As brands deal with more and more customer data, it’s increasingly important to handle this data in a way that respects user privacy. In fact, across the globe, there has been an increase in legislation ensuring that brands do so. Among the most well-known of those legislations is the EU's General Data Protection Regulation (GDPR), a landmark privacy initiative implemented in May of 2018 that aims to regulate the way businesses work with personal data.

GDPR’s impact on how brands go about their marketing activities lay at the heart of Beyond GDPR: Customer Relationships In A Privacy-Focused Age, a panel at Braze’s LTR 2018 conference. Gerret Braren from XING, Emily Diamond from Quartz, and Susan Wiseman from Braze spoke with moderator Jennifer Hill of Remedy Analytics about the ways GDPR is affecting how they do business. Here are five takeaways on what GDPR means for marketers:

1. Enabling greater customer visibility into their data

A brand that has been around for years likely has a vast store of data related to its users. GDPR pushes brands to make this data more visible and accessible to users. Additionally, it enforces that brands must make it explicitly clear what data they collect and how they plan to use it so that their customers are fully equipped to make the decision of whether or not to allow a brand to use their data.

For the team at XING, data visibility was a top priority in the wake of GDPR. So last year Braren and his team created a system where users could easily request to see the data that Xing had collected and stored and then, in an hour or so, receive a package that includes all of the data associated with their account. At Quartz, Diamond explains how publicizing their compliance and data practices on their policy page went a long way toward building user trust.

2. A chance to build long-term trust and relationships

Other panelists echoed these points about GDPR as a gateway to increased user trust. As a result, GDPR has helped brands cement deeper long-term relationships with their customers, assuming they embrace the principles behind this initiative.

“If you are looking to build long-term relationships with customers, respecting their wishes, being transparent with them about what you're doing with data, and fully embracing the concepts behind the GDPR and most data privacy laws actually helps you to improve relationships and increases loyalty,” says Wiseman.

3. Finding trusted vendors

Once GDPR was passed, it was up to brands to make sure they were working with the right people. That meant assessing the vendors they were relying on and ensuring compliance. And for data processors like Braze, GDPR meant taking a proactive approach and making sure they were that trusted vendor.

“No one wants to buy a solution that’s going to put them in breach of law, and no one wants to be the first company that is having the data protection authorities bring action against them,” says Wiseman. In order to avoid this and build trust with clients, Braze rebuilt their product so that it was easy for customers to use it in a GDPR-compliant way.

Braren mentions that his team had vendors that they had to “practically kick in the butt” to get them up to speed on compliance. And he emphasizes that this process was a major headache. “It's really something you should look at very early on,” says Braren. “And don't sign any contracts if you're not sure that this is a company you can work with the next couple of years.”

4. It’s time to put data in a global context

The panelists were quick to note that GDPR symbolizes the way data has truly gone global: It’s borderless, mobile, and fast. In response, companies have to think broadly and globally about the way they handle data—in a way that possibly transcends GDPR.

“Data is all over the world, and there really are no borders,” says Wiseman. “So it’s not just about GDPR anymore. It’s a whole world of global privacy laws — and how do we, as a data processor, comply with data processing laws throughout the world and protect data?” This is the question at the heart of GDPR, and brands are finding that it takes a global mindset to answer it.

5. Continual upkeep and innovation

Becoming compliant is only the first step—but in the end, the panelists truly saw GDPR as a way to keep improving and finding new ways to handle user data responsibly.

“This is an ongoing process,” says Wiseman. “You have to continually innovate. And as you are growing products, as you're getting feedback from customers, as you are building new products, you have to make sure that those products are going to respect privacy.” In short, growing and gaining new data sources means tech companies need “continuous upkeep” to ensure they’re always respecting user privacy.

Anything else?

Brands should see GDPR as an opportunity — to look inward, evaluate their practices, and innovate in new GDPR-compliant ways. At the end of the day, it’s a win for brands and customers alike. Want to learn more about GDPR? Read Braze’s Privacy Predictions for 2019.