With under a month to go until the deadline, Paul Fennemore, Senior Lecturer in Digital Marketing at Oxford Brooks University and C-Suite Level Customer Experience Consultant at Sitecore, provides three ways marketers can accelerate their action plan for GDPR.
There is a minefield of new requirements for GDPR which organisations need to adhere to by 25th May 2018. This will concern multiple departments from legal and IT through to sales and marketing. Most digital marketers are faced with an incredibly difficult task in being fully prepared for GDPR, because their customer’s data is hugely fragmented across multiple channels and systems.
Research we carried out last year found that on average brands are collecting seven different types of data about their online customers to better understand their wants and needs[1]. And this data lives across multiple, often fragmented channels, from call centres, mobile apps, websites and stores, through social media, CRM, ERP systems and much more.
But individuals have a right to know how their personal data is being used and more; they have a right to have it deleted if they choose to. Companies must comply with regulators while at the same time using this data to improve and personalise the commerce experience.
With a little less than a month to go until the deadline, here are three actions that can accelerate a plan for GDPR which addresses some of the challenges specific to marketers.
1. Run proactive opt-in campaigns to convert your existing customer base ahead of the deadline.
Organisations will not be allowed to collect, store and use personal information such as their name, email and phone number, as well as their internet browsing habits, without the individual’s explicit, opt-in consent, after the end of May.
As with any other campaign, content will need to be highly personalised on whichever platform is used, to ensure that as many people open / read it as possible and feel there is a good reason to opt-in. Consumers also need to have control of these settings and they need to naturally integrate into your marketing processes and platforms as and when the individual may choose to change them.
2. Build in Privacy by design.
There are two key steps to take here.
The first is to finalise and communicate your privacy policy. Although it is certainly not down to the role of the marketing team to singlehandedly devise a privacy policy, it will play a clear role – as the main aggregators and users of customer data – to ensure that a sensible privacy policy is developed which is agreed by the entire organisation including IT, finance and legal.
This policy should be clearly published on your website and proactively shared as part of your opt-in campaigns. Further transparency should also be offered through other interactions with customers such as user-friendly preference pages, customer privacy settings etc.
3.Ensure that your channels are integrated.
New systems, applications and services are added over time, and there are now more than 5,000 marketing tech platforms – usually each with their own dataset – which marketers can extract data from. From the end of May, people will have the right to demand a copy of all this data held about them, and you will need to supply it in 30 days. Unless there is an integrated, holistic view of this data, it will be almost impossible to quickly and accurately retrieve, verify and share this data with the individual in question.
With the right to request data – and also the request to delete or remove their personal data in some cases – there’s also ways of reducing the impact of having to ‘delete’ someone’s data so that you can still have a good understanding of your audience, but without getting in to the specifics of names, addresses and so forth. Being able to irreversibly anonymise an individual’s data so that the data is no longer identifiable, still enables a marketer to have insight into how people are interacting with their brand, whilst respecting that person’s wishes to delete their personal data.
Beyond these points raised above, there are also issues around ensuing a level of data security appropriate for the level of risk presented by processing personal data. This includes knowing exactly where customer data is saved and that it is in the right jurisdiction. The marketing department will need to work closely with the IT department to ensure all necessary changes are in place.
The key to complying with evolving global data privacy regulations is transparency
and accessibility. Before GDPR launches on 25th May, marketers will need a full, granular audit trail of what, where, how, and when they collected and stored all end-customer-related data, down to the individual level. This is a far from trivial achievement and no doubt many organisations have already been going through some huge structural and technological changes to achieve this.
By Paul Fennemore
C-Suite Level Customer Experience Consultant