Data providers have to play by new rules, even before the GDPR comes into force. To provide compliant targeting and profiling solutions, that may mean transforming the business models which have existed for decades.
Consent and how it should be captured is at the very heart of the new GDPR. While there has been a significant advantage gained from the recognition that direct marketing is a legitimate business interest, hard work still needs to be done in order to unpick what the regulation really means for profiling and capturing permission for third-party data usage.
It might be supposed that commercial data owners have two years in which to transform their business model and get on the right side of the legislation. But that would be to overlook the pressure that was already building on this sector during 2015. From the explosion of media coverage of data sharing by charities to the ICO’s contact with 1,000 data brokers and processors, it is clear that “business as usual” is no longer an option, regardless of what the new law says.
In the most high-profile reaction to this new, emerging reality, Callcredit Information Group made the decision to suspend selling of all data for prospecting by phone, email and SMS from its Define database in January. It was responding to a First Tier Tribunal ruling relating to the use of data for text messaging by Optical Express, as well as guidance issued by the ICO.
Gareth Jones, data director, Callcredit Information Group, said: “After careful consideration, we have decided that we will acquire marketing data with strengthened privacy permissions and, in the interim, suspend selling data for prospecting by telephone, email and SMS from our Define database until it meets this new standard.”
He explained: “This is the right course of action and has three major benefits. First, it will create a pool of data with enhanced consent in terms of channel preference and sector permission, providing firmer assurance for our clients; second, it maintains consumer privacy; and, third, it enables us to extract very precisely-defined prospect lists that empower clients to target prospective customers more accurately.”
The company has been working with consultants and running consumer tests to develop new Fair Processing Notices and privacy policies which its data providers will have to put in place by no later than March 2016. These enhance the strength of the consent which is captured from consumers, as well as giving them a better informed basis on which to express their preferences around channels and interests.
Other data owners adopted a similar approach somewhat earlier, having recognised that many of the practices commonly used for third-party data capture and development were not sustainable. Despite an absence of immediate regulatory requirements, making a change to their model was recognised as time-consuming, but necessary.
“Back in 2014, we started looking at this as a way to differentiate ourselves against other suppliers when the GDPR created a level playing field,” says Adam Williams, managing director of DBS Data. “It was not as difficult as we expected it to be - we had thought it would be a big challenge.”
One thing his company did discover was how many twists and turns had entered into its data supply chain and that unpicking compliance by third-parties is a demanding process. With buy-in from everybody in the business, however, Williams said it was possible to maintain momentum for the change. “In the greatest threat lies the greatest opportunity,” he says.
Staff training has been an important dimension of this transformation. “Ninety-five per cent of our staff have some involvement with data and therefore had to become responsible. They have all had to become compliance officers and understand the impact of what is happening with our data,” he says.
Williams believes that the market conditions for third-party data are about to undergo a fundamental change. “Historically, the focus on data has always been about profitability, with marketers looking to achieve the best return on investment. You will see suppliers like ourselves coming into play who are about compliance as well,” he says.
Whether out of foresight or now with insight into the GDPR, no company which is in the business of providing data for third-party usage can afford to carry on as before. Even before the regulation becomes law, the ICO will be on the look out for changes in behaviour and how permission is obtained.
Mark Roy, chairman of REaD Group, is only too happy to see this happening. “From a marketing perspective, it goes without saying that this is good news for organisations intent on being compliant and not such good news for those wishing to bend the rules. Equally, as an individual, I feel positive that the benefits will be felt across the board as we enter a new age of openness, honesty and transparency between consumers and the companies they deal with.”
He pinpoints the use of the term “unambiguous” to describe how consent will need to be given as the crucial turning point. “Under the new rules, companies will have to be unrecognisably overt about the way they plan to use data, and rightfully so. But, by the same token, consumers will still have to demonstrate clear affirmative action when choosing not to share information, such as actively ticking a box. Consent forms will be required to provide consumers with a number of definitive options relating to the use of their personal information, including opt-out. This new system will grant more clarity to the consumer, but also provide a springboard to stronger, more open and stickier relationships.”
Just as data owners are re-engineering their approach to get in line with these requirements, other approaches are also emerging which make the whole issue moot. One example is autoGraph, which has seen a dramatic uplift in demand for its anonymised profiling solution.
“Acquiring customers for the first time is challenging and many marketers have been assuming that third-party data will be available,” points out Kevin Telford, VP Strategy EU at autoGraph. “But if you are just taking campaign data from a broker, the context is very thin. By using a direct-to-consumer branded autoGraph for user generated profiles for onboarding customers, or enhancing, boosting existing customer permissions and deep first party profiles within a captive portal or registration process means brands open up relevant, contextual content driven by the user.”
A number of clients across multiple sectors use the user generated profiles for driving an enriched understanding of their customers without being dependent on third-party profiling data which might become unavailable. “The brands capture new, first-party permission and insight into their interests without the need for that third-party consent. An additional benefit is these brands spend millions on third-party data because it needs to understand customers beyond what it sees across their customer journey and experience. For FMCG brands, the challenge is even bigger because their customers are invisible,” says Telford.
“An additional benefit is these brands spend millions on third-party data because they need to understand customers beyond what they see across their customer journey and experience. For FMCG brands, the challenge is even bigger because their customers are invisible,” he says.
Compliant and sustainable access to data will soon become a benchmark for marketing. It will also bring about significant changes to the supply chain which has been in place for decades. Right now, suppliers are working out how to get on the right side of the balance sheet, even if that means ditching their business-as-usual.