GDPR: a wide field of application
For brands, the implementation of marketing programs implies the collection, handling, and conservation of personal data in a variety of contexts:
- in-store to hire a client,
- when signing up for a loyalty card,
- when analyzing purchased products,
- to implement tracking cookies on a website,
- to open a customer account online,
- to send e-mails or text messages,
- when subscribing to newsletters,
- to use Facebook services,
- when signing up for game contests…
The list is long and interactions are frequent with customers. That is why the GDPR will impose “free, clear, and explicit consent.” It means that customers and prospects must be able to knowingly make decisions using a text that clearly explains what their commitment is.
Consent on demand
In practice, GDPR means the end of generalized consent, opt-outs, and formulas with pre-checked boxes: the person has the right to give consent for some uses and to refuse others. And despite all the efforts to obtain a precious agreement, users won’t be signing on for life. In addition to imposing a limited consent duration, GDPR lets customers revoke their consent at any time.
And that’s not all: in preparation for an inspection or dispute, the cost of proving consent is borne by the company. It must be able to prove to the client or the inspection authority that full access rights applied at the time personal data were used. The extent of sanctions when this is not respected is already established: up to 20 million euros or 4% of annual worldwide revenue.
Impact on marketing programs
More power to the customer
Customers have always been the target of information collection. They are demanding, undecided, omnichannel, and ready to share their opinions on social networks. These behavioral traits had already deeply changed marketing strategies in recent years. By extending their personal data rights and increasing the ways they can exercise them, GDPR lets customers know what they were beginning to understand: not only are data their property—they have value, and lots of it.
Further reading: 3 ways an omnichannel transformation can go wrong
Reworking marketing processes
Templates, routines, forms, and databases must all be reconsidered and it is a big job to do so. It is necessary to re-examine existing mechanisms and to make modifications so that consent forms respect regulation rules: Information must be displayed prior to consent, and this must be done in a clear, concise manner, which requires some creative thinking.
Towards an inevitable fusion of databases
GDPR does not only apply to data collected after May 25, 2018. It also applies to databases that already exist. To plan ahead for this compliance, teams must sit down with legal and IT departments to evaluate the way data were collected and determine the level of consent, the goal being to learn if databases are compliant.
Should it become necessary to explicitly request consent from an entire database worth of e-mail addresses, how many contacts will remain on file? A simple calculation shows that for 100 consent request e-mails sent, at most 25% are opened. Before even learning if contacts will renew their consent, 75% will disappear from the list.
On the same topic: GDPR: how to process personal B2B data?
As a result of GDPR, customer and prospect databases will mechanically merge: no more customers or prospects with untraceable consent (unknown date and existence), or customers who do not renew their agreement. There will also be those who exercise their right to be forgotten. Unconsented collection or external file enrichment will be forbidden.
From a business standpoint, this is very bad news in the short term. Marketers should expect lower stock performance from the personal data they handle. It is wise not to set goals based on Y-1 performance. But in the long-term, new opportunities could surface for marketers. 2018-2019 will be a back-to-the-basics year for customer relations, for better and for worse.