The Golden Ticket to Engagement and Growth – GDPR
Build the trust and confidence in your customers that will present new opportunities to grow your business/revenue
What is it?
More Power to the People!
The General Data Protection Regulation (GDPR) is the latest framework for data protection legislation, coming into force on Friday 25 May 2018. The regulation improves upon and replaces the Data Protection Act (DPA), and will work together with the e-Privacy Directive which will replace the Privacy and Electronic Communications Regulations (PECR). Its intentions are to unify and strengthen data protection by creating a single set of rules that all 28 member states must follow when it comes to the acquisition and management of personal data held on EU residents and citizens. This also applies to organisations outside the union that wish to do business within the EU. The aim of the regulation is to also give consumers more power and control of how their personal information is used, from its acquisition, rectifications and withdrawal of its usage.
Why should I care?
Aside from the small matter of a hefty fine, there are plenty of positives to get excited about!
Businesses need to review their data processing operation and make the relevant adjustments or amendments in order to become compliant with the strengthened data protection rules. Businesses will have to be completely upfront and provide end-to-end transparency to consumers on how they plan to process data – this includes how data is acquired, stored, utilised and disposed of. The proposed fines for failure to become compliant or reporting a data breach have also increased – up to 4% of annual global turnover or €20 million, whichever is greater.
The regulation changes the relationship between businesses and consumers, but whilst the balance of power is shifting towards the consumer, this should open up more opportunities and benefits for data-compliant organisations. GDPR emphasises the importance of responsible data management and respecting your customers’ data privacy, so it will be imperative that your organisation is able to develop trusted customer relationships and continuous engagement to legitimately pursue ongoing marketing communication strategies. Whilst the ramifications for consumer audiences are more stringent than business audiences, all industries will be affected – scroll down to read more about how your organisation will be impacted.
How do I get my house in order then?
These things might sound pretty dull, but they lay the foundation for future business success.
Alongside transparency, GDPR elevates the importance of accountability and governance in data management and protection. Businesses will have to demonstrate and document that their processing operations meet the compliance requirements, and that safeguards have been implemented around transmission and storage (‘privacy by design’). The main requirement is that there has to be a legal and legitimate basis to process personal data. The second is that businesses meet the technical and systems requirements of the regulation by having the proper tools in place where they can securely process data and safeguard from breaches of unauthorised use or accidental loss.
GDPR makes it increasingly important to understand where personal data sits within your organisation and how it is being used. Because this likely sits within multiple systems, consolidating this down into a single customer view (SCV) will make it easier to remain compliant by providing an audit trail to ensure any disputes can be dealt with swiftly and decisively. Our Customer Data Platform’s SCV solution combines data capture (registration, subscription, and e-commerce), customer engagement web behaviour, and transactional history. All of which are securely stored in one system and using the inbuilt Compliance Hub can be easily identified for audit purposes. This includes being able to access and rectify personal data, the right to data portability, to withdraw consent/object and to be erased.
Can I keep my customers happy and still gain a competitive advantage by using their data?
Absolutely, provided you have the right tools in place to stay compliant and continuously engage your audience with relevant marketing communications.
And because GDPR gives consumers more control of their data and how it is used, businesses have to make it easy for consumers to update or rectify inaccurate or incomplete data on them. And upon request, show all of the data held on them, and erase their data entirely if that is their wish. Having a preference centre where all of this can be maintained and managed by your customers will make it easier for both effective data management and meeting the compliance requirement.
Our platform’s hierarchical preference centre (Trust Centre) permits users to manage communications (in any format) from the organisation, the brand, any products or services, 3rd parties, and importantly personalisation/profiling. Consumers have the ability to manage their own data by updating, rectifying, or deleting their information through this self-service feature, removing an unwanted administrative headache from your organisation whilst providing helpful tools for your customers.
Having accurate compliant data and developing deeper trusted relationships with your customers will provide your business with many advantages, including a more relevant customer experience, which should translate into revenue and a reduction in data management costs.
I deal with consumer audiences, how will this affect my business specifically?
It’s likely that your business will be feeling the most impact from the GDPR – but it’s not all doom and gloom!
Consumer audiences will be significantly impacted by the regulation and will have to tighten up how they gain and prove that they have opt-in consent from their customers for email and telemarketing. Brands need to clearly state when the data is collected and what their intentions are once it’s received, and there can be no room for doubt for the consumer of what this means. Your organisation will also have to provide an easy way for the consumer to withdraw their consent to part of (if their data is used for multiple purposes) or all of the processing. This also includes programmatic advertising, as this activity will now come under the category of 3rd party data processing which will require opt-in consent.
Examples of organisations with consumer audiences
- B2C Publishers
- Consumer Bodies/Charities
- Professional Bodies (educational level)
- Financial Services
- Legal Sector
Whilst that might sound quite negative, the reality is that there is too much unsolicited marketing going on and an adtech industry marred by fake news and dubious targeting techniques. Something had to give sooner or later – the good news is that it is possible to engage your audience and develop a much closer relationship which your organisation can own and this should foster loyalty and repeat business.
Get in touch with us to discover how to take simple steps towards this goal and replace clickbait with real engagement mechanisms.
The GDPR: 10 things adtech businesses need to know
GDPR is coming, and many U.S. ad tech firms aren’t ready
Europe’s new privacy regime: What’s an ad tech company to do?
I deal with business audiences, how will this affect my business specifically?
You will be impacted by the regulation, but it is a little more complex than dealing with consumer audiences.
Examples of organisations with business audiences
- B2B Publishers
- Trade member organisations
- Professional Bodies
- Financial Services
- Legal Sector
Unlike with consumer audiences, business audiences do not require explicit opt-in consent and can continue to rely on legitimate interests as their legal basis for processing corporate customer data, but your organisation will also have to tighten up current processes. Organisations will need to conduct and document a Legitimate Interest Assessment (LIA) where you will have to demonstrate, if challenged, that your organisation can legally rely on this basis for marketing and new business development. The key to this strategy is ongoing and renewed engagement – which we can help you with – otherwise it will be difficult to argue that a prospect is still interested in your services if they have not engaged with your organisation in a reasonable amount of time in which the age of data and legitimate interest becomes your biggest problem.
Get in touch with us to discuss how we can help organisations like yours to develop trusted compliant relationships built on continuous engagement strategies.
What the GDPR means for Panasonic’s B2B marketing
Why Consent isn’t always the Holy Grail for the Membership Sector
DPN legitimate interests guidance – GDPR