In a post-GDPR world, companies need to communicate clearly how giving up data can benefit end users
Many businesses need data to improve their products and services. However, collecting this data is becoming more complex, thanks to new privacy laws like the EU’s General Data Protection Regulation (GDPR). This creates a tension for companies, which venture capitalist and former Wall Street securities analyst Mary Meeker labelled the “privacy paradox.”
Many organisations view it as meaning they can’t use data to be innovative, but that is wrong; collecting data [under GDPR] is fine if companies are clear and transparent about what it is being used for, both internally and/or when sharing it with third partiesSteve Holt, head of cyber solutions for financial services at EY
GDPR came into force in May 2018 and is globally recognised as the gold standard for data regulation and protecting consumer privacy rights. Among other things, it requires businesses to seek fully informed and valid consent before capturing and using a customer’s data. Non-compliance can result in hefty fines. Most recently, Google was fined a record €50m (£44m) by French data protection watchdog CNIL for failing to provide users with transparent and understandable information on its data use policies.
Regulation is understandable and inevitable, but as Meeker suggests, it can be challenging for businesses to navigate. In fact, many companies wrongly believe that GDPR is designed to stop them from processing personal data, says Steve Holt, head of cyber solutions for financial services at professional services firm EY.
“Many organisations view it as meaning they can’t use data to be innovative, but that is wrong; collecting data [under GDPR] is fine if companies are clear and transparent about what it is being used for, both internally and/or when sharing it with third parties,” he explains.
Company privacy notices should therefore be easily located and understood; without transparency, it is difficult for individuals to have trust in organisations, Mr Holt notes.
GDPR has created awareness among consumers about their data, with people often taking steps to protect their personal information when the benefits aren’t clear. According to a 2018 UK survey by market intelligence agency Mintel, 71 per cent of respondents said they actively avoid creating new accounts with companies because they are worried about sharing their personal data.
The good news, however, is that many consumers are open to exchanging their personal information for services they actually want. According to The Loyalty Report 2018 from customer engagement specialist Bond Brand Loyalty – which surveyed consumers about brand loyalty programmes – around 87 per cent said they are open to having various details of their activity and behaviour watched, monitored, and tracked in exchange for access to personalised rewards or engagements.
As such, organisations shouldn’t focus on obtaining blanket consent for data collection as they may have done in the past, but instead should aim to foster a better conversation between the company and its customers by allowing different preferences for different users, says Mr Holt.
“Those that see regulation as something they have to do will not get value from it, but others that see it as a better way to connect with their customers will,” he adds.
Enhancing apps to provide customers with more preferences is one way to build a relationship and engage with consumers, Mr Holt adds, stressing that organisations should consider data transparency at the design stage of their products and services.
Emma Kennaugh-Gallacher, an associate and solicitor at IP law firm Mewburn Ellis, says this requires a “mindset shift” for companies, particularly for marketing teams.
“Data collection used to be about high volumes, whereas now it’s more targeted, more nuanced – companies are only contacting people that are likely to have an interest in what they’re offering,” she says. This is better overall because it means companies only talk to customers who want to hear from them, rather than contacting people from old marketing lists, she adds.
Nicholas Blake, head of data and digital operations at customer relationship marketing specialist Armadillo, has worked with McDonald’s for four years to improve the company’s customer engagement and data compliance. He agrees that for better consumer-business relationships, companies need customers to opt in.
“It’s not about grabbing data at any cost but getting the customer to give it to you willingly; businesses need to be confident in their value proposition and be clear about how data feeds into that proposition,” he says.
Since adopting GDPR-compliant transparency around data collection and use, McDonald’s engagement rate has increased, says Mr Blake, “because the customers on its database want to be there.” It is also getting higher sign-up rates due to its open embrace of transparency, he adds.
There’s no doubt GDPR can be challenging for organisations
There’s no doubt GDPR can be challenging for organisations. Selling data, for example, is increasingly difficult under the regulation. And when an organisation wants to do something different with the data than originally stated, it must seek new consent.
But regulation is here to stay and will likely increase. In the US, for example, California has introduced a new law modelled on GDPR that will come into force in 2020. Other states will likely follow suit. The key to navigating data compliance – without hindering business success – is transparency and adopting a change in mindset at every level of an organisation, according to the experts.
“Brands can succeed in asking for and getting customer data if they demonstrate at every point – when it is being captured and when they use the data – that the consumer will get real value, such as sharing data in exchange for entertaining news and information,” says Mr Blake.