GDPR: Data Protection - Compliance is not enough
30 Jan 2017
Imagine the situation - May 2018 approaching ever closer, you’ve mapped your data landscape, audited and classified the data you are holding and implemented changes to tighten up on existing obligations which GDPR will bring; happy days for the legal and compliance teams and the Board are satisfied that the risk is managed. But wait a minute, what will the impact be on your ability to reach and engage with customers – has the baby been thrown out with the bathwater?
The biggest business challenge facing brands
For those organisations already on top of PECR and the Data Protection Act then you are nearly there, stepping up to GDPR will not be that big a deal. Our experience however is that many consumer brands have got some tidying up to do even to come into line with today’s guidance.
In my opinion, the biggest business challenge facing brands is the ability to protect and maintain their ability to market to customers. Just because you’re compliant does not mean that customers will opt in to marketing.
KPIs for Customer Reach are not often seen on a Marketing Dashboards – but they should be. Ask yourself the question – what % of your current customers can you send a marketing email to today? How do consent levels vary by value segment, purchase channel, product category? Also consider what else do you do with customer data. Do you profile, match, append, enhance and share externally? Is it all covered in the privacy policy that each customer signed up to? Do any of these things to customer data that is not opted in for marketing?
What impact will GDPR and associated consumer perceptions have on your contactable universe?
Importance of informing customers
The recent ICO ruling against BHF and RSPCA highlighted the importance of informing customers about how their data is being processed. If every consumer brand in the country was inspected today, I am willing to bet that a reasonable proportion is not doing the right thing.
So now’s the time to get it sorted – get ahead before the privacy deluge occurs. The wake up calls are getting louder by the month; customer awareness is improving with every ICO ruling and data breach.
Create a strategy to build reach from this day forward. What is the best way to ask each customer (you only get one chance)
-
What is the true state of your customer contactability nation now? Can you measure it and how does it vary by business unit, product, segment and source channel?
-
What is l channel strategy will deliver the optimal result?
-
How should customers be asked about consent and what should the order of asks be
-
What value exchanges could be offered to customers in return for their agreement?
Finally, consider modelling the financial impact of different consent levels on the growth of your business. Imagine a scenario where you could only cross sell to say a third of your customers – would that matter? Is it likely? Now, you’ve got the attention of the board.
By Paul Kennedy, Data Strategy Director at Amaze One (part of St Ives Group)
We recently surveyed businesses across the UK to measure their understanding of the prospective impacts of the General Data Protection Regulation (GDPR).
The results showed that 62% of businesses have no plans in place to prepare for GDPR, yet 93.6% believe that GDPR is applicable to their business.
These statistics show an acute need for businesses to take part in further training on the implications of GDPR, and how to prepare before it becomes law in May next year.
We’re running the GDPR Conference Europe (London, 27th April 2017) which will provide a framework to keep your organisation GDPR compliant. Join us to learn how to stay on the right side of the law come May next year.
Feel free to get in touch if you have any questions or need any further information, my email address is Jacob@amplifiedbusinesscontent.com.
http://www.gdprconference.eu/gdpr-conference-eu.html
Marketing & Partnerships Manager