The Golden Ticket to Engagement and Growth – GDPR
Build the trust and confidence in your customers that will present new opportunities to grow your business and increase revenue.
What is it?
More Power to the People!
The General Data Protection Regulation (GDPR) is the latest framework for data protection legislation, which became law on Friday 25 May 2018. The regulation improves upon and replaced the Data Protection Act (DPA), and works together with Privacy and Electronic Communications Regulations (PECR), which will be replaced by the e-Privacy Directive. GDPR unifies and strengthens data protection by creating a single set of rules that all 28 member states must follow when it comes to the acquisition and management of personal data held on EU residents and citizens. This also applies to organisations outside the union that wish to do business within the EU. The regulation’s aim is to also give consumers more power and control of how their personal information is used, from its acquisition, rectifications and withdrawal of its usage.
Why should I care?
Aside from the small matter of a hefty fine, there are plenty of positives about GDPR!
Businesses need to regularly review their data processing operation and make the relevant adjustments or amendments in order to remain compliant with the strengthened data protection rules. Businesses need to be completely upfront and provide end-to-end transparency to consumers on how they plan to process data – this includes how data is acquired, stored, utilised and disposed of. The proposed fines for failure to become compliant or reporting a data breach have also increased – up to 4% of annual global turnover or €20 million, whichever is greater.
GDPR has changed the relationship between businesses and consumers, but whilst the balance of power has shifted towards the consumer, this opens up more opportunities and benefits for data-compliant organisations. GDPR emphasises the importance of responsible data management and respecting your customers’ data privacy, so it is imperative that your organisation is able to develop trusted customer relationships and continuous engagement to legitimately pursue ongoing marketing communication strategies. Whilst the ramifications for consumer audiences are more stringent than business audiences, all industries are affected – scroll down to read more about how your organisation is impacted.
How do I keep my house in order then?
These things might sound pretty dull, but they lay the foundation for business success.
Alongside transparency, GDPR elevates the importance of accountability and governance in data management and protection. Businesses have to continually demonstrate and document that their processing operations meet the compliance requirements, and that safeguards are in place implemented around transmission and storage (‘privacy by design’). The main requirement is that there has to be a legal and legitimate basis to process personal data. The second is that businesses meet the technical and systems requirements of the regulation by having the proper tools in place where they can securely process data and safeguard from breaches of unauthorised use or accidental loss.
Under GDPR, it is increasingly important to understand where personal data sits within your organisation and how it is being used. Because this likely sits within multiple systems, consolidating this down into a Single Customer View (SCV) makes it easier to remain compliant by providing an audit trail to ensure any disputes can be dealt with swiftly and decisively. Our Customer Data Platform’s SCV solution combines data capture (registration, subscription, and e-commerce), customer engagement web behaviour, and transactional history. All of which are securely stored in one system and using the inbuilt Compliance Hub can be easily identified for audit purposes. This includes being able to access and rectify personal data, the right to data portability, to withdraw consent/object and to be erased.
Can I keep my customers happy and still gain a competitive advantage by using their data?
Absolutely, provided you have the right tools in place to stay compliant and continuously engage your audience with relevant marketing communications.
Because GDPR gives consumers more control of their data and how it is used, businesses need to make it easy for consumers to update or rectify inaccurate or incomplete data on them. And upon request, show all of the data held on them, and erase their data entirely if that is their wish. Having a preference centre where all of this can be maintained and managed by your customers can make this easier for both effective data management and remaining compliant.
Our platform’s hierarchical preference centre (Trust Centre) permits users to manage communications (in any format) from the organisation, the brand, any products or services, 3rd parties, and importantly personalisation/profiling. Consumers have the ability to manage their own data by updating, rectifying, or deleting their information through this self-service feature, removing an unwanted administrative headache from your organisation whilst providing helpful tools for your customers.
Having accurate compliant data and developing deeper trusted relationships with your customers will provide your business with many advantages, including a more relevant customer experience, which should translate into revenue and a reduction in data management costs.
I deal with consumer audiences, how does this affect my business specifically?
It’s likely that your business is feeling the most impact from the GDPR – but it’s not all doom and gloom!
Consumer audiences are significantly impacted by the regulation and have had to tighten up how they gain and prove that they have opt-in consent from their customers for email and telemarketing. Brands have to clearly state when the data is collected and what their intentions are once it’s received, and there can be no room for doubt for the consumer of what this means. Your organisation also has to provide an easy way for the consumer to withdraw their consent to part of (if their data is used for multiple purposes) or all of the processing. This also includes programmatic advertising, as this activity now comes under the category of 3rd party data processing which requires opt-in consent.
Examples of organisations with consumer audiences
- B2C Publishers
- Consumer Bodies/Charities
- Professional Bodies (educational level)
- Retail
- Financial Services
- Legal Sector
Whilst it might sound quite negative, the reality is that there has been too much unsolicited marketing going on, an adtech industry marred by fake news and dubious targeting techniques. Something had to give sooner or later – the good news is that it is possible to engage your audience and develop a much closer relationship which your organisation can own and this should foster loyalty and repeat business.
Get in touch with us to discover how to take simple steps towards this goal and replace clickbait with real engagement mechanisms.
Further reading
The GDPR: 10 things adtech businesses need to know
http://www.osborneclarke.com/insights/the-gdpr-10-things-adtech-businesses-need-to-know/
GDPR is coming, and many U.S. ad tech firms aren’t ready
https://digiday.com/marketing/gdpr-coming-many-u-s-ad-tech-firms-arent-ready/
Europe’s new privacy regime: What’s an ad tech company to do?
https://iapp.org/news/a/europes-new-privacy-regime-whats-an-ad-tech-company-to-do/
I deal with business audiences, how does this affect my business specifically?
You are impacted by the regulation, but it is a little more complex than dealing with consumer audiences.
Examples of organisations with business audiences
- B2B Publishers
- Trade member organisations
- Professional Bodies
- Retail
- Financial Services
- Legal Sector
Unlike with consumer audiences, business audiences do not require explicit opt-in consent and can continue to rely on legitimate interests as their legal basis for processing corporate customer data, but your organisation have to tighten up current processes. Organisations have to conduct and document a Legitimate Interest Assessment (LIA) where you need to demonstrate, if challenged, that your organisation can legally rely on this basis for marketing and new business development. The key to this strategy is ongoing and renewed engagement – which we can help you with – otherwise it is difficult to argue that a prospect is still interested in your services if they have not engaged with your organisation in a reasonable amount of time in which the age of data and legitimate interest becomes your biggest problem.
Get in touch with us to discuss how we can help organisations like yours to develop trusted compliant relationships built on continuous engagement strategies.
Further reading
What the GDPR means for Panasonic’s B2B marketing
https://digiday.com/marketing/gdpr-means-panasonics-b2b-marketing/
Why Consent isn’t always the Holy Grail for the Membership Sector
http://memberwise.org.uk/consent-isnt-always-holy-grail-membership-sector/
DPN legitimate interests guidance – GDPR
https://www.dpnetwork.org.uk/dpn-legitimate-interests-guidance/