Skip to content
Follow Us

Get the best of Capacity Interactive delivered to your inbox.

This field is for validation purposes and should be left unchanged.
Navigating the New Privacy Landscape
Episode 113

Navigating the New Privacy Landscape

User-Centric and Privacy-Focused Data Collection

This episode is hosted by Dan Titmuss.

0:00 / 0:00

In this episode

More than ever, arts marketers need to be purposeful about data collection, responsive to privacy regulations, and respectful of their audiences’ preferences. In 2023 and beyond, it’s all about staying user-centric and privacy-focused.

Not sure where to start? We’ve got you covered with expert insights from CI consultants, a data privacy expert, and a fellow arts marketer who's been in your shoes—and has a few words of advice.

Digital Download

Dan chats with fellow Senior Consultant Alison Goldberg about changes in the data privacy space and why this topic is so time-sensitive for arts marketers. They break down commonly used acronyms so you can feel confident tackling this topic.

CI to Eye Interview with Jodi Daniels

Certified data privacy expert Jodi Daniels shines light on the human side of this technical subject and offers suggestions for ensuring your organization’s practices are both legally compliant and trust-building.

CI to Eye Interview with Rob MacPherson

Arts marketer extraordinaire Rob Macpherson reflects on his experience implementing privacy regulations at Birmingham Hippodrome, one of the U.K.’s most prolific theaters. He shares his first-hand experience and offers sage advice to U.S. marketers just starting on this journey.

Dan Titmuss: Hi everyone. Dan here. They say February is the month of love, and as arts marketers, it’s time to fully embrace this new data privacy landscape. I know, I know. It might seem impossible now, but after this episode, your love for data privacy practices will blossom.

Over the past few years, people have become more and more aware of how their data is used—or misused—by companies, and they’re demanding change. More than ever, arts marketers need to be purposeful about data collection, responsive to privacy regulations, and respectful of their audience’s preferences. In 2023 and beyond, it’s all about staying user-centric and privacy-focused. In this episode, we’ll help you navigate the new privacy landscape—without any heartbreak.

First, I’ll be speaking with fellow senior consultant Alison Goldberg about changes in the data privacy space and why this topic is so time sensitive for arts marketers. We’re also gonna break down all of those acronyms you might have heard of like PII, GDPR and CCPA, so you feel confident and ready to tackle this topic.

Then I’m gonna chat with Jodi Daniels, a certified data privacy expert, about why evolutions in the data privacy space might actually be viewed as opportunities rather than hurdles. Jodi will offer suggestions for where you can start to ensure your organization’s practices are both legally compliant and trust-building.

Finally, I’ll sit down with Rob Macpherson, the managing director of Creating Impakt and the former marketing and development director at the Birmingham Hippodrome. He’ll share his firsthand experience implementing privacy regulations at one of the UK’s most prolific theaters and offer sage advice to all of us just starting out on this journey.

And with any content related to privacy, it is important to note that we are not lawyers, nor are any of our guests. Today’s episode is not a step-by-step guide, but a group of meaningful conversations to help spark your next steps in the privacy landscape.

Let’s dive in, shall we?

Dan Titmuss: Alright, let’s get started with our Digital Download. Before we talk about data privacy, we need to understand what exactly it is. So we’re gonna break it down with the help of Alison Goldberg, a senior consultant at CI specializing in email and digital advertising. Alison, welcome to CI to Eye!

Alison Goldberg:: Thanks Dan. It’s great to be here.

Dan Titmuss: So this is a disclaimer that I feel everyone talking about privacy constantly says, right? We are not lawyers. Actually, I haven’t double checked that. Alison, are you a lawyer or…?

Alison Goldberg:: I’m not a lawyer.

Dan Titmuss: Alright, cool.

Alison Goldberg:: Don’t tell my parents.

Dan Titmuss: Yeah. Much to our parents’ shame, we’re not lawyers. We’re digital marketing nerds. In this episode, we’re gonna help you get a sort of baseline understanding of where we are with digital privacy and data privacy, and start asking the right questions at your organization. But yeah, we’re not legal counsel, so please don’t sue us.

Alison Goldberg:: Please. Yeah.

Dan Titmuss: Yeah. With that out of the way, let’s get into it. It kind of feels like every week, almost, there’s something that changes about data privacy… and that’s not even too much of an exaggeration. Could you give us a brief overview of the data privacy landscape and how it’s changed over the past few years?

Alison Goldberg:: It is pretty much changing every week. You’re right. So for a long time, we as advertisers have relied on cookies to collect third-party data and first-party data. And we’ve used that to track user behavior, which allows us to serve personal and relevant ads to those users and have the robust conversion tracking in our campaigns that we’re used to.

Dan Titmuss: And cookies, they’re just bits of code that are on your browser, right?

Alison Goldberg:: Yes, yes. So there’s two different kinds. There’s first-party cookies, or first-party data, and third-party cookies. So first-party is that information that’s collected directly from users. So if a user is going to your site and buying a ticket and entering their email address, that email address is considered first-party data ’cause they have a relationship with you and they’re giving you that data. Whereas third-party data is information collected by an entity that does not have a direct relationship with the user. So that’s like Google and Meta collecting information about users on your site. So this is like when I looked up non-stick pans at William Sonoma and then I started getting ads for non-stick pans on YouTube like the next minute.

Dan Titmuss: And if you asked people maybe like five years ago about privacy and how it works, I don’t think people would be as aware as they are right now.

Alison Goldberg:: Right.

Dan Titmuss: And the ways that people misuse it.

Alison Goldberg:: Absolutely.

Dan Titmuss: So there’s been more regulations that come in. Do you wanna talk about those?

Alison Goldberg:: Yes. It’s a bit of alphabet soup over here in privacy land. So the first big one, which I think is still really the gold standard, is GDPR or the General Data Protection Regulation. But GDPR is the European Union’s privacy regulation. And it was came into effect around 2018, I wanna say. And that’s really, I think, what a lot of regulation around privacy is going to be based on moving forward. It’s definitely the most strict of what is in place right now. And the big one in America so far is the CCPA or the California Consumer Privacy Act. And what’s interesting about both of those, what they have in common, is that the location of the user is how they determine jurisdiction. So it’s not about whether or not your organization is in California or based in California. It’s whether a user using your website is in California.

Dan Titmuss: Gotcha.

Alison Goldberg:: The other big difference is GDPR requires an explicit opt-in to being tracked. And if you don’t opt in, you’re not tracked. Whereas CCPA and most American regulations so far allow you to be still be tracked without an explicit opt-in. But if I, as a user, reach out to have my data deleted under CCPA, the organization is required to do that.

Dan Titmuss: Gotcha. And it’s not just the regulations that are changing stuff, right? Like major browsers are also disabling third-party cookies by default.

Alison Goldberg:: Yeah. So browsers like Safari on Apple and Mozilla Firefox are disabling third-party cookies, and Google has announced they’ll do that on Chrome. It was supposed to be sooner. Now it’s been pushed back to 2024. And companies like Apple have also allowed users to turn off tracking on their devices, like with iOS 14 and 15, which I know we’ve heard a lot about.

Dan Titmuss: Yes. So that’s a lot of change in a short period of time, and this has a big impact on our industry and especially us as arts marketers, right?

Alison Goldberg:: Yeah. I mean, I think for us as arts marketers, I think it’s already started to impact our work. The old ways of how we collect and use data are going away and we’re still in the process of seeing those new processes emerge. So we need to really remain flexible and think about those data practices as we move forward to make sure we’re still being effective with our marketing and this new legal wrinkle as that develops.

Dan Titmuss: Yeah. And also a transparency and loyalty sort of standpoint as well, right? That perspective. 80% of customers are more loyal to brands that deliver a more positive data-gathering experience. So it’s kind of a win-win. We’re not just doing it ’cause of the regulations, it’s like we should morally do it and it’s gonna make us better arts marketers because it’s kind of more familiar with that opt-in, raising your hand, permission marketing sort of approach.

Alison Goldberg:: Yeah. We’ve always talked about that. We really only wanna be talking to the people who want to hear from us. And so this is sort of just, I would say, that to the nth degree in a way. And really taking it up a notch and really getting that permission from people. You know, it’s our responsibility, [as] we were saying, our moral responsibility and soon our legal imperative to treat that data with care, keep it private, and to maintain the trust that users have in us. And thinking of it as Alison, the consumer, I love all these new privacy laws and all these things in effect. That’s really important to me.

Dan Titmuss: Same.

Alison Goldberg:: And yeah, it’s sort of a bummer to Alison, the arts marketer, but you know, this is just what we have to contend with and if we as consumers want it, our consumers want it.

Dan Titmuss: Yeah, exactly. So what have we done at CI to stay on top of these data privacy changes?

Alison Goldberg:: So we have a privacy committee so we can stay at the forefront of these discussions. I lead that committee. And we monitor the latest news around data privacy, we investigate new tools that will hopefully be able to help our clients—things like Google’s enhanced conversions—and we brainstorm content that will help shepherd arts organizations through this work. And we’re just constantly sort of seeing what else we can bring to people.

Dan Titmuss: Yeah, there are also some steps that you can take right now, like switching to Google Analytics 4, that CI can help with. What’s the reason behind that? Why are we talking about GA4?

Alison Goldberg:: So GA4 is not based on cookies in the way that the current GA is. So as this cookieless world emerges for us, we’re gonna see more gaps in the observable data that we’re collecting. So GA4 uses modeling and machine learning to help fill in some of those gaps and then hopefully paint a more comprehensive picture of our website performance and our campaign performance.

Dan Titmuss: Gotcha. We have a lot of resources on our blog, So if anyone wants to learn more about first-party data strategies and the importance of privacy-focused measurement that’s a really good place to start as well.

Alison Goldberg:: Definitely. And we’ll keep adding more resources there for sure.

Dan Titmuss: Absolutely. What’s something that you’ve learned in this privacy work with CI?

Alison Goldberg:: The biggest thing I think is that it is simultaneously no one’s job and everyone’s job. So for us, the privacy committee, we’re composed of consultants across our various specialties and we have members of business development and operations teams all talking together, and data privacy truly touches everyone’s job. But because it’s so new and so quickly evolving, it hasn’t really made its way into anyone’s job description yet. And I’m willing to bet that’s true for many of our listeners too.

Dan Titmuss: Yeah. I think when talking about data privacy, we’re talking about our organization’s customers’ data, right? They’ve entrusted us with it when buying a ticket or following organizations on Facebook, right? So it’s our responsibility, both morally and legally, to treat data with care and keep it private and maintain that trust in us which is, you know, those stakes belong to everyone at the organization.

Alison Goldberg:: Absolutely.

Dan Titmuss: This has been super helpful and I feel really ready to like dive into the rest of our data privacy conversation. Let’s just go over a couple of definitions that we talked about and just recap those. So PII or personally identifiable information.

Alison Goldberg:: Yeah. So that’s things like your email address. It can be your name, your phone number. In some cases IP addresses are considered PII. Part of the difficulty with that is there’s not a universally accepted definition of what is or is not PII.

Dan Titmuss: That’s a fun challenge.

Alison Goldberg:: Yeah.

Dan Titmuss: And then first and third-party data.

Alison Goldberg:: So that third-party data is collected by companies without that direct interaction with the user. And first-party data is data that we earn the right to collect directly from our audience on our own website.

Dan Titmuss: Awesome. I feel like before we started in this Digital Download, I was drowning in the alphabet soup that you mentioned of all the different acronyms, and now I feel like I’m sipping the alphabet soup, or sitting in a nice hot tub of it. It feels like a friendly force rather than a scary one. So thank you so much for being here.

Alison Goldberg:: Thank you, Dan.

Dan Titmuss: So now we’re joined by Jodi Daniels, a data privacy expert and founder of Red Clover Advisors. She’s also the co-author of the book “Data Reimagined: Building Trust One Byte at a Time.” B-Y-T-E is how byte is spelled. Jodi, welcome to CI to Eye!

Jodi Daniels: Well, hi! I’m so glad to be here. Thanks for having me.

Dan Titmuss: Thank you for being here. We know the world of data privacy has gotten very, very complex and you have been at the forefront of a lot of it, right? Helping companies evolve their data practices to keep up with these changes. Can you tell us a bit about your background and how you became involved in the world of data privacy?

Jodi Daniels: Yes, because I didn’t start this way. I started as an accountant at Deloitte doing financial statement audits, and I decided that was boring. And then I did some finance and strategy work at Home Depot. And then from there I did some strategy work and got into marketing at Cox Enterprises and, which is one of their subsidiaries.
There is where I did… I stalked you for cars, basically. I created a behaviorally targeted ad network before Facebook did. And that’s how I got into privacy. Because at the time, the industry was trying to figure out how can we self-regulate and prevent government legislation on the use of data. For anyone who’s been in the industry for a while, you might know it was called AdChoices with kind of the little blue icon that was around. And that was my entry into privacy.
And so from there, I built a privacy program full-time at what then was Cox Automotive. And then from there, I moved to Bank of America. I was their digital privacy lead until I opened my company five and a half years ago. And we’re really all about trying to help small to mid-size companies figure out this whole era of data privacy, and all the different fun alphabet soup of privacy laws that I know we’re gonna dive into

Dan Titmuss: Absolutely. So many acronyms on this episode.

Jodi Daniels: Lots of acronyms. You could just take some letters, put ’em together. It might be a lot.

Dan Titmuss: Yeah. I feel like if we actually spelled out all the acronyms throughout this episode, it would be twice the length. And you focus mostly on the strategy rather than legal counsel, right?

Jodi Daniels: Well, that’s a good point. We are not a law firm and I personally am not an attorney. You heard my kind of story of all business experience across different disciplines. We do have an attorney on staff, but we really are a consulting firm. What we’re helping with is the strategy or the understanding of what a law is and what a company’s obligations are, and then helping the company with all the tactical obligations. And that’s where we sit.

Dan Titmuss: Gotcha. Awesome. And you also have a background in the arts and music, if I’m not mistaken?

Jodi Daniels: Well, I love the arts and I love music. So my big passion as a kid was singing. And I thought about our podcast this morning because when my daughter, who loves musical theater, got out of the car and we were singing the Broadway tunes, I just kept singing the Broadway tunes on my long drive home, and—yes. Loved musical theater, used to compete and sing and do all that good stuff. And now I just sing in my car.

Dan Titmuss: Yeah. I sing. I sung as a kid. And then, yeah, mostly in my car where people can’t hear me sing nowadays. Yeah. And what’s your favorite musical?

Jodi Daniels: Oh, there’s a lot. That’s a hard choice. Hard to pick. You know, right now actually, especially from the songs, I absolutely love Dear Evan Hansen, and then I love Wicked. You can’t go wrong with those two.

Dan Titmuss: You can’t go wrong. Classic. Alright, back to privacy.

Jodi Daniels: Back to privacy!

Dan Titmuss: We’ve talked about musicals for too long. But you’ve often said that privacy is more than just compliance, right? It’s more than “we have to do this, so we will.” There is a deeper side to that, which is kind of about data as a human right. Can you speak more about that perspective?

Jodi Daniels: Well, if you think about the worlds that we’re in, it’s all about collecting data and we’re collecting data everywhere. How many tickets did I sell? Which email was opened? And when someone is engaging with an organization they are in, they’re trusting that the organization’s going to fulfill a want or a need for a product or a service. And they’re also trusting it with the data. And we have data everywhere.
So when I entrust that I’m giving you my name, my email, my credit card number, maybe a birthdate, maybe my family members, maybe my passions, whatever it is, I trust that you’re gonna do the right thing. I trust you’re gonna tell me what you’re doing with that. And when people don’t like what happens, then I’m going to complain. And then I feel like, no, no, no, I, I gave you that data for you to use in this particular context. Not for you to do anything that you wanted with it. And so it’s my data and I wanna control that.
The idea of it being “I can give all this data to a company and it’s the company’s data”… it’s a very US-centric approach from a capitalistic mindset. But globally, privacy is really about—it’s the individual’s data, it’s the individual’s right. Because it’s my data, my information. I should get to control that. And that philosophy is transcending around the globe in other privacy laws. And it’s kinda slowly tricking in here in the United States because data’s everywhere. Is it okay that this camera was collecting my info? Is it okay that the TV during the Super Bowl figured out—did I switch channels, or how long did I do things, or that I sat with my phone and the TV on and someone knows that. Is that okay? Some people think it’s okay and some people don’t like it. And that is why I believe it’s all about giving individuals the rights to be able to decide what’s gonna happen.

Dan Titmuss: Jodi, how has data privacy evolved over the last few years? Can you give us a brief sort of timeline?

Jodi Daniels: Sure. Well, GDPR, which is the General Data Protection Regulation, was kind of the big one that came out of the EU and it became effective in May 2018. And it really swept the globe where a variety of kind of copycat laws have popped up. But here in the United States, privacy really has taken a very fast forward approach. It was California who led the way as the first state, and that became effective in 2020. It kind of got an update that became effective in January of 2023, and then it was followed by Virginia. And soon this year we’re going to have five states. At the end of the year, we’re gonna have California, Virginia, Colorado, Connecticut, and Utah all effective at the end of this year.
Now, the one thing I’d like to add though, is that for many of the—you kind of have to understand like which law and scope, because not all laws are created equal. So just take some time and sort of evaluate your organization, where you are, and understand what your obligations might be.

Dan Titmuss: And it’s not just laws that are changing, right? It’s also from the private sector as well… browsers like Firefox and Safari, and Apple making privacy a sort of core part of its business, and security a core part of its business.

Jodi Daniels: Absolutely. Big tech is following regulation and organizations have to deal with both of those, right? We’re seeing the demise of third-party cookies and we’re seeing organizations like Apple really promote privacy. And what that has done is it’s raised awareness of data privacy, and how companies are collecting data to the average person who might not have been as familiar.
There’s like a love-hate relationship when it comes to Apple. Whether you like it or don’t, what Apple has done really successfully is put privacy as a talking point in their brand. And some people might say, I’m okay hanging out in the Apple universe and Apple can have all my data ’cause I trust it’s all within Apple and I can control it. Other people, you know, don’t like that and they hang out in the non-Apple camp or they, you know, want to even turn everything off. But what Apple has done is really put privacy as a discussion point. They’ve made people realize, hold on, your data is everywhere. And is that okay with you?

Dan Titmuss:
I think the fact that Apple and other private companies are putting this first kind of shows that it’s not just legal or ethical, it’s actually good business, as well, to be doing this.

Jodi Daniels: It’s definitely good business. It’s really all about making sure that you have a solid reputation, that you’re delivering on your mission, and whatever your service offerings are, you know, you’re best in class. This has a massive PR and brand reputation piece with it. If you take privacy seriously, that’s going to yield gazillion times fold for you in a favorable way. If you don’t, if you have a security breach, if you are kind of sloppy in how you handle data, you’re gonna lose a lot of people’s trust. Or maybe I might not even engage with you in the first place.

Dan Titmuss: Yeah. And some of my favorite stats about that: 52% of all US adults have decided not to use a product because of privacy concerns. And the other one was 80% of customers are more loyal to brands that deliver positive data-gathering experiences.

Jodi Daniels: Those are really powerful statistics. Think about that. One in two, essentially, people are deciding not to engage over privacy and security. You might have convinced them this is gonna be wonderful. And then they said, Hmm, I don’t actually trust you with my data. I’m not going to engage. Imagine all of those hard-earned marketing dollars, and half of them are just thrown away because of privacy. And that’s a significant opportunity to be able to shore up, make sure that your individuals are comfortable with data, and be able to have a much higher engagement factor for yours.

Dan Titmuss: And we’ve seen some pretty heartening data from the research team at IMPACTS Experience that shows that we already have—as arts organizations, we already have some goodwill, right? That we are more trusted today than we were before the pandemic. So there’s already a sense of trust baked in there. And it’s possible that arts marketers are actually more ahead of the game than they think.

Jodi Daniels: Well, absolutely. You know, we all need more good in the world and we need all the amazing work that arts organizations are doing. And what we don’t want is for a privacy lapse to hinder or interfere with all that great work. And at the same time, there’s a lot of competition, right? People have a finite amount of dollars and time, and they’re choosing where to spend that. We wanna be able to make sure that when they’re choosing to spend it with you, that they feel comfortable with how their data is being used.
And you wanna be able to collect more data to be able to target more effectively, to make sure that you’re able to give great content and great services, you’re gonna get accurate information. Because the worst thing that can happen is, I answer a question, but I don’t actually trust you, so I make up the answer. You now make marketing decisions based on the wrong information. That’s a waste of time that doesn’t help move the mission or anything else forward.

Dan Titmuss: Exactly. What do you think some of the biggest myths are surrounding data privacy work?

Jodi Daniels: Ha! So many myths. I think the very first one is that if I complied with GDPR, I’m all set in the United States, and that all laws are created equal. And they’re not unfortunately created equal. So it’s important to know where your base is, and understand which laws actually apply to you and what you’re going to do. So that first myth is that they’re all created equal because the requirements underneath them are really, really different.
And the other myth I might offer is that all privacy notices are the same, or cookie banners are the same, and I can just go to someone else who looks like they know what they’re doing and grab that and put it on my site. And the reason you don’t wanna do that is because, one, they might have no clue what they’re doing, they just might have made it look really good. And two, if they did know what they’re doing, that’s on their site, not on yours. What you are doing is unique to you, and you really wanna make sure that you’re complying with the right laws and are saying the right things.

Dan Titmuss: Yeah. It almost feels like a lot of the things that you’re talking about—it’s not about just looking good and doing the right thing externally. It really is about thinking deeper and doing the right thing for your organization and like what your purposes of that data are.

Jodi Daniels: It is, it’s about having values. You know, if you think about marketing, you could go out with the tactics, but you typically have a strategy. It’s, “I’m going to send an email.” Okay. So what’s the content that’s going to be relevant for that audience? What is it that I want to make sure that we’re conveying to them? Well, that’s all part of the strategy. Those are part of the values that you’ve decided.
Privacy’s really similar. What are the privacy values? What kind of data am I going to collect and how will I use it? Will I share that information that you gave me, the email list, with other organizations in my area? I know for a fact that happens here in Atlanta where organization A gets the email, they share it out, and then I have to opt out of all those other organizations. Well, their value is that’s okay to do. Someone else’s value might say, “No, I’m not going to do that.”

Dan Titmuss: “I’m not okay with this.” Yeah. One of the things you sort of alluded to here is that trust and transparency are a real building block for a proper data strategy. Why is it so important to establish trust with consumers?

Jodi Daniels: Well, I kinda started this earlier. What does every organization want that we just talked about? You want more data. To be able to figure out, okay, so who exactly is Jodi, who exactly is this donor or what needs do they have for me to be able to fulfill? You want more from everyone that’s in your database, and the only way you’re gonna get accurate information—and that’s really important, accurate information helps you make better decisions. It’s not about any information. You need me to trust how you’re going to use that data for me to actually give you accurate information for you to be able to make business decisions on.
And the trust piece comes in because people don’t like to be confused. They don’t like to be surprised when, you know, it’s not delicious chocolates that land in my inbox. They wanna be surprised with good things, but not with something that was unexpected. And when an organization uses data that they didn’t anticipate to happen, now they’re kind of mad. Maybe they don’t trust you, how you’re gonna spend their money. Maybe they don’t trust how you’re functioning as an organization.
So the trust piece goes even beyond just the data I gave you, but it’s going to go to your entire organization. And you all are working tirelessly to have amazing organizations and solve really great, important causes. We don’t want how data is being handled to interfere with that.

Dan Titmuss: Yeah. I remember the sort of like anger and frustration and helplessness that I and a lot of people felt when one of the big credit checkers—like the credit organizations–had a massive breach. And it’s just like, that’s out there now. And that makes me think about other similar organizations and like, how are you using it? Then every time I got an email about credit after that I instantly had my guards up.

Jodi Daniels: Yeah. A lot of people felt that way about that particular organization. Yeah.

Dan Titmuss: So most our listeners work in non-profit arts organizations with a lot of limited time and resources. And often these aren’t massive companies. How would you say they can justify the investment needed for this data privacy work?

Jodi Daniels: Well, the first piece is, you know, it goes back to the trust part. We’re looking to people to trust that they’re going to get a good feeling when they make a donation with you. That the money is gonna go in the right place and that maybe you’re providing, you know, music and art. They’re gonna have a great experience when they’re there and want to keep returning. They’re gonna get great education. And so if I have to give you my data, I wanna make sure that you’re gonna treat it properly.
And so the challenge that, you know, arts marketers have is people are used to working with bigger companies who are required to treat it in a particular way. And they don’t really change their expectation when they give it to a nonprofit. It doesn’t change. Just because you’re a nonprofit, you know, if you think about…
The best analogy I always have is when you go to a solo practice in the healthcare space, you have the same expectation of the solo doctor to treat your health data as you do when you go to a major hospital. You don’t say, “You know what, doctor? That’s okay. You can put everything on social media. There’s no problem. You don’t have to have it secure. We don’t need good passwords. You know, you can have all my files open for all the other patients to see.” They still have to have the same standard.
And that’s what people expect when they’re going to make a donation. They’re going to sign up for something, they’re going to give their data. The investment is because that’s what customers expect. There’s more than 80% of people who believe that organizations should have greater obligations from a regulatory standpoint. And the more that you show them you’re transparent—here’s our privacy notice, here’s our practices—the more you actually show them that you’re operating like a sophisticated business, the more they’re going to donate, the more they’re going to share. And then your end goal actually wins. And privacy is a part of that.
I mean, if you think about if I was to go to your website and it still looks from the 1990s, how likely am I to think, “Well these people are really on top of it. They know what they’re doing.” I’m gonna think, what on earth are they doing? Why aren’t they investing in their website? That’s the brochure. That’s the storefront today. That’s what everyone has. I need to be able to do everything digitally. I might pass you and I’m gonna go to the next organization that’s over here. And so that same thing is going to happen from a privacy perspective. If I’m accustomed to that professionalism over in a different company, I’m going to bring it over here because the end individual doesn’t know it’s required or not required or too big or too small. They don’t know any of that. They’re just bringing their expectations here and want a good, favorable experience.

Dan Titmuss: Yeah. I was watching a talk you did, and you mentioned the privacy program sundae and the ingredients that constitute a strong data strategy. And I really love that image. Mostly ’cause it’s almost lunchtime here. But could you explain that?

Jodi Daniels: Absolutely. And who’s not to love an ice cream sundae? If you think about an ice cream sundae, you have to have a base, and then you’re gonna have all these different toppings. If you think about a privacy program, for us, the base is really understanding the laws that are in scope for you, but really your data and what data do you have, down to the survey form, to the CRM tool, to the email tool, to your event webinars and everything in between. It’s understanding all the data that you have. Then you need some notices. Those could be external, and depending on the size of your organization, you can have employees as well. They need some internal policies and security measures. Everyone here has probably seen a cookie banner before. That’s kind of another layer that’s on top. We’ve talked about rights, the ability for people to make choices. Well that’s another layer, is to be able to do that well. We wanna protect the data from a security standpoint. That’s yet another layer. We’re on to our whipped cream. And how you kind of communicate your privacy values and your strategies is a little bit like the cherry on top. What are you doing to go above and beyond to make sure that Jodi, when I give the information to you, feels good. I feel comfortable of how you’re going to use that data. And that was baked into all the different layers that we just talked about.
If you just kinda look at everything you have to do, you wouldn’t just—it would not be a very good ice cream sundae if you like, threw it all in a bowl and I guess, you know, hoped it tasted good.
And you wouldn’t put the same amount at the same time. Right? No. Like that would be a lot of cherries and a lot of whipped cream, or maybe a little bit of ice cream to the proportion of cherries. That wouldn’t taste very good.
The same is true in a privacy program. Some things are gonna take a little bit longer. Some things should come at certain parts during the process. There’s a reason it’s a cherry on top, not a cherry on the bottom. And it’s about trying to do things in a methodical way that makes sense in building a program. And starting with the data is one of the most important parts.
I hope everyone goes and gets an ice cream sundae now.

Dan Titmuss: I definitely will! So we’ve established that data privacy work is worth the time and investment, and we understand the pillars of a strong strategy. What are one to two steps arts marketers can take right now to get started in their own organizations?

Jodi Daniels: The first is going to be that data inventory. We have a great Excel spreadsheet you can go and grab, but you can take any Excel spreadsheet, blank piece of paper, sticky note, whiteboard, pick your flavor and—ooh, see? That was fun. Pick your flavor, the ice cream sundae…

Dan Titmuss: There you go. It’s all coming together.

Jodi Daniels: Look at me. So in all seriousness though, think about all the different places data is. Think your software tools, your shared drives, your laptops, your databases. Think about all those different tools and understand what you have and then understand how you’re using the data.
We don’t only wanna go from a system approach because that just tells you the data in the tool. It doesn’t actually tell you how you’re collecting and using. From a security standpoint, we wanna protect it. You need to know what data you have and where. From a privacy standpoint, we need to know how you got it and what you’re doing with it. So you wanna be able to come from both sides.
Because the second step is to make sure that you have an updated—and to me updated is in the last year, so within a 12 month window—privacy notice that actually reflects your business, not somebody else’s. And that makes sense to what you’re actually doing as well. Privacy notices are supposed to be a document that say what you do and then you actually have to do what you say. Both of those are really, really important because that is the external piece that everyone’s going to see. I’m going to come to your site and if I care about privacy, what am I gonna look at? Your privacy notice.

Dan Titmuss: Exactly. So who owns this sort of concept, right? Who does it fall on? Does it belong to the marketing teams? Does it belong to leadership?

Jodi Daniels: Well, in the spirit of analogies, and for my love of music, I liken this to an orchestra. If you think of all the different instruments in an orchestra, those are representative of all the different functions in an organization because privacy doesn’t just fit in one. And it shouldn’t, because it really impacts marketing and finance and HR and IT and analytics and so many other facets. And then you need a conductor. Right? An orchestra’s not gonna play beautiful music all on its own. It needs a conductor to be able to help keep it on count and to create something beautiful. Well you need the same, you need an executive leader. And that really can depend on the organization. Sometimes it’s a marketing leader who might own the website, other times it’s some C-level type executive who is responsible for legal and compliance-type issues. And so they tend to own privacy. But think about that leader as that conductor. And all the different parts of the organization, which is that cross-functional unit, should be able to create a cohesive privacy program.

Dan Titmuss: Yeah. So what are some common hurdles you’ve noticed in your work with clients? What kind of roadblocks should any organization prepare for when they’re sort of doing a privacy audit or overhauling how they approach this world?

Jodi Daniels: Well, once you have someone who’s going to actually own it and pay attention, which is hurdle number one, it really is often the lonely stepchild. Someone needs to own it.
Number two is actually understanding where all the data is. And a lot of times that’s the big challenge because you realize, “Oh wait, I don’t know where all the data is.” And you start to identify—this is actually where there’s a really big value. You start to identify, “Oh wow, we have like five CRM systems that we’re paying for. We probably don’t need five of those.” That was a true story. You might find some cost savings that come out of that exercise. And the data inventory timing and just getting the right resources to be able to do it is an important piece. And then sometimes when you kind of have your ahas, I need to change things, it’s getting the right people to be able to actually effectuate change and make that happen.
And the final piece is realizing once you know your data and you have the updated privacy notices, you gotta keep ’em going. This is an ongoing activity. You have to think about your new digital advertising campaign that you’re running. You have to think about which data you’re going to use and are you going to share that anywhere? You have to understand which vendors you have…. It kind of keeps on going.

Dan Titmuss: It’s not something that you can just tick off and be done with, right?

Jodi Daniels: It’s not.

Dan Titmuss: This is part of the work now.

Jodi Daniels: And I think that actually, if I could go back to your question on myths. One of the common myths is that I did it all and I’m done. I can check the box and I can move on. And that project—phew! We’re done with that. On to the next. And this is really… There might be a project to get to a baseline, and then this is no different than HR, Finance, IT, your core operations. This is just one more piece. Privacy is here to stay.

Dan Titmuss: Yeah. We always like to wrap up the conversation with a CI to Eye moment. This is something we ask all of our guests on the podcasts. If you could broadcast one message to the executive directors, leadership teams, staff, and boards of thousands of arts organizations, what would it be?

Jodi Daniels: It would be to realize that each individual who is engaging with your organization is trusting you, and their data is equally deserving as their dollar.

Dan Titmuss: That’s such a great point. I think data privacy can sound so technical and intimidating, but a lot of what we discussed here sounds like permission marketing, a concept that arts marketers are already familiar with. And taking that a step further and being intentional about the way we collect data and use data is really the next step when it comes to this approach.

Jodi Daniels: Well, the laws are complex. And there’s some laws that affect some organizations listening, and there’s some laws that technically nonprofits are exempt from. And you have that decision to decide, well, do I comply or not comply? But even above and beyond that, it’s what does the customer expect? Because it could technically be allowed. The question I think marketers should say is “should I.” Not just can I, but should I?
Because at the end of the day, we’re trying to create a long-term lasting relationship with people engaging with our organization. They’re buying tickets, they’re donating money, they’re engaging from all different generations. And when you start to break anything down… That’s why I like the ice cream sundae so much, is we break it into different parts and you can’t do all of it at the same time. Just like you didn’t build an organization at the same time. Or if you have a brand new initiative, you’re gonna have to break it into parts and figure out, how can you get that off the ground? The same is true with privacy.
What has happened is privacy has sort of been that thing, that compliance obligation, or it’s just this cookie banner approach. And as you talked about, we have big tech kind of forcing it down a little bit and the changes that are happening and marketers have to adjust to make their marketing successful, and privacy is a significant part to that. Because we kind of got to this place due to companies not doing the right thing. And if we want to play the game, we’re going to have to be smart with our data. And if we want to play the game and keep the people that we have and continue to build with them, then we’re gonna have to put privacy first.

Dan Titmuss: Yeah. Jodi, if we wanna learn more about data privacy, where can we find you?

Jodi Daniels: We have our book that you can grab there, a podcast, tons of articles, lots of information. We like to try and make this simple because it is complex. So I would love to see you over there, grab some content, and then you can always find me personally on LinkedIn.

Dan Titmuss: Amazing. Thank you so much for being here and helping us tackle this topic. I really appreciate it.

Jodi Daniels: My pleasure. Thank you for having me.

Dan Titmuss: Rob Macpherson, welcome to CI to Eye!

Rob Macpherson: Hello Dan. How are you?

Dan Titmuss: I’m very well, thank you. We’re excited to chat to you about your experiences in the UK art scene, and not just ’cause I’m from the UK and every time I speak to someone from the UK I get excited. But because in many ways you are lightyears ahead of where the US is with data privacy work.

Rob Macpherson: Yeah, yeah, absolutely. Well, we perhaps had a bit of a preview what might be waiting for you guys.

Dan Titmuss: Absolutely. Yeah. And we’re gonna talk about GDPR and how it’s kind of like the blueprint for I think a lot of regulations that are gonna be coming up over the next few years, especially in America.

Rob Macpherson: Yeah.

Dan Titmuss: So you’re currently the managing director of Creating Impakt, which is a marketing and brand consultancy for cultural organizations. And you have over three decades of experience in arts administration. So tell us a bit about your background and how you got involved in this world.

Rob Macpherson: Yeah, of course. Absolutely. Well, happy to be here and great to talk about this stuff. It’s important. But me, I studied music at Bristol University and I discovered a moment ago that we were at the same university.

Dan Titmuss: Yes.

Rob Macpherson: Yeah. Maybe a decade before you. And so I’d always been in the arts, I’d always done that as a kid. And then I trained briefly with an accountancy firm. Hated that. Moved into marketing, started working with orchestras, always in the marketing teams. So box office and publications and all that marketing/comms side. Worked for art centers, and then most recently a major theater in Birmingham in the UK here. And that’s sort of centrally positioned here in the UK but I’ve also always been working in marketing, comms, branding, fundraising, PR, sales, box office, that kind of thing. Often with quite big teams.

Dan Titmuss: And the Birmingham Hippodrome, that’s a huge organization, right? 600,000 tickets per year.

Rob Macpherson: Yeah. It’s a large operation there. It’s 2000 seats or thereabout. It has a 200-seat studio space as well, and does about just over 400 performances in that space. In a good year, when you’ve got things like Lion King and Phantom and War Horse and stuff like that, with kind of 60, 70, 80 pound top prices, you can be doing turnover of 25 to 30 million. It’s a very successful place, regularly achieving over 85% filled capacity. So it does everything. It does the whole gamut of genres: ballet and opera, drama, dance, musicals, family shows, and of course pantomime, which is just a major part of UK theater programming.

Dan Titmuss: Okay, so we’re both from the UK, right? How would you describe pantomime to someone who’s never heard of pantomime before?

Rob Macpherson: It’s just the biggest banking blockbuster you could ever wish for. It’s basically 125,000 people come through the doors in six weeks, seven weeks, in the depths of winter. And they have a hell of a lot of fun. So it’s from four year olds to no upward limit. And it’s just families having fun on lots of different levels. So there’s lots of lewd adult humor, which goes over the kids’ heads, and there’s lots of silliness and clowning and it’s all based on, you know, fairy tales and everything’s alright the end. And there’s a baddy and it’s lots of participation.

Dan Titmuss: Lots of participation. Yeah, which I can imagine an American sitting in the—or anyone who’s not heard of panto sitting in the audience and the first time the baddy comes on everyone boos and hisses.

Rob Macpherson: Yeah. I mean, if, Americans are familiar with Rocky Horror, it’s a bit like that. There’s just tons of stuff that everybody knows, loads of references everybody knows, and then they really take the mickey out of the local populace, which is always great fun. And the Hippodrome is one of the biggest in the UK. Ergo one of the biggest in the world, we used to say. So you know, you don’t get bigger really.
And it’s a fantastic place. It’s fabulous. And then there’s also… The board decided, I don’t know, 10 or 15 years ago, to invest more in things like outdoor performances, lots of free festivals, massive community investments, you know, tens of thousands if not more people coming into connection through that route.
It’s a charitable trust, but it’s not subsidized. So we used to talk about, I mean, the data thing is so important because we had to make money, you know, we had to make as much, our whole idea was just fill every seat, sell it out. Because what you can do with that surplus then, and reinvest it into your projects, was incredibly important. And we used to, we used to tie that money in with other investment through fundraising.
But most of the time we had an attitude which we sort of summed up in the line commercial head, charitable heart. So it was like we had to sell. We had that charitable emphasis on how, how we would then deploy, you know, the winds. yeah. So it was as, it was as important to, you know, sell out, sell out at the bar and sell out in the popular shows, make sure that Christmas was absolutely heaving. Build that database. It was a really great, great machine. It was great.

Dan Titmuss: Yeah. you were at the Hippodrome when the EU GDPR as a general data protection regulation came into effect. What was that moment like as a data literate organization? Yeah.

Rob Macpherson: Well, we, we understood data and we took it very, very seriously. I mean, our database, you know, was absolutely vast. Tessitura was the system and it was holding, you know maybe a million plus records. huge numbers of first timers, you know, so big comedy shows you might get 60, 70% first time bookers and they just don’t come back because all the all they’re coming for the show. Yeah. They’re coming for the star. It doesn’t really matter. They don’t have a relationship with the venue. But alternatively, you also have a few, you have quite a lot of people, several tens of thousands who might be coming, you know, once a month, you know, coming to six or seven different genres. So there’s lots of different layers of data we were having to deal with. there was a data protection act, and I think the GDPR was just a kind of, you know, the icing on the top of the Data Protection Act.
I think technically it was just a kind of pulling together of all these standards. yeah. So we were already compliant. We were already acting in wholly lawful ways. We didn’t, we didn’t have to change dramatically what we were about, but we had to, I suppose clarify, but it was, GDPR crept up upon people, I don’t know, a year or two out, maybe two years out. and this is the thing, it had a deadline. It, it is nothing like a deadline, you know, it’s like, yeah. You know, curtain up. You, you, you can’t miss the deadline. So I think it was a, I do know it was the 25th of May, 2018. I’ve got a tattoo of it somewhere. No, it’s just like one of those things you just think 25th of May, we’ve got the clock is ticking every time, every delay, every, you know, we have to, we have to be ready for this.
We can’t delay. So it’s understanding the language, it’s understanding, you know, really embedding yourself in what’s, what the expectations are. Yeah. So GDPR is full of quite, quite dense jargon. Yeah, yeah. Controllers and processes and data subjects and, you know, consent and legitimate interest and, you know, fulfillment of contract. It’s like, this stuff is like very hard to get your head round when you’re, you’re selling next week’s show. You know, it’s just like, I’ve got, got things done and, and now I have to understand all this stuff as well and really focus on it. I, I just made it my business to, you know, start following those blogs, start following reliable social media experts, really get under the skin of it and not just rely in the arts world alone. I, I broadened out into charity world. I got trustees to advise me when they were holding things in their own businesses. Cause it applied to absolutely everybody. and there was lots of scam mongering and there’s lots of confusion and, and, and concern. It was, it was great. You saw more and more of it on the conference agendas. Are you ready? You know, GDPR compliance Yeah. All this kinda stuff. People just getting very concerned questions asked at board meetings, that kind of thing.

Dan Titmuss: Yeah. In terms of like the, the board meetings and like such a large organization. Yeah. all this data privacy work, was it like generally supported? Like were people on board with it?

Rob Macpherson: Yeah, I, I would say that in the senior team, it was, it was treated very seriously in the board. They took it seriously from day one. There was no lack of interest or anything like that. Nobody had to be persuaded at that level. But it, but yes, it’s a large organization. It’s, it’s nearly 130 full-time equivalent staff and lots of partnerships and connections and, you know, lots of complicated overlapping departments split over a large building.
We were on Tessitura which is great because Tessitura, you know, is, is noted for pulling all those teams together in a single source of, of information health, health centrally. and we had fantastic tech it in-house, you know, sort of server capacity and all that kind of stuff. So we were really lucky. I mean, a lot of people didn’t have that. And we, we were very good at it. So yeah, the, the boards were great and they said, you know, create a budget. We had a budget line, you know, created like a year or two out, and we had some money set aside, so nobody was feeling like, how am I gonna afford this, you know, et cetera, et cetera. And there was a training budget established and, you know, we took it that seriously.

Dan Titmuss: And how did, how did like the team in general, like across the whole organization, react to it? Because one of the things we really, we were chatting about before is it data touches everything. Yeah. Like no matter, like your fundraising, your marketing, your box office, your bar, like all of that has data associated. Yeah.

Rob Macpherson: Completely. Right? I mean, there’s so many different touchpoints so people can get connected. I think there was sort of, it was a little bit like there were two camps in the staff. one w one was a sort of the, the growing panic camp sort of thinking what are we doing here? What’s my responsibility? When will I be informed? What’s changing? And then the other one was the kind of little head in the sand, blithely unaware, please don’t bother me. I’m really busy. It’s not my responsibility. So somehow you had to kind of like placate one and say, there is a system, there is a plan, you will be informed. And the other one’s saying, wake up guys, it’s coming away. Yeah. Be ready. Don’t, don’t hide away from this thing. So yeah, that’s, that’s what you had to, that’s, that was the stumbling block and you had to get over that.

Dan Titmuss: Yeah. We’ve talked a little bit about like it being everyone’s responsibility and no one person’s responsibility, especially with stuff like data, because as you said, like it, it has its tentacles in every single team, right? So like your, your fundraising team and your education team, like all of them. Interactive data on a day-to-day basis. So that’s like a huge challenge is making sure everyone realizes that all of these things are connected.

Rob Macpherson: Yeah. And that’s exactly right. But they had to, they had to, as teams, you know, work out what data they were collecting, what was the justification for that, how is it being stored? Was it secure? How long would you hold it for? How would it be disposed of securely, whether it’s gonna be archived or suppressed, that kind of thing. How would you know what you’ve done and how would you follow that, that process and that course so that, that all needed to be written down.

Dan Titmuss: And like things that you don’t even think about data. Like many people don’t know what counts as data stuff, like people’s dietary restrictions for fundraising galas, and…

Rob Macpherson: Yeah. Well this was, this is the kind of thing when you start asking teams to consider what data they’ve got, and especially with things like, like fundraising, corporate memberships, catering, education workshops, summer schools, you are entering into more sensitive areas because there are, there are categories of data and some of them are, are more sensitive. So if you’re dealing with under sixteens data or you’re dealing with religious data or medical data or, or, or financial stuff, it’s, it’s a hell of a lot more important to get all that stuff right. So you know, it’s, it, it’s, yeah. If, if you’re gonna be, so you have example you gave, I mean, if, if someone sort of said that they had a, a dietary issue and you printed off and you had a hundred people for a dinner and we, we had went through this scenario, what would happen with that?
And they’d say, well, you might print off sort of the eight copies of this document or something. And instantly you’re thinking risk, vulnerability. What happens if that’s gets, gets lost and it says, Mr. So-and-so, celiac or lactose intolerant. It’s like, you really don’t wanna be doing this. Yeah. Because it, although there’s nothing per se, massively damaging, obviously damaging about that, it just looks so shoddy and careless. Yeah. If, if they just sort of go, why is this on the table? Who needs to know this? You know, and it’s like, that’s the questions you have to ask. It’s like, what is the process here? Yeah. If there were couple boxes full of forms filled in from two summers ago under someone’s desk, you know, with sensitive information on it, you’ve just gotta clean everything out, make sure it’s under lock and key, make sure it’s processed properly. And this is just good hygiene. This is just good data hygiene.

Dan Titmuss: Yeah. Yeah.

Rob Macpherson: Yeah. And you’re just sort of going, let’s just get on top of this. So we we’re less likely, less vulnerable and less likely to make mistakes. Mm-hmm. If, if things happen, if things go wrong, ’cause things do go wrong.

Dan Titmuss: Yeah. And you had systems in place for subject access requests. People can request to, to know what data you have on them. So, you know, making sure you have a process for that before it happens is super useful.

Rob Macpherson: Yeah. It’s wholly essential. Yeah. You can’t avoid that kind of stuff. It’s as important as the, as the legalese that goes into the policy. and, and the training about which boxes to tick on the, on the system and the sort of operational function. You have to have this thing as well. You have to make sure that when, you know, I think, I think some people set themselves like a 28 day response. You have to, I think you can charge up to 10 pounds or a reasonable fee for a, for a, a thing. But also if someone says, I want a copy of all the data you have on me. And that’s really important that you’re able to get hold of that information swiftly, that you can turn around a response really securely. And also that, you know, there’s nobody in box office who’s written something a little bit embarrassing in the notes field. You know, this guy always complains or, you know,

Dan Titmuss: This guy wears funny hats.

Rob Macpherson: Yeah. Whatever. Yeah. You know, sort of like moaning again about whatever, you know, you can’t, you can’t do this. You know, you have to be incredibly tight with that kind of thing. So yeah. It comes down to training and having a process.

Dan Titmuss: One, one I’m taking from a lot of things you’re saying is like, it makes it so much easier if you do the work upfront. So you can, you have the processes later. Like imagine trying to scramble for a process when you do get one of those requests for information or what information you have on you. Like making sure you have that process in place beforehand was such a valuable thing for you.

Rob Macpherson: Absolutely right. Spot on. I think, I think if you sort of said, you know if you, if a fire alarm went off in the middle of a show, okay, it’s, it’s not, it’s not chaos. There’s a process. All the staff are trained. It could be some of your front of house might be on their first shift as four hour casuals. They could be 18 years old. They know what to do. Yeah. So if, if you can handle that as an organization and that is a matter of life or death, then you can handle most data issues as long as you have thought it through and you’ve planned for it. So this isn’t, this isn’t something that people aren’t capable of doing. They just have to be calm, work it out, take good advice, and allow themselves enough time.

Dan Titmuss: Yeah. How did you manage to not have a culture of fear? ‘Cause like a culture of fear isn’t always productive. Right? How did you avoid that at the Hippodrome?

Rob Macpherson: Yeah, you’re absolutely right. I mean, we, we kept people onsite. We, we we, we made sure that the teams spoke to each other. We gave them templates and we gave them checklists. and there was a sort of central document where we sat down every fortnight and, and looked at it collectively with the heads of department and said, this is how far different teams have made progress with what they had to do. And it was simple stuff. It was like, what, what do you hold? Why’d you hold it? What are you doing with it? How are you, how is it secure? Yeah. And it was just that kind of question process, but we said, then you have to go off and talk to your teams and come back to these updates and tell us what progress you’ve made. So we said to them, you know, there’s no silly questions.
You need to be upfront and clear. If you are, if you’re think there’s any risk or vulnerability in the way that you’re collecting or holding data, just just shout your hands up. You’re not gonna be, you know, marched out of the organization. This is important stuff. and if you get this right, you know it will, you will feel freer and you will feel more efficient, you’ll be more effective in your role. And, you know, you owe it to, to, to people just like you. You know, you want your data to be looked after in all the organizations where, where it, where it’s recorded. You need to record other people’s data securely.

Dan Titmuss: Absolutely. I love what you said about like, you’ll be, you’ll be freer once you are not worried about this. Yeah. Once there is a process, because like if you have this constant worry that all the data that you have isn’t quite compliant and you’re just sort of putting it off in a box somewhere and compartmentalizing and not thinking about it, yeah. That’s gonna affect everything. ‘Cause it’s a constant worry about it. You don’t feel the the sort of lightness to actually use that data properly to achieve your goals if you’re worrying about it.

Rob Macpherson: To, to free people from, from the, from that sort of negativity. It was very important to, to say, don’t think of this as being sort of like a you know, everything’s locked down and everything’s about privacy and, and emphasize the mistrust. I think it’s important to sort of say to people, this is absolutely about you doing your job as well as you can do it in a secure and, and confident way. And we will help you get there if we will work together and, and accept that, that positive framing.

Dan Titmuss: Yeah. You sort of made clear that like it’s also a good thing. It’s not just something you have to do.

Rob Macpherson: Yeah. Yeah. I, I think this is the thing. It’s it is, you know, you have those camps and you have those people and, and most colleagues, you know, wanna get it right. They they all, all the teams have to be involved. So it, it, it needs to be, you know, something whereby you say, this is about freedom and effectiveness and efficiency, and it’ll help you do your job better. So, so yeah, that whole point about getting people bought into the process was, was absolutely crucial. And it’s not smooth. You know, people do get bored of this stuff. They get distracted. You have a meeting, you say, let’s get together in two weeks and see where you’ve progressed it, nobody’s progressed it, you know, it’s like that kind of thing. But you have to, yeah, we, we definitely had that kind of amnesty. Ask any silly questions and there are no silly questions and we will, we will help you get there.

Dan Titmuss: You work across such a range of different organizations with your work at Creating Impakt. To end with a sort of… what we call a CI to Eye moment, if you could broadcast one message to the executive leaders, directors, teams, staff, and boards of a thousand arts organizations, what would it be?

Rob Macpherson: Can I be greedy and have two?

Dan Titmuss: Yes, you can. You can have three if you want!

Rob Macpherson: No, no. I’ll do one data-related as that’s, as that’s what we’ve been talking about. I think I think I’d say with regard to this whole issue of data security, that, you know, you have to believe that one slip in this area, I don’t wanna panic anyone, but one slip can really demolish, you know, a hard one reputation. It can ruin confidence and it can be a tough one to build back from. And when, when this has happened, you need a plan for that. You know, you gotta have a breach. So this is a long piece of advice, but take it seriously and just avoid those slips, I would say. And then, and any other advice more, more broadly is which I see across my, my work is make, make sure that the, that you strengthen the brand of your organization at every possible step.
You know, I’ve been listening to some of the CI to Eye podcasts and you, you mentioned this a lot, a lot of your, your people who go on that, they talk about this a lot, that the senior people are talking about understanding customer motivations first and foremost, and orientating everything that you do around the customer’s need, the audiences need over and above your own ambitions. If you orientate it around what customers really want and understand their motivations and what drives them, and you, and you test that and you act strategically, I think you have the, the best possible chance of success.

Dan Titmuss: Amazing. Well said. Thank you so much for alleviating our concerns here. I definitely am feeling like a lot more optimistic and hopefully our listeners have a better understanding of how this can be approached in a non-panicky, really smart way.

Rob Macpherson: Yeah, I hope so. Yeah. I hope that I, I think, you know, everyone in in the UK would be happy to talk to, to American colleagues, North American colleagues and just say, you know this is our journey. and you’ll be able to tap into a lot of knowledge. And I think if you’re on one of the, you know, specs or test here, there’s, there’s loads of people in the UK on those systems. So they can already talk to you about, you know, how, how it is. And you can easily do that research, you know, desk research and just find out how people are processing things. Have a quick flick through, through privacy statements and privacy statements these days are so much clearer. Yeah. You know, just and that’s to everyone’s benefit. You know, write a privacy statement that people can understand that isn’t, that isn’t intimidating. Yeah. That’s part of this, this is part of the clarity of your brand, looking after people’s best interests, you know, and, and, and focused on the benefit to the consumer, understanding their motivations and delivering for them. That’s what it’s all about.

Dan Titmuss: What a great point to end on there. Like it’s about, about the brand.

Rob Macpherson: This is on brand investment.

Dan Titmuss: This is good for you.

Rob Macpherson: Totally. That’s what this is.

Dan Titmuss: It’s good for you, good for the consumer. It’s not just a scary thing we need to do.

Rob Macpherson: Yeah, yeah, absolutely. I would say listen, listen carefully to the, to the demands and to the audience, and test stuff constantly, and act in the broader strategic sense, and you will be successful with this.

Dan Titmuss: Amazing. Thanks so much for joining us, Rob.

Rob Macpherson: That’s no problem. Good to talk to you. Thanks very much Dan.

Dan Titmuss: Thank you for listening to CI to Eye. This episode was edited and produced by Karen McConarty and co-written by Karen McConarty and Krisi Packer.
Stephanie Medina and Jess Berube are CI to Eye’s designers and video editors, and all four work together to create CI’s digital content.
Our music is by whoisuzo.
Follow us on Facebook, Instagram, LinkedIn, and YouTube for regular content to help you market smarter. You can also sign up for our newsletter at so you never miss an update. And if you haven’t already, please click the subscribe button wherever you get your podcasts.
Until next time, stay nerdy.

About Our Guests
Alison Goldberg
Alison Goldberg
Senior Consultant, Capacity Interactive

Alison Goldberg joined the Capacity Interactive team after working in development for non-profit organizations across theater and film, including the Shakespeare Theatre Company in Washington, DC and the Film Society of Lincoln Center.

Read more
Jodi Daniels
Jodi Daniels
Founder and CEO, Red Clover Advisors

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a privacy consultancy that helps hundreds of companies create privacy programs, achieve GDPR and US privacy law compliance, and establish a secure online data strategy their customers can count on. She is a Certified Informational Privacy Professional (CIPP/US), national keynote speaker, co-host of the She Said Privacy / He Said Security Podcast, and co-author of Data Reimagined: Building Trust One Byte at a Time. Jodi holds a Masters of Business Administration and a Bachelor of Business Administration with a concentration in Accounting from Emory University’s Goizueta Business School.

Read more
Rob Macpherson
Rob Macpherson
Managing Director, Creating Impakt

Rob Macpherson is the Managing Director of Creating Impakt, a UK-based boutique brand and marketing consultancy for arts and cultural organizations. For the last three decades, he’s worked with arts brands in marketing, PR, fundraising, and ticketing. Rob holds a BA from Bristol University. He is also a Fellow of the Chartered Institute of Marketing, a Fellow of the RSA, a mentor for the Institute of Fundraising, and a Trustee at Birmingham Botanical Gardens.

Read more

Related Episodes

Artificial Intelligence: The New Frontier or Unchecked Robots?
EP 114
May 03, 2023
Artificial Intelligence: The New Frontier or Unchecked Robots?

AI is generating a lot of buzz in the marketing sphere—but is it really worth the hype? In this episode we pull back the curtain on AI, explore its strengths and limitations, and consider how it can help arts marketers meet their goals more efficiently.

From Personal Brands to Brands with Personality
EP 109
Aug 30, 2022
From Personal Brands to Brands with Personality

We navigate themes of authenticity and personal connection. From building teams that reflect the individual team members’ strengths to breaking down institutional facades, it’s time to get personal.

Don’t Miss an episode

Don’t Miss an episode

Subscribe to CI to Eye and have your insight and motivation delivered on demand.