Duncan Brown
Duncan Brown (VP of Enterprise Research Europe)

In this second part of this two-part blog ( GDPR Countdown I : Why marketers should pay attention) we give our Do’s and Don’ts on how to go to market with a GDPR message. Here’s the important thing: you must have a view on GDPR.

Companies are desperate for information and insight on GDPR, and they are asking their suppliers. That means you, and if you don’t have a view they’ll ask your competitors. Okay, so here’s what to do (and not) in messaging for GDPR:

Do talk about where your capabilities start and stop. Importantly, help your customers fill the gaps that you can’t fill. This conveys a sense of responsibility and duty of care to your customers, and shows that that you can be a trusted source of advice.

Don’t just talk about security. GDPR isn’t a security problem, or even an IT problem. It’s a business problem, so everything you say must revolve around the business benefits and priorities relating to GDPR. Although your messaging may be aimed at technologists, they will have to translate what you say into business-speak for internal stakeholders. Make it easy for them.

Do map your products and/or services to specific articles in GDPR. This demonstrates that you have read the text, have understood it and know where you can help customers (and where you can’t).

Don’t GDPR-wash. We see this too often: a narrative that consists of asserting that GDPR is important, and that your product/service can magically make companies compliant. At best, vendors using this approach will be disregarded. At worst, they will be taken at face value and customers will naively believe they are compliant.

Do aim to educate your audience, and to clarify some of the many uncertainties that exist and persist. Without straying beyond your field of expertise, offer your expertise and opinion, always referring back to the text. If you can cite discussions with regulators and policy-makers, so much the better. Using third party experts (such as IDC!) offers value to your customer and shows that you’re interested in helping to advance the market’s collective understanding.

Do talk about what your own firm is doing to comply with GDPR. Internal compliance is as important as external support for your customers’ compliance. Nothing will erode your credibility faster than non-compliance. So be prepared to talk about what you’re doing. Some vendors are already masters at this and leading by example. Not everyone can have a charismatic CPO that walks the walk, but be as transparent as possible about your approach.

GDPR is an unprecedented opportunity for the IT market. Although the requirement for GDPR compliance will be long-lived, the highest growth will occur in the next 12 months. Providers that establish a strong GDPR offer in this timeframe will reap further benefits in the long run.

InfoSec 2017 Banner
The IDC team is back at InfoSec once more, to share analysis, insights and forecasts for the European Security market. Register now to come and meet the recently expanded team for breakfast, discussion and debate on all things Security.

IDC’s Breakfast Briefing on 7th June – “Lions, Tigers & Bears, Oh My!: Trends and Forecasts for the #Security Zoo”