After the hard slog preparing for GDPR, the effects are now becoming visible, have we all had our data safeguarded or are we allowing more of our data to be captured? The fear factor and the paralysing uncertainty we felt as the clock counted down to May 2018 has abated and rather like when the clock struck midnight on New Year’s Eve 1999 – it appears, against the odds, to be business as usual.
Of course, we’re yet to see the full wrath of none compliance on GDPR (and given many companies are still dragging their feet adhering to the new legislation – the first fines and penalties are expected shortly) but for now, we see no need to hold up in our bunkers.
And given GDPR has been viewed pretty much as a tick box exercise (how many of us actually take the time to read those lengthy privacy notices?) it seems to have passed many consumers by too.
At the same time, tapping YES on our screen means we may actually be consenting to our information being used in many more ways than we want – with even more tracking or cookie usage.
As an example, here is what usatoday.com tracks, with 28 trackers used and 0.8Mb data collected off every page visit:
For now, with many companies in no hurry to point out just how much control we (the consumer) now wield over our own data, it’s likely that most of us don’t yet realise the full implications. At some point, of course, as consumers become more adept at utilising GDPR – as indeed eventually they will – we’ll see a power shift very soon. But for now (at least) normal service has resumed.
Meanwhile, although caution is slowing down decision-making processes, GDPR databases filled with consenting buyers willing to engage are already yielding better brand experiences. For those companies whose worst fears have been confirmed – with GDPR having a profound effect on their databases – common sense suggests that these ‘lost’ customers lacked any legitimate interest, and this would have been unlikely to change moving forward. Post-GDPR compliant data is delivering higher conversion rates in email and calling. Email is the most popular channel by a significant margin – 73% of consumers named it within their top two (out of eight) in terms of preference, and 90% place it in their top four. (source https://www.the-gma.com/email-marketing-post-gdpr-has-there-been-negative-impacts)
But while GDPR creates opportunities for us as businesses, how the data is handled to ensure compliance across the board creates significant challenge too. Given that any information that identifies an individual (including a business email address with the individual’s name in it) now counts as personal data, it’s clear that the alignment of a data-first mentality across sales and marketing functions is more important than ever before.
When selling to B2B customers, as long as you can document your assessment and justify your decision, the route of ‘legitimate interest’ makes things a little easier.
According to guidance from the Information Commissioner’s office, “You can rely on legitimate interests for marketing activities if you can show the way you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object to what you are doing – but only if you don’t need consent under PECR.” (PECR Link – https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr)
Given the complexity of interpreting the ICO’s guidelines, at B2B Smart we’ve seen clients go both ways. Some have made the decision to keep their CRM database using legitimate interest – others have chosen to play it safe and have started new databases from scratch. Unfortunately, there’s no simple answer, but for those taking the approach of legitimate interest – robust documentation that ensures data has been lawfully processed is crucial. Ultimately, the days of sales teams swapping business cards and adding the details to a mailing list are well and truly over.
Which brings us on to the roles of data controller and data processor. Given the heavy fines that can be imposed for GDPR breaches, establishing where responsibilities lie obviously needs to be a top priority. And in situations where a data controller needs to use an outsourced agency to process the data further, it’s critical to ingrain role definition from day one.
But as demonstrated in this ruling over whether Facebook or the owner of the fan page is the data controller, ensuring personal data was processed lawfully, the distinction between the roles is blurry and poses a unique challenge. In this case they found in favor of the owner of the fan page (an education provider) so Facebook was seen as the data controller. Initially it was the education provider and only after an appeal was it found to be Facebook, so a clarity is developing but only through test cases and challenges.
As we move forward, retaining existing customers has become more important than ever. But with strong enough opt-ins which clearly explain exactly how data will be used once consent is given you can best maximize these more targeted data pools, and close alignment across your sales and marketing functions. In doing so you’ll not only ensure compliance at every step of the customer journey, you’ll also succeed in giving your customers the Holy Grail of what they want.
Indeed, if you play all your cards right, GDPR could be the sweet spot of your marketing and sales efforts, delivering incredible value for your business, improved conversions and less wastage.
For help driving your customer lifecycle, click here.
To find out how we can help your business find your sweet spot, contact us today.