the publishers or advertising companies they use in
light of the GDPR.
No
14%
Yes
86%
31. Data Privacy and the GDPR 31
As discussed earlier in this report, one of the top challenges reported by
marketing teams involved obtaining consent from users.
Figure 15 shows an inventory of the most popular channels used to
obtain consent from customers and prospects.
The top three channels used to obtain consent from customers and pros-
pects are:
Email
Online forms
Website notices/banners
Since obtaining consent from users is a top challenge for marketers, the
channels in use must be optimized to ensure they are performing to the
best of their ability.
If a channel is underperforming, marketers should audit the process used
to obtain consent to identify opportunities from improvement, adopt best
practice optimization techniques like A/B and multivariate testing, and
evaluate new channels for obtaining consent.
FIGURE 15: TOP CHANNELS USED TO OBTAIN CONSENT
What channels or technology do you use to
obtain consent from customers and prospects to
use their data?
The top three channels used to obtain consent from
customers and prospects are email, online forms, and website
notices/banners.
Direct Mail 21%
Phone 19%
Website Notice/Banner 47%
3%Other
Online Form 70%
4%I don’t know
Email 80%
4%We don’t ask for consent
Consent Management Platform 14%
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
32. Data Privacy and the GDPR 32
The journey towards compliance does not end after consent has been
obtained.
Consent must also be retained and, in certain cases, refreshed. Most
study participants are refreshing consent for their customer email lists,
as shown in Figure 16.
Over two-thirds of study participants report taking a country-by-country
approach to refresh existing consent or are asking everyone in their
database to re-consent.
The approaches used to refresh consent can differ depending on an
organization’s objectives.
As long as consent is obtained, the means by which it is gained (provided
it is effective), does not seem to impact the attainment of objectives.
The GDPR has helped to bring the conversation about data privacy to
the forefront of marketer’s minds.
If the GDPR applies to your organization, learn about the GDPR to keep
your skill set sharp, audit your marketing technology vendors to ensure
compliance, optimize the process of obtaining consent, and apply
lessons learned to your organization’s global approach to privacy.
Now that we have looked at data privacy and the GDPR, the next
section of this report examines if companies that report reve-
nue-growth are approaching the GDPR differently than those
that are revenue-stagnant.
FIGURE 16: APPROACH TO REFRESHING CONSENT FOR
CUSTOMER EMAIL LISTS
Which statement best describes your approach to
refreshing consent for your customer email lists?
Only 30% of study participants are not refreshing consent for
their customer email lists.
We are taking a
limited, country-
by-country
approach, to
refresh existing
consent
We are asking everyone
to re-consent our
customer email lists
We are not
refreshing
consent for
our customer
email lists
35%
35%
30%
DATA PRIVACY AND THE GENERAL DATA PROTECTION REGULATION
34. Data Privacy and the GDPR 34THE GDPR AND REVENUE-GROWTH
A startling number of study participants have not yet achieved GDPR
compliance, as shown in Figure 17.
Surprisingly, only 32% of study participants are fully GDPR compliant.
Considering the severity of the penalties that companies face for
non-compliance, those who the GDPR applies to but have not yet
achieved compliance must either start or continue to work towards it.
FIGURE 17: GDPR COMPLIANCE
To the best of your knowledge, which statement most
accurately describes your organization’s current level
of GDPR compliance?
Only 32% of study participants are fully GDPR compliant.
We are fully
compliant
We have implemented
our plan, but we are not
fully compliant
We are in the process of
implementing our plan
I don’t know
We are still in the
planning stages
We haven’t
started yet
Other
32%
15%
22%
10%
10%
6%
5%
35. Data Privacy and the GDPR 35
FIGURE 18: GDPR COMPLIANCE AND REVENUE
To the best of your knowledge, which statement most
accurately describes your organization’s current level
of GDPR compliance?
Revenue-growth companies are much more likely to report
they are GDPR compliant.
Decline/No GrowthIncrease in Revenue
35%
We are fully
compliant
16%
17% 14%14% 19%19%
We have
implemented
our plan, but
we are not fully
compliant
25%
We are still in
the planning
stages
I don’t knowWe are in the
process of
implementing
our plan
3%7%
7%
9%
9%
We haven’t
started yet
4%
Other
THE GDPR AND REVENUE-GROWTH
Using the same revenue categorization as described earlier, we sought
to determine if revenue-growth companies were more likely to report
GDPR compliance than revenue-stagnant companies.
The results of this analysis are shown in Figure 18.
Compared to revenue-growth companies, revenue-stagnant compa-
nies are over four times more likely to report they haven’t started
working towards GDPR compliance.
36. Data Privacy and the GDPR 36
Companies that have achieved revenue growth in the last fiscal year
appear to be taking data privacy, and specifically the GDPR, more seri-
ously. Not only does ensuring GDPR compliance safeguard companies
against potential fines, but perhaps there are also some unintended
benefits of working towards compliance.
Although speculative, one potential unintended benefit of ensuring
compliance is an increase in the amount of trust customers and pros-
pects place in a business. This type of benefit can certainly help to
increase loyalty, retention, and revenue, and it cannot be discounted.
Another interesting analysis was the relationship between revenue
growth and the impact of study participants’ approach to privacy across
different geographies, as shown in Table 4.
TABLE 4: GEOGRAPHIC IMPACT OF APPROACH TO PRIVACY
AND REVENUE GROWTH
Study participants report the biggest impact of their approach to
privacy will happen EMEA (Europe, the Middle East, and Africa).
To what extent will your approach to privacy be
impacted in the following geographies?
EMEA (Europe, the Middle East,
and Africa)
54% 10% 11% 10% 10% 5%
32% 15% 16% 12% 8% 16%
THE GDPR AND REVENUE-GROWTH
Decline/No GrowthIncrease in Revenue Significant
Extent
Moderate
Extent
Some Extent Slight Extent No Extent I don’t know
APAC (Asia-Pacific)
7% 20% 20% 13% 23% 17%
8% 20% 24% 4% 16% 28%
37. Data Privacy and the GDPR 37THE GDPR AND REVENUE-GROWTH
Compared to revenue-stagnant companies, revenue-growth compa-
nies are far more likely to report a significant impact in their approach
to privacy in EMEA.
Conversely, revenue-stagnant companies are more likely to report
a significant impact in all other geographies studied including APAC
(Asia-Pacific), the Americas, and LATAM (Latin America).
Furthermore, revenue-stagnant companies were much more likely to
report they do not know the extent of impact on their approach to privacy
across all geographies when compared to revenue-growth companies.
Perhaps these discrepancies are caused by a lack of understanding of
the GDPR. If so, it underlines the need for further education.
Revenue-growth companies seem to have isolated their efforts in the
geography that is immediately impacted by the GDPR, EMEA, and do not
feel as compelled to overhaul their approach to privacy in other geogra-
phies at this point in time.
LATAM (Latin America)
2% 20% 22% 14% 27% 15%
24% 20% 8% 12% 12% 24%
Decline/No GrowthIncrease in Revenue Significant
Extent
Moderate
Extent
Some Extent Slight Extent No Extent I don’t know
America (US and Canada)
20% 20% 29% 15% 7% 9%
28% 24% 12% 12% 12% 12%
38. Data Privacy and the GDPR 38
FIGURE 19: GDPR SPEND AS A PERCENTAGE OF OVERALL
MARKETING BUDGET
How much do you estimate that your organization
will spend on GDPR compliance?
22% of study participants are not spending any money on
GDPR compliance.
$1,000,001+
$500,001 -
$1,000,000
$1 - $10,000
$250,001 - $500,000
We are not
spending any
money on GDPR
compliance
$50,001 - $250,000
$10,001 - $50,000
I don’t know
1%
1%
25%
6%
22%
6%
11%
27%
THE GDPR AND REVENUE-GROWTH
Although it is possible to achieve GDPR compliance without making
any investments, the majority of study participants will spend money on
GDPR compliance, as shown in Figure 19.
Surprisingly,nearlyhalfofstudyparticipantsfallintooneoftwocategories:
They do not know how much their organization will spend on
GDPR compliance
They are not spending any money on GDPR compliance
The amount spent on GDPR compliance is well distributed across the
remaining 51% of study participants, with only 7% of study participants
reporting they will spend $250,001 USD or more.
39. Data Privacy and the GDPR 39
FIGURE 20: GDPR SPEND AND REVENUE GROWTH
How much do you estimate that your organization
will spend on GDPR compliance?
Revenue-stagnant companies are nearly twice as likely to
report they are not spending any money on GDPR.
Decline/No GrowthIncrease in Revenue
$1,000,001+ $500,001 -
$1,000,000
26%
26%28% 33%
23%
$250,001 -
$500,000
18%
$50,001 -
$250,000
7%
$1 - $10,000
9%
9%
12%
1%
0% 0% 0%
2%
2%
$10,001 -
$50,000
We are not
spending any
money on GDPR
compliance
I don’t know
Are companies that report revenue growth in the last fiscal year more
likely to secure budget for a GDPR compliance initiative? We wanted to
find out. Figure 20 shows the results of this analysis.
Revenue-stagnant companies are nearly twice as likely to report they are
not spending any money on GDPR. Revenue-growth companies were
much more likely to report spending $50,000 USD or more on compliance.
Whileonly32%ofstudyparticipantsreporttheyhaveachievedGDPRcompli-
ance, revenue-growth companies seem to consider the GDPR a higher
priority and have pro actively secured funding to ensure their compliance.
They also seen to have a higher level of awareness as they are more
likely to report that other geographies will not be impacted. Marketers
who want to their improve their approach to data privacy should follow
the lead of study participants that fall into the revenue-growth category.
THE GDPR AND REVENUE-GROWTH
40. Data Privacy and the GDPR 40
DATA PRIVACY AND GDPR
Analyst Bottom Line
41. Data Privacy and the GDPR 41
This study has explored marketers’ approach to data privacy, how the use of customer and prospect data will evolve, what challenges exist, and
areas of investment. We have also examined how top performing revenue-growth companies are managing their approach to data privacy
differently than their peers.
Marketers that want to approach data privacy in the most effective way, and produce the highest possible return, should implement the following
recommendations:
Leverage Data Ensure Privacy
Companies that report revenue growth in the last fiscal year
are more likely to leverage customer and prospect data to a
significant extent in order to achieve key business objectives.
The effective use of this data is what allows high-performing
marketers to create more targeted messaging, personalize
the customer experience, optimize communications, and
help build better products or services. Marketers who want
a seat at the boardroom table must take a methodical
approach to data usage in order to get results.
Review your organization’s objectives and audit your
marketing infrastructure to identify new opportunities and
ways to exploit untapped data resources. Since marketers
belonging to the revenue-growth category report they are
much more reliant on data, don’t be afraid to explore new
ways for your organization to leverage the customer and
prospect data that you capture.
Marketers that leverage data must build trust with
customers and prospects. Companies that report revenue
growth in the last fiscal year are more likely to believe that
ensuring the privacy of data will help them build trust and
deliver a better customer experience.
Moreover, companies that leverage data are more likely
to report that ensuring the privacy of customer and
prospect data will help them achieve their objectives to
a significant extent. The act of ensuring the privacy of
customers and prospects is to make certain, or guarantee,
that customer and prospect privacy is protected.
Ensure the privacy of customers and prospects by working
with your IT department to audit your marketing tech-
nology stack and the publishers or advertising companies
that you work with.
1 2
ANALYST BOTTOM LINE
42. Data Privacy and the GDPR 42
Understand the GDPR
Over half of study participants listed “Understanding the
GDPR” as their top challenge while working towards compli-
ance. Since the consequences of not complying with the
GDPR are severe, the fact that so many marketers are still
struggling to understand the GDPR guidelines and restric-
tions highlights the need for better education, training, and
subject-matter expertise. Companies that have achieved
revenue growth in the last fiscal year are taking data
privacy more seriously and they are much more likely to
report GDPR compliance.
Those who remain unaware of the GDPR must make it
a priority to learn about the legislation, understand its
potential impact, and must take steps towards achieving
compliance if the GDPR applies to their organization. The
research data also suggests that revenue-growth compa-
nies have isolated their efforts in the geography that is
immediately impacted by the GDPR, EMEA, and do not feel
as compelled to overhaul their approach to privacy in other
geographies at this point in time. While it is important to
apply the lessons learned from one geography to the next,
we encourage marketers to exercise caution before making
major changes to their global approach to data privacy.
Monitor data privacy success metrics closely and roll out
global privacy changes after objectives have been met,
gains have been achieved, or if new legislation emerges.
3 Optimize your Process
Even the best customer and prospect data is useless if you
don’t have the right people, process, and technology in
place to leverage it effectively.
Since obtaining consent from users is a top challenge for
marketers, the channels used to obtain and retain consent
must be optimized to ensure they are performing to the
best of their ability.
If a channel is underperforming, marketers should audit the
process used to obtain consent and identify opportunities
for improvement, adopt best practice optimization tech-
niques like A/B and multivariate testing, and evaluate new
channels for obtaining consent.
4
ANALYST BOTTOM LINE
43. Data Privacy and the GDPR 43
Invest Wisely
For nearly three-quarters of study participants, technology
was selected as the top area of investment that respon-
dents believe will help them improve their organization’s
approach to data privacy.
While most study participants report they are concerned
that their marketing technology vendors might expose
them to legal risks if they are not GDPR compliant, our
strong recommendation is to audit your marketing tech-
nology stack and ecosystem to ensure that your partners
do not expose your company to any legal risk.
Since data can only be leveraged effectively if it is kept
private and secure, investing in reliable and stable tech-
nology that can ensure the security of data presents an
opportunity for marketers who want to improve their
overall approach to data privacy.
5 Measure Success
Theuseofmetricsiswhatenablesmarketerstomeasurethe
success or failure of a program. Marketers must approach
the measurement of data privacy with the same level of
commitment and sophistication as any other program they
are responsible for.
Those who believe data privacy metrics are unnecessary
must reconsider their perspective. Marketers who want to
understand if their approach to data privacy is working
must measure a variety of metrics.
By measuring key data privacy metrics, experimenting with
different tactics, and making incremental improvements,
the benefits of protecting customer and prospect data,
such as building trust and a better customer experience,
can be achieved.
6
ANALYST BOTTOM LINE
By implementing these six recommendations, marketers can
taketheirdataprivacyeffortstothenextlevelofeffectiveness.
44. Data Privacy and the GDPR 44ACKNOWLEDGEMENTS
Demandbase is the leader in Account-Based Marketing (ABM). The
company offers the only Artificial Intelligence-enabled, comprehensive
ABM platform that spans Advertising, Marketing, Sales, and Analytics.
Enterprise leaders and high-growth companies such as Accenture, Adobe,
DocuSign, GE, Salesforce, and others use Demandbase to drive their ABM
strategy and maximize their marketing performance. The company was
named a Gartner Cool Vendor for Tech Go-To Market in 2016.
For more information, please visit www.demandbase.com or follow the
company on Twitter @Demandbase.
Demand Metric is grateful to Demandbase for sponsoring this research, and for those who took the time to complete the study survey.
Acknowledgements
Demand Metric provides Agile Marketing software powered by 1,000+
practical tools and resources to help our members complete their work
faster and with more confidence.
Our community of 130,000+ global members is composed of CEOs and
business owners, marketing consultants and agencies, marketing execu-
tives and managers, and professionals who specialize in: product manage-
ment, marketing operations, sales enablement, customer engagement,
demand generation, content marketing, project management, account-
based marketing, and other disciplines.
To learn more about Demand Metric, sign up for a free membership at:
www.demandmetric.com
45. Data Privacy and the GDPR 45APPENDIX: SURVEY BACKGROUND
This Demand Metric Marketers’ Approach to Data Privacy survey was administered online during the period of June 13, 2018 to June 28, 2018.
During this period, 255 responses were collected, 227 of which were complete enough for inclusion in the analysis. Only valid or correlated
findings are shared in this report.
The representativeness of this study’s results depends on the similarity of the sample to environments in which this survey data is used for
comparison or guidance.