Digital security: how client/agency relationships must change
There was a time when client/marketing agency relationships were reasonably fluid, and agency roster reviews would take place on regular one, two or three year intervals. But that all changed when digital took centre stage and customer databases grew.
This gradual evolution, from traditional to data-driven marketing means that the amount of data clients now store, and the personal nature of much of this information, means that under current and upcoming European Union (EU) laws, data security breaches carry big penalties.
Who is liable for data breaches?
The harsh reality is, that the owner of the data is the company that will be prosecuted and receive the financial penalty, and in the case of the new General Data Protection Regulation (GDPR), penalties are now confirmed at up to 4% of an enterprises’ total global turnover, or €20,000,000.
GDPR is now agreed among EU member states and while it will not come into force until early 2018, its influences can already be felt as data security and privacy law comes into sharper focus among EU authorities.
GDPR: gaining perspective
Preparing to meet the required levels of data security and protection is a little less straightforward than you might imagine. That is because one of the most critical weak points in your digital marketing workflow is likely to be out of your direct control: your digital marketing agency.
What is going to become important to you very quickly is your agency’s grasp of GDPR and its clear understanding of how these new and complex laws impact on not only them, but you. Because if things go wrong, it’s you who will be picking up the tab.
Digital agency security benchmarks
The critical issue is having confidence in your agency’s knowledge of EU data protection laws – things like how do we export data to the USA, or how do we transmit personal data? These are areas where, if handled incorrectly, large fines may be imposed.
To gain confidence in your digital agency, you need them to have a clear official international qualification. This should take the form of ISO certification to at least ISO 9001 certification for data management, and preferably ISO 27001 for data security.
ISO 9001 and ISO 27001 agency input
These ISO certifications should give you the confidence to rely on your agency’s advice on national and international data management and security, and means you can allow them to guide you through set-up and the day-to-day running of your data-driven marketing processes.
So, now your agency has taken on a completely new role.
Now, rather than fulfilling a purely subordinate role, they have evolved as partners, collaborating with you in data management and protection, as well as helping you navigate the complexities of digital marketing in this new regulatory environment.
Changing roles and perspectives
GDPR, ISO 9001 and ISO 27001 mean you will either want to find a new and more competent digital agency or completely change the way you work with your existing agency partner. And this will mean a complete change in the dynamic of the relationship for both parties.
Client-side, you will have to gain confidence in your agency and trust their advice on international data regulations, and your agency will need to step up and learn to work in a transparent collaborative partnership – still a rarity it seems, even in the 21st Century.
Securing agency relationships
But what is truly important in this new relationship is that it needs to endure, because both parties will be making a significant commitment to the relationship and in particular your chosen agency, who will always need to stay ahead of the legislative curve on your behalf.
This ongoing next-level client support and guidance places continuous demands on agency resources and means to serve you well they will need to fully understand you and your enterprise.
This requires a significant investment in relationship building for both parties, so placing your agency under a contract that fully reflects this new form of agency/client collaboration means you both have the security of a long-term relationship in a fast-changing world.
GDPR, ISO 9001 and ISO 27001 mean you will either want to find a new and more competent digital agency or completely change the way you work with your existing agency partner.