There has been much hand-wringing among marketers over the European Union’s recently implemented data privacy rules. Yes, they have important implications for marketers doing business in Europe. And it’s true that failure to comply can result in significant penalties. But seen in the right perspective, the European Union’s General Data Protection Regulation is actually an opportunity for marketers to deepen their customer relationships and sharpen their focus on what’s important. In fact, in its engagements for global business-to-business firms, my company has worked with marketers who are implementing GDPR and helped them connect these requirements to positive customer experience goals.
As Data Proliferates, So Do Concerns
The Economist has declared that oil is no longer the world’s most valuable resource — it’s data. While the proliferation of data has spawned entire industries and created global behemoths, like Google, Amazon and Facebook, data is transforming virtually every company that sells its products through the internet, social media and direct marketing. The data collected through these channels is a prized resource for marketers.
It’s also ripe for theft and misuse. According to a PwC report, 85% of consumers surveyed said cybersecurity and privacy risks are among society’s biggest risks. And a survey conducted for the Chartered Institute of Marketing found that 37% of respondents don’t trust brands to use their data responsibly.
What Is The GDPR?
By now, many marketers have heard of — and implemented — GDPR requirements. But a brief summary is helpful. Basically, the regulations, which went into effect May 25, standardize a wide range of different privacy rules across the EU into one central set of regulations that will protect consumers in all member states. In harmonizing data privacy laws across Europe, GDPR is intended to protect EU citizens’ data privacy. For companies that market in the EU, whether they’re based there or not, GDPR requires rethinking the way they approach data privacy.
The New Nuances Of Granting Permission
Many marketers build valuable prospect lists through opt-ins, capturing personal data from people who ask for information about a product or service, or view a demo. In the past, you might have logically assumed that people who opted in would want to receive future updates. Now, you will need to ask them explicitly to opt in to receive additional content; you can no longer assume they want to be contacted beyond the initial communication they signed up for. In the words of the GDPR regulation, consent must be granted in a “freely given, specific, informed and unambiguous” way through a “clear affirmative action.” As the regulation states, “silence, pre-ticked boxes or inactivity should not therefore constitute consent.”
In short, marketers in the EU need to review all customer communications to ensure that prospects are explicitly opting in to future contact. And because GDPR gives businesses responsibility over not only their own practices, but also those of their data supply chains, they need to ensure that their suppliers (such as research vendors) are in full compliance with the EU regulations.
The opportunity: Complying with this policy isn’t difficult and, if done correctly, can demonstrate to consumers that you are a good corporate citizen with their interests at heart. In asking for opt-in permission, avoid dry legalese, and instead use language that suggests empathy and concern, such as, “Our top priority is ensuring that you only receive communications that are useful to you.”
Forget Me, Please
One of the strangest-sounding outgrowths of the whole data privacy issue is the “right to be forgotten.” Under this concept, codified in the GDPR, personal data must be erased when the data is no longer needed for its original purpose, when the data subject has withdrawn his or her consent, or when the data no longer complies with the regulation.
One impact of this regulation for marketers in the EU is how to manage market research data after it has been used and how personally identifiable information will be handled. In this environment, consumers will be hypersensitive to any request for information, so marketers need to carefully communicate the purpose of the information they are requesting, how it will be used and what will be done to it when it is no longer useful.
The opportunity: The “right to be forgotten” can help build trust with customers. When conducting research, for example, explain your data retention policy in direct, no-frills language that highlights your concern for data privacy. Done right, you may get a better response rate, and you’ll enhance your standing with the marketplace.
Focusing On What’s Important
Whether sending out surveys, processing warranty information or requiring prospects to complete opt-in forms to receive content, marketers tend to ask for more than they really need. And why not? The cost of asking another question or two is virtually zero. Now, in the EU, there may be a cost. GDPR requires companies to legally justify the personal data they collect. If you’re surveying IT managers about enterprise software preferences, do you really need to know the brand of laptop they use? Is knowing your buyer’s age really going to help you develop a marketing strategy for a consulting service? If the answer is yes and you can prove it, then ask away. If not, avoid collecting these unnecessary data points and focus on what you really need to know. In this new environment, the more data you collect and hold, the greater your risk of noncompliance.
The opportunity: At a time when so many marketing professionals are overwhelmed by the volume of customer data at their disposal, the need to justify the data you’re collecting can force you to focus on what’s really important and useful — and that’s always a good thing.
Looking On The Bright Side
Implementing GDPR-compliant procedures doesn’t have to be a burden for marketers. Most of the compliance issues are common sense. More significantly, compliance can be an opportunity to communicate good corporate citizenship at a time when consumers are concerned about data privacy and question the integrity of the companies they do business with.