Data Protection – Compliance is not enough

Imagine the situation – May 2018 approaching ever closer, you’ve mapped your data landscape, audited and classified the data you are holding and implemented changes to tighten up on existing obligations which GDPR will bring; happy days for the legal and compliance teams and the Board are satisfied that the risk is managed. But wait a minute, what will the impact be on your ability to reach and engage with customers – has the baby been thrown out with the bathwater?

The biggest business challenge facing brands

For those organisations already on top of PECR and the Data Protection Act then you are nearly there, stepping up to GDPR will not be that big a deal. Our experience however is that many consumer brands have got some tidying up to do even to come into line with today’s guidance.

In my opinion, the biggest business challenge facing brands is the ability to protect and maintain their ability to market to customers. Just because you’re compliant does not mean that customers will opt in to marketing.

KPIs for Customer Reach are not often seen on a Marketing Dashboards – but they should be. Ask yourself the question – what % of your current customers can you send a marketing email to today? How do consent levels vary by value segment, purchase channel, product category? Also consider what else do you do with customer data. Do you profile, match, append, enhance and share externally? Is it all covered in the privacy policy that each customer signed up to? Do any of these things to customer data that is not opted in for marketing?

What impact will GDPR and associated consumer perceptions have on your contactable universe?


Importance of informing customers

The recent ICO ruling against BHF and RSPCAhighlighted the importance of informing customers about how their data is being processed. If every consumer brand in the country was inspected today, I am willing to bet that a reasonable proportion is not doing the right thing.

So now’s the time to get it sorted – get ahead before the privacy deluge occurs. The wake up calls are getting louder by the month; customer awareness is improving with every ICO ruling and data breach.

Create a strategy to build reach from this day forward. What is the best way to ask each customer (you only get one chance)

  • What is the true state of your customer contactability nation now? Can you measure it and how does it vary by business unit, product, segment and source channel?
  • What is l channel strategy will deliver the optimal result?
  • How should customers be asked about consent and what should the order of asks be
  • What value exchanges could be offered to customers in return for their agreement?

Finally, consider modelling the financial impact of different consent levels on the growth of your business. Imagine a scenario where you could only cross sell to say a third of your customers – would that matter? Is it likely? Now, you’ve got the attention of the board.

By Paul Kennedy, Data Strategy Director at Amaze One (part of St Ives Group)

If you have any questions, please ask below!