We know that the General Data Protection Regulation is giving Compliance and IT some heartburn as these teams work to understand the GDPR’s new requirements and how it will affect their organizations. But perhaps the biggest impact will be to Marketing; specifically digital marketing, which will require a cultural shift that presents challenges, but for smart organizations, opportunities to succeed as well.
Consent is king
The days of implied, sneaky, and bundled consent are gone. Starting in May 2018, brands have to collect active consent that is “freely given, specific, informed and unambiguous” to be compliant with GDPR. Someone provided their email address to download a whitepaper? If they didn’t actively agree that it is okay to use their data to send marketing messages, it won’t be legal to add those email addresses to your mailing list.
Also, because there is no “grandfather clause” for data captured before the GDPR, we expect to see lots of re-permissioning campaigns to establish clear consent to use the personal data they already hold.
The GDPR will change how gated assets are used, how leads are collected, and how referral programs work. In other words, the method of “collect it now and figure out what to do with it later” will become a high-risk strategy. The challenge for marketers will be providing “granular choice” for consent in a way that is minimally intrusive and not detrimental to the customer experience.
Legitimate interest is not a get-out-of-jail-free card
The GDPR states that “legitimate interest” of a controller can provide legal basis for using personal information without obtaining consent (GDPR Article 6.1(f)). However marketers should use this clause with caution. Legitimate interest can only be invoked provided that there is “no undue impact” on data subjects. In other words, a business that intends to use personal information must balance its legitimate interest against the rights and interests of the individual and bears the onus for demonstrating such.
Personalization…and privacy – consumers want it all
A recent study found that 90 percent of consumers have privacy concerns, but also seek highly personalized and tailored customer service. Personalization is key to modern customer experiences and customers make purchase and loyalty decisions based on the level of individualized service they receive.
This introduces a challenge for many businesses and marketers – in order to provide highly personalized offerings they need to have a better understanding of their customers’ needs, purchasing histories and attitudes. That means collecting, analyzing and managing customer data related to these preferences and behaviours. However, it has also been found that consumers have growing concern over their privacy and the use of their data.
Marketers will have to find ways to comply with the GDPR while continuing to deliver the personalized products, services and customer experiences that their consumers demand.
Pseudonymization – Marketing’s new hope?
The EU has been explicit that the GDPR should facilitate – not inhibit – innovation within business. In fact the regulation calls out “freedom to conduct a business” as one of the fundamental rights it respects. The tracking and analyzing of consumer behaviors and preferences are valuable tools that marketers and sales functions rely on to be successful. The process of pseudonymization may provide a way for regulators and businesses to meet in the middle.
The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” It is a privacy-enhancing technique where directly identifying data is held separately and securely from processed data to ensure non-attribution of that data to an individual. As it turns out, controllers don’t need to provide data subjects with access, rectification, erasure or data portability if they can no longer identify a data subject. Organizations should look to technology tools as means of pseudonymizing or masking consumer data and encrypting personally identifiable data, in combination with organizational process changes, to ensure compliance.
It’s May 2018. Do you know where your personal data is?
A majority of businesses have stated that they are not ready for the GDPR. A big reason for this is the potentially onerous requirement for organizations to be able to quickly assemble a data subject’s personal data upon request for purposes of erasure, rectification or export.
According to a recent GRPR Readiness survey, only 26% of respondents currently keep an up-to-date register of the personal data they hold and the purposes for which they are used. If there was a time to get one’s arms around all the personal data they hold, what type of permission was obtained, and a governance structure to manage it, that time is now. Information classification schemes, data storage methods and records retention programs need to be reviewed to ensure that data portability, removal, or correction is not only feasible but efficient, if and when needed.
How OpenText can help
The GDPR is a game-changer for digital marketers and there will be challenges to overcome, however the game can change in their favor too. Yes the days of “data maximization” and blanket consent appear over. But it’s for those very reasons that the GDPR will lead to new marketing opportunities. The GDPR forces businesses to develop more thoughtful approaches to targeting and lead acquisition. Prospects who opt in are better qualified, more engaged and want to be marketed to. Because consumers have more control over how their data is used we’ll see better quality relationships between businesses and prospects.
According to Forrester, “77% of consumers have chosen, recommended, or paid more for a brand that provides a personalized service or experience.”
Utilizing Workforce Optimization solutions within our Customer Experience Management portfolio, we can provide sentiment analysis to help measure the effectiveness of your marketing campaigns; provide guidance on appropriate promotions to communicate based on whether or not the consumer has given consent. Learn more about our solution here.
Stay tuned for our next blog post in April on “Disrupt Yourself – Personalized Marketing in the Age of GDPR”.