The reality of the General Data Protection Regulation has so far been quite constrained and while some companies have suffered fines – such as Google’s €50 million penalty from the french data protection authority CNIL – predictions about the end of one-to-one marketing and direct interaction with individuals were unfounded.
That’s not to say the Regulation hasn’t prompted changes. When it comes to data, the concern is no longer simply around its collection, but also how it is being used and controlled, making transparent management the true priority.
Trepidation ahead of the GDPR led some companies to extreme action. The risk of non-compliance led JD Wetherspoon to delete its entire email database (and also to leave social media) and many US websites simply blocked EU visitors. But while the laws have brought change, the overall effect has been positive.
Significant fines are the exception, not the rule. GDPR has raised data protection standards across Europe, creating an environment where consumers feel safer and more empowered: 54% are aware of their privacy rights and 60.2% understand how the data value exchange works, according to DataIQ and Tealium research conducted following the implementation of the regulation.
While consumers may feel reassured after the arrival of GDPR, that doesn’t mean companies should be complacent. The way they apply data makes a sizeable difference to the quality of the online experiences they deliver. While consumers appreciate that insight-driven activities provide clear benefits - such as being welcomed back by sites or apps (26.2%) - anxiety rises when ads follow them around (37.2%) or promote items they have already bought (29.3%). In short, careful and considered data handling still matters.
Responsible data management remains crucial to maintain consumer relationships and trust, making it vital to company success. But defining what good data practice looks like can be challenging. It’s not just a case of obeying regulatory rules and adopting robust security measures.
Today’s informed consumers know the value of their data and what they want to receive in return for sharing it, in particular tailored offers (37.2%). They also have a defined idea of what counts as crossing the line, with asking for too much data topping the list (62.3%), followed by intrusive experiences (40.8%).
As a result, businesses need to master a delicate balance between personalisation and privacy. And doing so will mean ensuring data procedures align with three key principles:
With a certain level of transparency now legally required, standing out means going beyond the basics. For example, every business now needs to provide comprehensive privacy notices and clearly explain why data is needed. So, the emphasis should be on maximising clarity through fair, easy-to-find and understandable privacy policies, covering precisely which services or marketing initiatives data will fuel, and the specific steps that will be taken to keep information safe as well as how to make a subject access request.
Companies need full control of permitted data before they can implement it effectively. So, once they have openly communicated their responsible data ethos, the next step is making sure they can deliver it by building a solid, accurate, compliant, and secure database. By far the most efficient means of achieving this is through refined data orchestration.
Using advanced technologies, such as a customer data platform (CDP), this process involves meticulous management of the data lifecycle from start to finish. Information gathered from all multi-channel sources is persistently cleansed, integrated, checked for errors - such as bias or duplications - and transformed into a single, constantly replenished insight store.
By drawing on their holistic and precise data pools, companies can create a 360-degree view of individuals that enables them to provide consistently engaging interactions and to demonstrate the value of data sharing. For example, that might include analysing interaction data to identify and address issues impeding the progress of the customer journey, such as difficulty locating privacy notices or irritation with over-complex consent forms. Or businesses might turn knowledge of specific interests, needs and habits to their advantage, serving consistently tailored advertising that helps to enhance individual engagement, as well as to drive results for the business.
GDPR wasn’t the data apocalypse many anticipated, but it has changed how consumers view their data. With greater understanding has come increased sensitivity to the way companies implement personal information, particularly if they overstep the personalisation mark.
From here on, the hallmark of a successful business will be its level of data control. Those who commit to complete transparency, stringent data orchestration and delivering genuine value will be the companies that win trust and lasting loyalty.
Lindsay McEwan is VP and managing director EMEA, Tealium
Data and GDPR expert, Lindsay boasts 20 years’ strategic leadership and commercial management expertise. A well-respected data leader, he is passionate about educating businesses to integrate data seamlessly in order to drive profitable cross-channel customer interactions. His previous roles include positions at Adobe Systems UK, Neolane Software, Oracle, TIBCO and Kana. Lindsay joined Tealium in 2014.