From now on, 24th May will be known to both consumers and the data industry as D-Day. But not because it represented a glorious first step towards liberating nations from evil invaders, but rather as Deletion Day. Consumers will likely have spent the day deleting from their inboxes dozens of messages asking them to opt-in to future communications. In tandem, database managers will have been up late deleting those same individuals from their systems.
As they worked late into the night, data practitioners must have wondered why their companies waited until the very last minute to seek consent from customers. After all, GDPR has been law for 730 days. Any need to communicate a change to privacy notices could have been acted on between the date the Regulation went onto the statute books in 2016 and yesterday. Instead, hundreds of brands competed for attention and action in the final 24 hours.
You can bet many of them did not get it. According to a survey carried out by Vibrant Media, media buyers are expecting 43% of consumers to opt-out or fail to give consent. That may prove to be wildly optimistic - anecdotal evidence from a lunch with members of the DataIQ 100, held this week in association with Tealium, heard the figure of 20% providing active, informed consent considered to be the top level.
Vibrant Media’s CEO, Doug Stevenson, said, “GDPR is forcing brands to rethink their marketing. This is a positive change for consumers. Agency execs are predicting that 43% of consumers will choose to opt-out of an involuntary data relationship with brands, which presents a real opportunity to build trust with consumers so they opt-in to a more positive, transparent relationship.”
How they will do this looks problematic. In the run-up to enforcement, 42% of those same media specialists reported a drop in programmatic spend, with brands pulling back from any activity they viewed as risky. Other marketing challenges they are facing include low opt-in rates to email, slow uptake to review and set communications preferences, and low traffic rates to websites so explicit consent can be attained.
To understand the likelihood that marketing databases could be depleted by the way GDPR compliance is being pursued, DataIQ conducted an in-house review of a sample of campaigns. Members of the DataIQ team collated communications from brands and assessed them from the perspective of “data-savvy” consumers, rather than data practitioners. The sample was constrained to 50 brands, chiefly B2C but also allowing for B2B since they are equally covered by the Regulation. The sample could easily have stretched into hundreds - my personal tally was 43 in 24 hours.
Five dimensions were considered and scored from one to five each: clarity (ie, how easy it was to understand why the message was sent and what action was required); brand tone of voice (ie, did it sound like other communications from the company); actionability (ie, did it include links to further information, contact details for the data protection officer such as email address, phone number of postal address); granularity (ie, were all of the GDPR rights explained with choices for each as well as the ability to express preferences); basis for data processing (ie, did it explain whether the company intends to process data on the basis of contractual obligation, legitimate interest, consent or a combination of all three).
These were considered to be dimensions that would engage or influence consumers or be expected to be present. It is worth noting that many of the brands represented managed the first four well, but failed when it came to choosing the basis for data processing.
On the basis of this sample, mistaking GDPR for PECR is going to prove to be a significant headache for brands who had no need to get a fresh consent in order to send emails. Similarly, deciding to adopt consent will leave huge holes in their marketable data. To give just one example, The Guardian has a good track record for its data governance and brand tone of voice, yet still messaged a subscriber who had updated their preferences for emails within the last month to say all emails would stop without fresh consent.
Table 1 shows the results of this exercise with the highest and lowest scorers. The full set can be downloaded here.
Top scorers:
Barclays - leading off from its digital eagles campaign, Think DigiSafe moves the bank beyond just GDPR compliance and into that most desirable position - the trusted brand. Clean, clear and with an unmistakable tone of voice, the campaign does not shy away from explaining some of the risks to consumers of data sharing and dovetails well with the ICO’s “Your Data Matters” activity.
National Theatre - in equal first place, the South Bank resident shows exactly how GDPR messaging should be done - well branded, clear, concise and actionable, it demonstrates that you don’t need to be highly-resourced to get the job done.
Worst scorers:
Saatchi Gallery - at the other end of the arts marketing spectrum, this King’s Road arts powerhouse makes a fundamental error in its GDPR message - giving opt-out as the basis on which it will continue to use personal data. Compliant with neither GDPR or PECR, it harms not only the database, but also the brand.
Great Western Railway - four emails to a customer who last booked and travelled on its line over a decade ago would be bad enough. But the fatal flaw with this campaign is to link the provision of consent with entry into a prize draw (a mistake Joe Allen also made). Specifically prohibited in GDPR, any consents captured by this campaign will not be valid and will need to be delete. More work for those tired data practitioners….
Table 1 - Best and worst GDPR communications |
||
Rank |
Brand |
Total Score |
|
Top Three: |
|
1= |
Barclays |
25 |
1= |
National Theatre |
25 |
3 |
Channel 4 |
24 |
|
Bottom Three: |
|
48 |
Thistle Hotels |
8 |
49 |
Saatchi Gallery |
7 |
50 |
Great Western Railway |
5 |
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024