By Scott Logie, MD, Insight at REaD Group
At the recent Data IQ event I jointly chaired a table discussion on the GDPR ready Single Customer View (SCV). This turned out to be a very interesting experience. First of all, there was a huge range of requirements, from B2B SCV development to “How do I get started”, “How do I get funding for an SCV” through to “How do I make my SCV real-time” and “How do I connect Google Analytics data into my SCV”.
This obviously created a lot of discussion with different brands, at different levels of development, able to share their experience with those who are just getting started. Hopefully everybody enjoyed the discussion and got a lot out of it.
From a GDPR point of view, there were three main areas of interest that came out:
- How do I keep the data in my SCV current and up to date?
- How do I structure the SCV so that I can hold permissions and consent correctly?
- What do I need to do to ensure that I share the correct information with my customers, as and when this is required?
So, taking each of these in turn:
Keeping the data up to date
What became apparent during the conversations was that there are different levels of understanding of what is required under GDPR in terms of keeping data up to date. This isn’t that surprising as most of the concentration to date has been on consent and ensuring that we have permission to contact the consumers we want to engage with.
However, we have an obligation as well to keep the data we hold current and clean. And to archive or delete what is no longer needed. In some cases this has not been considered, in others it was seen as a lower priority.
From a REaD Group point of view, our advice is very clear; with the GDPR Article 5 requiring that personal data be kept clean and accurate (or be deleted!) choosing a trusted solution to optimise the quality of your data and maximise compliance is now business critical. Whether this is ad hoc but planned updates, real-time access via APIs or licencing of the different industry suppression products there is no choice but to make sure there is a solution that works for your business in place.
Structuring the SCV for holding consent
To be honest, there is no easy way to answer this. We have tackled it by building a consent table that holds each of the key pieces of information – which allows us to manage change over time – that is then referenced on each customer record. This allows us to ensure we keep the most recent permission against a record, by channel, but also enables us to track changes over time. This does result in a very large lookup table but better that than extending customer records.
The other thing to bear in mind is to hold both what consent was gained, where and when but also what the usage you have agreed for that customer record by channel. For example, you may have gathered consent to contact by Direct Mail but have chosen Legal as the reason for contact and this needs to be held. In addition, note that this needs to be managed by customer, by product, by channel so can become cumbersome if not managed correctly.
Giving consumers access
Finally, from a consumer access point of view, I think there are two key things to consider in terms of contact: managing subject access requests (SARs) and also allowing consumers to see what information is held on them for permission management.
From a SAR point of view, there were two clear messages:
- Be very clear what is going to be shared as part of a SAR. It’s not my place to advise what the content should be but what was interesting was how varied and differently detailed each SAR response format was going to be. I think this is something to be tackled early, agreed with your legal teams and shared as appropriate.
- Having an SCV doesn’t sort out SAR responses but it helps a lot! Having as much data held in one place as is possible makes the tracking of information needed for a SAR substantially easier.
From a permission management point of view, again there were a lot of different views and positions. Some organisations, the more digital email only brands in particular, seem to be using their ESP to manage and share permissions with customers. For others there was a work stream to agree what was to be shared and how. Interestingly, no-one stated that they were fully on top of this.
There are many approaches to be taken here. At REaD Group we have partnered with a business, My Life Digital, who provide a Permission Management solution. We are implementing this for our own use and also recommend it for our clients. Other solutions are available!
Overall, tackling GDPR compliance from an SCV point of view isn’t a luxury but a necessity. Keeping the data current, tracking permissions and consent and ensuring that SARs can be responded to quickly and accurately are all part of the new world of data management. It was very clear that there is a lot of work to be done, by big brands and smaller businesses, to meet the basics never mind the nice to haves. It’s going to be a fun year!
By Scott Logie, MD, Insight at REaD Group
The robots are coming! Well, not quite, but the ever growing trend for implementing AI and automated systems to aid in our everyday lives seems to be showing no signs of slowing.
Recent research conducted by advisor company, Gartner, suggests that by the year 2020 a quarter of all customer service and support will incorporate chatbots or a similar form of virtual customer assistant technology. This seems like an astonishing figure, and one that has both positive and negative connotations.
The last decade has seen a huge jump in the proportion of people engaging on digital channels, and it is therefore hardly surprising that companies are investing more and more in these virtual customer assistants. Purely from a resource point of view such a transition makes a lot of sense; artificial intelligence (at least at this stage!) doesn’t ask for a pay cheque.
There is also a distinct advantage to the consumer – these automated systems are capable of functioning 24/7, without the need for sleep or coffee breaks. Furthermore, the prospect of a future free from hours spent on hold listening to Justin Bieber might not be the worst thing in the world.
However, when it comes to customer service, can human contact ever truly be replaced or replicated? According to research we conducted last year, 62% of consumers rated high quality customer service as the largest factor influencing brand trust and loyalty in the retail sector (Retail Trend Report 2017: New World, New Consumer).
While these virtual customer assistants are undeniably becoming more sophisticated all the time, it is the warmth of human interaction that creates this customer engagement. Some of these systems are capable of detecting frustration and anger in a customer’s voice and will transfer the call to a person in a call centre at a certain point. I find shouting down the phone helps. But by and large there is no doubt that they are still worlds away from being able to react and alter their response or attitude based on things like sarcasm and emotion.
There also comes a stage when we have to ask – where does this end? Do we eventually reach a point where human contact has been phased out entirely and we find ourselves reliant on machine to machine relationships? Say, for example, my bank bot detects that I’m overdrawn and applies for an overdraft on my behalf, and this instigates another chatbot which then decides whether to grant me said overdraft. The possibilities are dizzying, and somewhat terrifying – just one short leap to Skynet!
The question of trust and customer experience is not one to be overlooked lightly. The majority of consumers taking part in Gartner’s survey said that they find it difficult to trust VA’s to assist them with more complex tasks, such as handling their banking, insurance or utility issues (29%, 16% and 35% respectively). Therefore, brands will need to demonstrate to customers that they will still receive the same high levels of customer service once these technologies have been incorporated.
Perhaps if this predicted future comes to pass a balance will need to be struck between convenience and functionality. A system whereby technology and human work in tandem may be considered as an initial compromise – HAVA’s (Human Assisted Virtual Assistants). The idea being that when a VA is faced with a situation it cannot handle or a question it cannot answer, a human agent will then take over the conversation. The growing development of machine learning will also theoretically mean that VA’s are able to learn from these instances and adapt to resolve these situations themselves in future.
Essentially, it will remain to be seen how effective these VA’s are in maintaining the high levels of customer service that consumers have come to expect. Advancements in technology such as natural language-processing and machine learning are perhaps bridging the gap between the soulless and robotic automated systems that we’ve come to know, but can they ever truly hope to encourage the same level of engagement and replace human interaction? The next few years will certainly be interesting, but brands must be sure to put customer experience first, or risk dealing with the consequences.
By Scott Logie, MD, Insight at REaD Group
Working as I do in the data marketing sector, I am probably more sensitive to how my data is being used than most. As an industry we very proudly boast about how marketing used to be mass market and big creative idea led but it has evolved over the last 20 years to being content and data led. Indeed, we wear GDPR as a badge of honour that the use of personal data is now so high profile that new laws are needed to ensure that it is not misused or abused.
Also being from the industry I see, and also share, lots of case studies of how data is being used to create personal content, drive individual level communications or build real-time offers based on clicks, views and likes. But in reality, how much of this is smoke and mirrors? How much do consumers feel that they are receiving highly relevant communications and offers? How close are we really getting to one-to-one marketing?
There is a slide in a deck that I use a lot that states that the benefits to brands of getting the right balance on personalisation are very powerful with return on investment 30% higher for companies who use data and analytics to personalise their marketing and customer engagement (source: SAS and Forrester Research).
So there is a compelling business case yet, as a consumer, how often am I impressed by the marketing communications that I get? Honestly, not very often at all. What I get through the post is generally identical for me and my wife, often from the same company on the same day. My inbox is jam packed full of emails which are clearly sent out to everyone on a database but, hey, sometimes they have my name on them so it’s personalised, right? And on-line I’m pretty sure I see the same ads all the time and when I browse youtube or watch All4 I see the same ads as everyone else does.
We are creating a promise to build engaging, tailored, personalised content based on real-time data but we are not living up to that promise.
Other research I have seen has shown that only 25% of companies reckon their marketing could be described as personalised with around a third of marketing using some form of segmentation. Segmentation feels like a dirty word these days. It is often derided by many people. Why would you use segmentation when you can get to real personalised content by analysing clicks and likes? Why use a broad brush approach that classifies people into a number of groups when everyone can feel like an individual?
My response would be this – at least a segmentation can help to bridge the gap between mass marketing and one-to-one engagement. Call it practice. If we can tailor content, emails, adverts to a few segments then over time that can become automated and refined to get towards the personalisation utopia.
In many cases it isn’t even as if the segmentation doesn’t exist. I see a lot of instances, sadly, of segmentation work being done but the next step of tailoring comms and starting to move towards a more personalised customer experience just never happens. As a data analyst this makes me very sad indeed. Maybe we are not being forceful enough in showing the value of implementation, of helping achieve that 30% uplift in ROI.
The longest journey starts with a single step. My feeling is that many organisations are fearful of taking that first step. There is a lot of procrastination – it will take a lot of effort, it should be perfect when we go live, let’s test and see what level of difference it makes. Status Quo is the easy outcome, things are not too bad just now so let’s leave them as they are.
However, by not even trying to make a change we are letting the data down, we are wasting investment, we are letting the hard work by the analysts in creating the segmentation go to waste as well as the marketers who instigated the work.
But much much more importantly, we are letting our end customers down. The next time a decision is made, or more likely, not made, to defer the implementation of a more personalised approach think about this: Would my customers be impressed by the current emails I send them? Or the mail they get through the post from me? Or the ads they see on-line? Would they feel it was delivered just to them because I know them so well? If not then what’s the risk of taking that first step?
Want to know more about how to effectively engage with your customers? Contact us today
Direct Mail can be used under the basis of Legitimate Interest under GDPR (or put another way, does not require Consent).
Yes you can! We’ve had it from the only authority that counts in the UK – The Information Commissioners Office (ICO) – who recently provided some much needed clarity on the use of Legitimate Interest for marketing, confirming on their website that states “you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.” Great to have some clear guidance and a green light for responsible, consumer centric direct mailing.
Using Legitimate Interest in practice requires the application of a good dose of…common sense!
OK so the ICO call it a Legitimate Interest Assessment (LIA) – but essentially what they are looking for is the application of the main principles of the GDPR – openness, honesty and transparency – supported by evidence that you have carefully considered the impact on an individual and made an informed and fair judgement that your interests and the interests of the individual are balanced.
Executed well, Direct mail is proven to be an incredibly effective channel for response rates and engagement.
Put simply – it works! Great Direct Mail will deliver great results. It can grab more attention, engage and help to create closer relationships and generate more responses.
Recent research by Brand Science confirmed “when mail was included in the marketing mix, campaigns had 12% bigger ROI than those without mail.” Impressive!
Anecdotally, one of our clients recently reported a consistently high ROI and an average of 1000+ new customers/month from Direct Mail.
AND consumers like it! And we’ve got some stats to prove it….
Respondents to MarketReach research confirmed that mail is more believable (87%), makes them feel more valued (70%) and creates a better impression of a company (70%).
Choosing the right partner will make all the difference!
Choose a partner you can trust. At REaD Group we have been helping businesses of all shapes and sizes get great results from Direct Mail for more years than we care to remember – and with the advent of GDPR our services have become even more important and relevant to our clients (from optimising data selections and data quality to campaign reporting and analysis). We’re a safe pair of hands.
Sounds good, right? So what to do next?
Contact our knowledgeable and friendly team who can talk you through how we can best support your marketing strategy and help you thrive through GDPR and beyond.
By Dan Fossaceco, Lead Generation Director at REaD Group
As we look back on the developments of 2017, there are some things we expected to happen and some things we didn’t.
We expected there to be a clamour around GDPR and we expected ‘experts’ to come out of the woodwork to tell us everything would be alright…as long as we completely changed everything we knew about the consent, the processing and the holding and management of data.
We didn’t expect there to be a simple solution.
As Captain Kirk once said ‘Hang on tight and survive. Everybody does’
But will they?
Change is key, and adapting to change is more important than ever.
There isn’t a simple solution, but taking each part of GDPR individually makes it easier to digest, and what this piece will attempt to go over is the acquisition of new consumers – just how do we ensure that we have consumers to contact in June 2018?
The first thing to discuss is the sales funnel, because we all use it.
‘For every ten people I contact I will make one sale – I need to make 10,000 sales so I need to ‘‘buy’’ 100,000 contacts to make my sales.’
Post GDPR this WILL become more difficult; properly consented data will be harder to get hold of. The hoops that processors and owners of data will have to jump through will increase. That’s not to say it will be impossible, but it will be harder.
So all doom and gloom?
So what exactly are we purchasing?
Let’s break down what we were purchasing – we weren’t purchasing a consent, (albeit a 3rd party consent) – we were purchasing sales, not contacts.
When it comes to having clear and concise consent, there is no doubt that first party is the aspirational standard. There are a variety of means to obtain a first party consent
- through lifestyle surveys
- pushing traffic directly into a bespoke landing page
- or re-consenting the data which is already held.
By obtaining 1st party consents ahead of May, brands will be in the best position to continue to communicate with prospective and existing consumers.
But what about the volumes? Let’s look back at the original statement:
‘What exactly are we purchasing?’
If we are purchasing sales and not contacts then the most important change that needs to take place is conversion.
The best way for consumers to increase their engagement with brands is to actively seek them out for communication; this can happen in two ways. Either via inbound communications through website or aggregator sites, or by gaining the initial interest using third party websites – this gives the comfort of a first party opt in with the added benefit of it being based on performance.
It’s proven that a solid relationship with consumers increases engagement and buying levels, so why not get the consumer to do the initial work for you and ask to be contacted?
Maybe we all need to calm down a bit and understand what makes our businesses tick; its customers, and customers who WANT to interact with our brands, are invaluable.
Finally, to finish off with another quote from the enterprise…albeit tweaked – ‘its data, Jim, but not as we know it.’
By Andy Bridges, Data Quality and Governance Manager at REaD Group
The Gemalto Breach Level Index (BLI) recently published some rather concerning findings – more data records were leaked or stolen in the first half of 2017 than in the whole of 2016. An even greater cause for concern, and perhaps somewhat surprising, the report also revealed that the most common cause for data breaches was accidental loss and data being inadvertently left exposed.
While attacks by cyber criminals make for more compelling reading, more attention needs to be brought to internal threats such as accidental loss and other acts of negligence. If nothing else, the BSI report highlights that UK data security culture is in serious need of an overhaul. So how exactly can businesses better protect themselves?
However much we like to believe that information breaches are largely the result of strategically orchestrated attacks by criminal masterminds, the truth is generally far less dramatic. They are frequently the result of human error, such as misplacing hard drives, bad password management, careless file sharing or lack of vigilance to the increasingly prevalent phishing emails. All can be easily prevented.
More than anything, businesses must incorporate information security into office culture – protecting information is no longer the sole responsibility of IT and compliance departments; data security is a companywide responsibility.
As a first step, staff should be trained on a regular basis to ensure that everyone understands best practice in the workplace. The HR policy should also be altered to reflect the fact that responsibility doesn’t lie solely with IT to instigate better behaviour.
Additionally, employees should be on the lookout for potential threats to information security, such as leaving computer screens unlocked and leaving confidential paperwork unattended, and should be encouraged to self-police. Implementing a clean desk policy is a good first step towards safeguarding confidential information.
In order to better protect an information estate, companies need to understand what information they have. As well as ensuring that data is clean, viable and that all relevant permissions and consent are held for the data, companies must also ensure that the appropriate data protection and information security practices are in place. It states in Recital (100) of the GDPR that:
‘In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services.’
It is not currently compulsory to report a data breach, but once GDPR comes into force next year, all companies must report a data breach to the Information Commissioner’s office within 72 hours. In addition to risking a hefty fine, companies will also stand to incur the longer-standing loss to their reputation.
With this in mind, it seems highly probable that we will see an increase in breach reports – most likely not due to an increase in breaches, but because companies will have much more incentive to be transparent and open about such occurrences.
Overall, GDPR presents a great opportunity for UK businesses to step up their data protection strategies and better protect themselves against data breaches. The new regulation stipulates that companies will have to be much more rigorous in their approach to collecting, storing and using customer data – which should correspondingly see a vast reduction in accidental loss. Inevitably, this increased transparency will result in a more trusting and loyal consumer.
It is now less than 6 months until GDPR is introduced, and the more earnest businesses are to prepare and implement the necessary data protection strategies, the sooner we will see a significant reduction in the number of data breaches.
By Scott Logie, MD, Insight at REaD Group
In the ongoing race to maximise compliance and pip GDPR to that ever-encroaching finish line, the whispers and concerns over its implications continue to reach fever-pitch.
Earlier this year, the Information Commissioner’s Office (ICO) made an example of the Exeter-based airline Flybe by enforcing a sizeable £70,000 fine. The airline incurred this by sending millions of marketing emails to customers who did not wish to receive them; the ICO have made it very clear that when it comes to consent infringements – they’re taking no prisoners. ICO head of enforcement, Steve Eckersley stated that Flybe “deliberately contacted people who have already opted out of emails from them” by asking if they wanted to update their preferences, which he stressed is still a form of marketing.
It is therefore hardly surprising that many travel companies have begun to feel apprehensive about their ability to communicate with their customers come the day of GDPR reckoning (May 2018). With fines such as the one sustained by Flybe becoming more prevalent, this only emphasizes the necessity for companies to obtain consent from consumers. Consent essentially entails an individual providing approval for the processing of their personal information. The bottom line is that travel companies, and indeed all businesses alike, will have to be far more transparent if they hope to avoid harsh sanctions from an unforgiving ICO.
Initial guidance provided by the ICO suggests that a pre-ticked opt-in box will no longer constitute legally attaining permission. In lieu of this, unequivocal and unambiguous consent must be attained through active opt-in protocols; the box must be empty to begin with. Moreover, comprehensive details of how this data will be used must be provided. Contrary to the current system, consent requests must under no circumstances be hidden in the Narnia of terms and conditions or be a precondition of subscribing.
Admittedly, marketing strategies may require a bit of adjustment, but in the long run these new regulations should be seen as a positive change for both customers and operators alike. While it may ultimately result in a shrinkage in the size of marketing databases, the overall quality and saturation of amenable and valued customers within them shall undoubtedly increase. Those who have willingly shared their personal information will prove more beneficial to marketers than those who have been duped into giving permission. Consumers are more than happy to part with their details as long as they perceive that they are receiving a tailored and personal service in exchange. With regard to Travel companies, details on a customer’s budget, lifestyle and favourite destination can be used to provide the kind of customer service that consumers have come to expect.
On the other hand, it seems likely that smaller companies and those that have already fallen under the ICO cosh may struggle somewhat more than household names to convince consumers to part with their personal data. Nonetheless, there are certain measures that all travel operators, irrespective of size or reputation, can implement to limit any negative effects of GDPR.
The most effective course of action might be to devise highly targeted marketing campaigns that demonstrate to consumers the benefit of consenting. Personal offers and relevant streams of contact can be instigated once Travel companies have segmented their customer database into smaller groups based on factors such as interests, favourite destination and budget. How soon should you do this? The sooner the better; GDPR waits for no man.
Once the swirling dust and initial shock of GDPR has settled, companies should find that they are left with a more succinct database consisting of receptive customers. Which, truth be told, is an infinitely better prospect than a larger spread of individuals who weren’t aware that they had consented in the first place. By conducting these highly targeted campaigns, travel operators can seize the opportunity to demonstrate the value exchange in sharing information and strengthen relationships with their existing customers before GDPR’s implementation. This may seem like an extreme alteration in approach, but travel companies should find that if they navigate these unchartered waters effectively – treasures and bounty await.