Poor-quality customer data is about to become a major compliance issue with the coming into effect of the General Data Protection Regulation (GDPR). From 25th May 2018, any organisation found to be using inaccurate customer data or processing data without a legal basis, such as consent, could face the prospect of a significant fine: up to 4 per cent of global turnover, or €20 million, whichever is greater. And there’s the additional threat of consumer litigation.
Data may be inaccurately recorded at several different points in the data-capture process: the point of data entry, database conversion or database consolidation. Alternatively, it may be that information simply isn’t being kept up to date or validated correctly.
For example, research from Royal Mail Data Services (RMDS) shows that while 87 per cent of organisations use websites as their primary channels for customer data collection, only 44 per cent automatically validate it at the point of online entry.
The research also indicates that the biggest contributors to poor-quality data are incomplete, out-of-date or duplicate records, with seven out of 10 marketers complaining that this is the main reason they are not able to do their jobs properly.
Consent Is key
There are various stipulations that organisations need to follow in order to be compliant. Data accuracy certainly needs to be addressed, with any incorrect customer data erased or rectified as soon as possible.
But it’s the ways in which the new regulation aims to put consumers in control of their own data that dramatically impact on how organisations hold this information and what they can do with it.
Unless certain exceptions apply, customers may not be subject to automatic decisions, including by profiling (such as customer relationship management technology). They may request a copy of their data in an easily accessible format. They also have the right to opt-out of any type of direct marketing (and organisations will continue to require their opt-in consent to electronic marketing).
“48% of firms have no plans or don’t know if they will repermission customers”
But perhaps the most far-reaching of GDPR’s stipulations centres on the requirement for valid customer consent. Organisations need to demonstrate that, where they are relying on consent as the legal basis for processing, they have permission to use a customer’s data and that the customer understands how their data is going to be used.
For those companies that haven’t previously sought consent which meets the requirements of GDPR, the implementation of an extensive programme of repermissioning may be required. Yet the RMDS research shows that nearly half of all firms (48 per cent) either have no plans to conduct a repermissioning exercise or do not know whether they will seek fresh permission from their customers.
Those companies already handling customer information correctly for postal marketing purposes may, following a review against the requirements of the GDPR, determine they are able to continue to claim they have a "legitimate interest" for the processing and avoid this process. But again, this places the onus on maintaining data accuracy at all times - if customers aren’t being accurately communicated to, it’s difficult to claim that you have complied with GDPR.
“49% of firms rely solely on customer data - up from 39% in 2014”
In addition, it is challenging to meet GDPR requirements when using third-party customer data for marketing purposes, which means organisations must assess any external data they use to ensure that use is GDPR-compliant. The RMDS research shows that nearly half (49 per cent) of organisations now rely solely on customer data they have captured themselves. This compares to just 39 per cent of organisations relying solely on their own data in 2014.
The GDPR opportunity
At the heart of GDPR is a push to improve the accuracy of customer data. As such, GDPR may be seen as an opportunity to reinforce the strategic importance of building strong, sustainable relationships with customers. While this may potentially lead to lower volumes of customer data, the information may be better quality and lead to higher engagement and conversion rates.
To develop trust-based relationships with customers, data processes need to be rigidly adhered to and maintained. There needs to be consistency of validation from the moment customer information enters an organisation, by whatever channel.
“61% of marketers say life-event data presents a reason to engage with customers”
After basic data accuracy has been achieved, the next stage of building trusted relationships with customers is to personalise communications in a meaningful way. Organisations may be reducing their use of third-party data providers in order to promote GDPR compliance, but this could also mean that new marketing opportunities arising from customer life events - such as moving house, acquiring a mortgage, getting married and having children - are being missed.
According to the RMDS research, 61 per cent of marketers consider enhancing customer information with life-event data useful for nurturing customer relationships as it presents both a reason to engage with customers and new sales opportunities.
A new era In data management
The RMDS research reveals that some companies are still struggling to meet GDPR standards. But GDPR does present an opportunity for organisations to update their data hygiene practices and become leaner, cleaner data-driven marketing machines.