Skip to main content

How Hong Kong Businesses can turn GDPR into a Marketing Opportunity

Marketers worldwide seem to have survived the immediate aftermath of May 25th, 2018. Viewed as a long-term strategy, the General Data Protection Regulation (GDPR) is an opportunity for brands to improve their data management processes and to refine their communications with their audiences.

Key takeaways for Hong Kong businesses:

  • Your marketing team should get involved in data management. Try mapping out what type of data is captured along different stages of the consumer journey and how its processed.
  • Good data management is key to ensure your marketing and sales departments, as well as other business functions, are gaining value from data analytics.
  • Use the CIA triad to ensure controlled access to data to minimize risks of corruption, loss or misuse.
  • Nurture your revised database. Your new audience has opted to continue their relationship with your brand. Treat them with respect by ensuring personalised journeys to increase your customer lifetime value.

What Hong Kong businesses should know about GDPR

The new European framework in data protection, GDPR, came into effect on 25 May 2018. Its wide reach, brought about not only by its consideration of where data is processed but also the location of the individual concerned, puts many overseas establishments, including Hong Kong businesses, within scope. In consequence, those that were previously not subject to EU data protection policies have now had to take steps to identify whether the GDPR is applicable to them, and then ensure compliance. To read more about obligations under the framework, read our Visual Guide to GDPR. Businesses will also have to take into consideration the Personal Data (Privacy) Ordinance which sets out data protection principles such as collection, use, security and access.

GDPR applies to Hong Kong businesses that:

  • Offer goods or services to individuals based in one or more Member States (regardless of whether payment is required for these goods or services); or
  • Monitor behaviour of individuals within the EU.

Whether a business is determined to fulfill these criteria will depend on contextual circumstances. For instance, if a Hong Kong e-commerce site offers international shipping, with the option to pay in Euros, in English or a Member State language, then it will be caught by GDPR.

How can Hong Kong businesses turn data protection requirements into marketing opportunities?

The CIA triad: improve your data security

While using internal checks and controls to limit data is crucial for security reasons, they also have to adapt to your workflows to ensure red tape isn’t getting in the way of business fluency. Your teams will need to access your data for reasons such as improving data quality (such as data sanitization or updates) and data capture (from brand-user interactions on your website or social platforms, data from your sales or customer service support). Implement a tiered approach to data protection to ensure stricter controls on sensitive and personal information.

The CIA triad (confidentiality, integrity and availability) is a model designed to guide an organisation’s policies for information security within an organization. Confidentiality and availability relate to rules that limit access to information and guarantee its reliable access by designated employees, respectively. Integrity involves building processes that ensure that data cannot be altered by unauthorized people, such as through setting up user access controls.

GDPR is an opportunity to build trust among your consumers. Becoming a loved and trusted brand is a critical component to maintaining an edge in today’s increasingly competitive world. Adopting data privacy as a core business principle will enable you to communicate genuinely and humanely to your customers and partners.

Implement good data management processes to drive value from data

To obtain valuable, actionable insights from data analytics, your teams need to understand what data you have, where it comes from, how the data is used, when and how the data is maintained, and finally, which data provides value to your business. We estimate that more than 95% SMEs lose 1/5th of revenue due to insufficient quality of data.

Traditionally, data management and governance has been left to IT teams. The first step for businesses looking to use GDPR as an opportunity to improve their marketing functions is to get marketers more involved. By using the customer journey to identify touchpoints for brand-consumer interactions, marketers can then map which points generate data traffic, the type of data collected and what happens once data is captured.

Good marketers turn good data into meaningful information. Less than 10% of marketers are confident that they are using data systematically across their functions (source: Teradata), yet improving data management and governance can deliver significant ROI from numerous benefits:

  • Audits can improve your understanding of what data you have and uncover opportunities to use it;
  • Good data management can enable data-led strategies across marketing, sales and other business divisions;
  • Insights about your customers can help drive customer-centricity in business strategy – improving customer service and shortening the sales cycle;
  • Better data helps segment customers into meaningful profiles and construct relevant marketing journeys that improve conversion rates. Over half of customers have been sent information on irrelevant products over a twelve-month period (source: Experian);
  • Speak to audiences who want to be spoken to. Obtain more meaningful insights into customers who are actively listening to your brand, all while becoming more resource-efficient in your marketing communications. Personalised messages will make consumers feel special and encourage repeated interactions with your brand.

Bad data feeds even worse strategies. Good data management practices will enable businesses to better serve their audiences, by providing relevant, timely marketing messages that are welcomed and valued by the modern consumer.

If you would like to learn more about how to ensure your marketing practices are compliant with GDPR, fill out our contact form, by clicking on Let’s Talk, right below and receive a response within one business day.

About the Author


Manuela leads the Marketing division at IMS, advising clients on branding and market positioning in both Europe and Asia.

Prior to joining IMS, Manuela worked in financial regulation and compliance. Past experiences include representing France in roundtable discussions in Brussels for the European Venture Capital Fund (EuVECA) Regulation.

She obtained her LL.B (Hons) at UCL before graduating from Sciences-Po, Paris, with a Master’s in Financial Regulation.

Connect with Manuela Burki on LinkedIn

Leave a Reply