The GDPR came into effect well over two years ago, but understanding its finer points still remains a challenge for many marketers. The lawfulness of processing data (covered in great detail in Article 6 of the GDPR) and in particular the appropriate application of consent and legitimate interest, continue to present challenges and questions.
For example, assessing which is the most appropriate basis to apply and how this might impact their marketing activities, including direct marketing, advertising and so on.
While the scare stories of hefty fines and pre-GDPR panic has largely died down, many businesses are still getting to grips with GDPR. It is unlikely that many are fully compliant as they try to interpret the regulations and how best to apply them to marketing activities.
It is important to remember that the GDPR is a principals-based regulation and while the definitions are explicit, they do not provide specific directives of how to apply them when collecting, processing, storing and using data. That means that responsibility for these decisions sits with the data and marketing professionals who are processing the data on behalf of their businesses Because GDPR doesn’t say how to apply the definitions, marketers still need to know how to make informed decisions and justify them.
So, how can marketers ensure their data processing is transparent, compliant and responsible? And how do they align their legal, compliance, governance, IT and marketing teams in order to meet the data protection regulation and educate them on how to use and process data?
It’s a case for education and process. Marketers must now be very well acquainted with data protection law and know how to apply the regulations to their specific activities. But they also need to be able balance their business objectives and KPIs, while not contravening the regulations. Data Controllers and Processors must now be more responsible and accountable when it comes to processing personal data, and they must be able to record processing activities and evidence the rationale for the legal basis they select.
Even experienced marketers and data and compliance professionals are questioning every action and decision regarding customer and prospect communications in the context of the GDPR:
- What is the best lawful basis to use or choose from?
- How do I choose which is the most appropriate?
- Do I need to write an LIA?
- Does my organisation need to be named when purchasing data for prospecting?
- How do we ensure we have protected the consumers’ fundamental rights?
The list goes on….
So it is no wonder that a lot of confusion stills exist around when and how to use the key lawful bases for processing data for marketing purposes: consent and legitimate interest.
Legitimate interest, based on the ICO’s definitions, is the most flexible of the six legal bases for processing personal data, and it can therefore be applied to many different situations. It is, for example, the most appropriate basis when processing data is of a clear benefit to you or others, there is limited privacy impact on the individual, or where an individual would reasonably expect their data to be used in that way. The balance of fundamental rights is of equal measure and transparency is crucial when making these decisions.
GDPR specifically states that direct marketing may be considered a legitimate interest in recital 47, albeit upon the appropriate and thorough application of a balancing test. By balancing the business and marketing objectives with the rights of the individual – and a good dose of common sense – and documenting it in a professional and trackable manner by completing a Legitimate Interest Assessment (LIA) , marketers can use this basis for marketing with more confidence.
Applying a balancing test to a legitimate interest and also applies to prospect data and data sourced from third parties as well as first party data. There is nothing in the GDPR that prohibits the use of third-party data, provided that it is undertaken in accordance with the data protection principles and regulatory guidance.
When it comes to consent, this is what the ICO has to say; “The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.”
This means that, in many instances, consent may not be required. However, some examples of when it is required involve the use of electronic marketing (including email) and this is where GDPR and the Privacy and Electronic Communication regulation (PECR) dovetail, i.e. email marketing requires consent and the requirements for consent are set out in PECR.
Fundamentally the GDPR is intended to build and maintain trust with consumers. That means applying both rigour and common sense when balancing commercial interests with consumer rights and regularly testing that decision to ensure it is the right approach.
The days of privacy being a box-ticking exercise are well and truly gone. The principles of privacy by design and ‘responsible marketing’ have to be embedded in businesses now. Challenging but necessary – but those business that get these fundamentals right will reap the rewards.
Coming out of lockdown is presenting many challenges for businesses and organsiations of all types. Of course, being aware of your business environment has always been key to success. Knowledge of your customer base at local and national level has in the past been focused on maximising marketing and sales opportunities and operational efficiencies.
You can now add on to this the fundamental requirement of customer and staff safety – how to open and operate safely within a Covid-19 world. And clearly, decisions made regarding the re-opening of business will be key to a responsible and successful emergence from lockdown.
To support businesses to make more informed decisions, REaD Group data partner More Metrics have developed a new set of models to track Covid-19 risk factors. For these models, More Metrics has used its existing and new datasets to create 20 risk measures relevant to Covid-19. The risks cover a number of dimensions, including:
Age and Household Composition
Mortality and Co-morbidity
By combining this data with Ppublic Health England (PHE) Pillar 1 and 2 test data More Metrics have created risk models at a range of geographic levels.
These unique models can help you to answer key questions, including:
- What is the infection risk now in any of the areas that I operate in and where my customers and staff live?
- What is the infection risk going forward in these areas and how might it differ with other areas?
- How should I vary my actions over the coming weeks to minimise any infection risks and help get our operations up and running as soon as possible?
The data will also:
- Provide up to date estimates of key information at local level
- Support risk assessments for reopening customer facing and other business locations
- Support resource allocation and management focus based on reliable data for specific locations
- Allow you to benchmark your own area against other areas in the UK
Data quality is more important than it has ever been. Ensuring that the customer and prospect data that you hold is accurate, up to date and compliant is a benchmark of responsible data management and marketing. Consumers expect it, the law requires it and it delivers massive cost savings, better ROI and reduces the risk of brand damage.
A key part of maintaining the quality of the consumer data you hold is the identification and suppression of individuals who have moved from the address you have in your database – using a credible suppression file such as REaD Groups definitive Gone Away Suppression file (GAS).
Why compromise the success of your campaigns and risk the reputation of your business by continuing to send communications to individuals using their old address?
Using a credible gone away suppression service will bring many business benefits:
• Reduce campaign costs and improve ROI
• Prevent the brand damage caused by sending mail addressed to previous occupants
• Help you to adhere to the data quality requirement under Data Protection Act 2018
• Help you to keep in touch with customers and supporters and maximise retention and LTV
Part of Rare Consulting’s COVID-19 Emerging Trends Series and with contribution from REaD Group’s Customer Engagement Director, Scott Logie, Grey Expectations: How Brands can Create Sustainable Growth with Consumers Aged 55+ explores why businesses need to get serious about targeting the older generations – particularly online, where many have shopped during the pandemic and now intend to stay.
This means showing more empathy of what marks them out as being different to other age groups; recognising their needs and desires; and understanding their choice drivers. Our findings have implications not just on how we communicate to them but also how we build services that create long-term value for brands and consumers.
“The industry talks about over-55s as being one group. But to treat 17 million people in the same way is madness. Segment and research them as a non-homogenous group of people.“There will need to be some experimentation with customer engagement and experience for this age group, depending on your product type. One of the things they still crave is human experiences. A challenge for retail and e-commerce is to humanise engagement. If they want to chat, they want to chat to a person, about price and options. You can’t yet do that with an automated chat function.”
Scott Logie Customer Engagement Director, REaD Group
Find out how empathy, engagement and customer experience are the keys to marketing to the over-55s
By Scott Logie
One of the outcomes of the Covid-19 pandemic and daily reporting of related stats is that we have probably all become quite a bit better acquainted with data. At the very least I’m pretty sure that almost everyone understands what the ‘R rate’ is.
Given that all this data is available, it is a surprise then that few organisations seems to be using this data in a marketing context. Now, more than ever, tailored, sensitive and responsible marketing communications are crucial. And the point is that we have the data available to drive it. Despite this, examples of organisations who are doing so seem to be few and far between.
For good example of how data can be a powerful driver for impactful decision-making – take what has happened in Leicester in the last week.
As has been widely reported, Leicester is the first city in the UK to have their lockdown status increased. This situation could potentially have been avoided had the data been available so that local authorities could have sent out early warnings to help to minimised the chances of infection and lockdown. Having the right data to hand allows one to be reactive to an ever-changing situation and to make better decisions.
The world has changed dramatically – with less face-to-face contact and a corresponding increase in digital services – at the same time many individuals are newly suffering from financial difficulties. More than ever, brands need to be targeting different audiences according to their different needs, and the data exists to help them do just that.
Research from Kantar shows that only 8% of consumers think brands need to stop advertising during the COVID-19 outbreak, but their expectations of how a brand should be helping them are huge: 78% believe brands should help them in their daily lives; 75% said brands should inform people of what they are doing and 74% said companies should not exploit the situation.
We’ve talk often about the power of direct mail to reach people at home. Mail reaches everyone, engenders trust and gives reassurance, has a tangible impact, drives interaction and gets people online – there is plenty of research and stats from the Royal Mail to back this up.
Direct mail should never be a ‘one size fits all’ approach. As with all communication, it should be tailored differently to different audiences – especially those who are vulnerable audiences, the recently unemployed, the furloughed and the self-employed. Each of these audiences has very different needs, and brands must be aware of these. And identifying these is now very easy, thanks to data!
Since April 2020, REaD Group data partner More Metrics has made available datasets that estimate COVID-19 risk factors and infection rates across the UK at a neighbourhood level. These datasets contain 20 different measures of risk at a range of local geographies, using open source and GDPR-compliant data from REaD Group.
Not only can this data give you a greater insight into your customer base at local and national level, enabling you to maximise marketing and sales opportunities and operational efficiencies, but as you prepare to come out of lockdown, you can now add to this the fundamental requirement of customer and staff safety: in other words, how to open and operate safely within a COVID-19 world.
This data is free to use for a range of geographical areas including Parliamentary Constituency, Ward and CCG. If more granular data is required, the data is available at Postcode and attached to over 50m individual consented consumers.
Find out how REaD Group can help you to apply this data to make sensible, sensitive decisions and inform your marketing strategy, supporting data-driven decisions and responsible marketing. Get in touch today!
Scott Logie is customer engagement director at REaD Group.
Using open source data, More Metrics has created a bespoke set of data models that explore the impact of COVID-19 on the UK population. These models can help brands ensure they are targeting their marketing messages, optimising contact with customers and increasing ROI. Data used to create these models is publicly available – ideal for the current situation.
More Metrics has used existing and new datasets to create 14 risk measurements relevant to COVID-19, including Age and Household Composition: Mortality and Co-Morbidity; Economic Resilience; Risk Engagement and Infection Rates.
These bespoke models can be used for:
- Screening to deselect vulnerable consumers for campaigns
- Attaching codes to inbound contact data to understand the consumer they are talking to
- Adding the data to models to ensure these factors are considered when selecting consumers for campaigns
The data is available at a range of different geographic levels: the application of each is dependent on usage. At the lowest level the models are created at OA (Output Area) level and can be attached to any individual or household with a postcode: the recommended level for most marketing applications.
REaD Group can advise marketers on how to best apply the models to make sensitive decisions and inform their marketing strategy, supporting data-driven decisions and responsible marketing.
As we find our feet in the new decade, we consider the big drivers and trends we can expect to see this year (and beyond!). From data quality, third party data and advances in automation, there is plenty on the horizon!
One of the big areas of concern in the data world we’ve seen lately has been around ethics/values and we expect there to be increased emphasis on this subject throughout this year. Where data-driven marketing is concerned, one of the key questions is how we can gain the trust of consumers to an extent where they are happy to share their personal data.
The principal of giving brands the right to be personal is only effective if the brand has access to quality data. There is a correlative relationship between trust vs sharing data – the more a customer trusts a business the happier they will be to share their data.
In a recent Dun & Bradstreet report, half of the 500 business leaders interviewed said their business wouldn’t survive without top quality data, while over two-thirds (69%) agreed that having access to more data supports revenue generation.
A large proportion of this trust comes down to transparency and companies being open and honest about how consumer data is being processed. At REaD Group, we are strong advocates for best practice; we are able to take any record from our suite and identify the point of collection as well as the legal basis on which it is being processed. We believe this should be a mandatory requirement for all personal data utilised in today’s climate.
First party data vs third party data
While first party data is naturally an asset, the advantages and capabilities of third party data should never be overlooked. Third party data offers a whole range of possibilities – enabling businesses to find their best customers, drive more informed decisions, gain more value from their marketing activity and delivering ROI.
Some 54% of the business leaders interviewed by D&B said that third-party data is valuable for enhancing the data that they hold in their organisation, while a similar proportion (56%) agreed that they would benefit from more of it.
But again, trust is crucial. You can only trust the data you’ve got if you can maintain its quality. And can you trust the supplier of the data if it’s third party data?
Buying third party data
You should always be sure to conduct thorough due diligence on a supplier before purchasing marketing data. You need to be able to trust the quality of the data – there are a number of questions you should always ask when choosing a provider (see our handy checklist here).
Permission must be accurately tracked and evidence the due diligence that was applied to it at the point of collection. This all aligns to a fundamental requirement of the Data Protection Act 2018 – privacy by design. Any credible data supplier should be able to demonstrate this level of transparency.
Keeping data clean
We can expect to see data hygiene continuing to rise to the top of the agenda this year. Businesses are recognising more and more that it is a requirement of GDPR that data must be kept up-to-date and accurate. This realisation is beginning to trickle down from the bigger players to the mid-size market and should continue to progress to smaller companies and SME’s throughout 2020.
Regardless of the size of your business, keeping data clean needn’t be a cumbersome task. Take one of our clients, Stannp, a print management provider which offers companies a fully digital, integrated solution to their direct mail needs.
As keeping data up-to-date and accurate is now law, Stannp wanted to provide its clients with the ability to clean their direct mail campaign data in realtime.
We provided them with a fully automated data cleaning solution which provides realtime access to our data cleaning products, GAS and TBR. Clients upload their data to the platform and are given the option to plug into REaDConnect before launching a campaign, delivering a bespoke data cleaning solution that is moulded to their requirements.
Research shows that the higher the quality of data an organisation holds, the more efficient and effective an organisation is, and data quality is a top priority for 41% of UK data leaders, according to a Big Data LDN report.
As the list of processes that can be automated continues to grow, automation is certainly something that will continue to be important in 2020. The prevalence of API’s isn’t a huge surprise given the efficiency, speed, accuracy and enhanced information security that automation can offer.
For companies with vast quantities of data, automation is able to alleviate the ‘heavy lifting’ involved with the management and processing that such an asset demands. Automating your data cleansing process will provide access to cleaner data, leading to increased insight, better decision-making, triggered campaigns, live personalisation and improved business planning.
In addition to improving regulatory compliance and increasing customer loyalty, automation can also provide customers with a better experience and offer brand protection. It reduces processing costs, uses less infrastructure and improves resilience, and removes or reduces manual processes and associated resource time, leaving it to be redeployed on more creative activities.
Quality data and data quality
What all of this illustrates essentially is the importance of trust and transparency, especially in 2020. If you are able to demonstrate to your customers that you adhere to the principles of both data quality and quality data, then they will be reassured that their data will be looked after according to the data protection laws, and they in turn will trust you. Let’s make this year the year of responsible marketing!
The wait was perhaps longer than we anticipated, but last year we finally saw the ICO implement the full extent of the new fines administrable under GDPR. Twice in fact – and in a 48-hour window. To any who had not yet appreciated the repercussions of mishandling or inappropriately using data, this was a very big wake-up call.
No small task
With penalties of this magnitude awaiting those who fall foul of data protection regulation, heavy is the head that bears the data crown. However, recent research has found that there is a lot of uncertainty surrounding who should take responsibility for data in an organisation. Over the past three years, the report found that CEO’s have had variable ownership of data, and brand-new job titles have arisen in the interim [The Fourth Industrial Revolution Report 2019].
In fact, in 2017 CEO’s had no direct responsibility for data, and the onus was largely on Chief Data Officers (66%). This peaked in 2018 after GDPR was introduced and responsibility jumped dramatically to 15%. Conversely, 2019 saw responsibility drop to just 9%.
Data a company-wide asset
Data used to be a subset of marketing and/or IT and many tensions arose because of that. It is now central to organisations and needs to sit alongside these disciplines as well as many others such as operations, HR and finance. The value of the data on customers, performance, staff, suppliers and so on means that the real owner of data now is the CEO and therefore having one person report in who is managing the control of the company’s data is essential.
The responsibility has noticeably shifted over the last two years between a number of C-suite roles, including Chief Data Officer, Chief Information officer, CMO, CFO and the newest addition – Chief Privacy Officer (CPO). This begs the question – is this a result of experimentation and trial and error, or merely panicked finger pointing (‘well, that’s your job’)?
More than a third of companies (39%) believe the responsibility of the CDO is setting the data strategy within their firm and owning its results, while 60% believe that this accountability sits with other C-suite executives, or argue that it does not sit with a single role, according to NewVantage.
Horses for courses
It may be that the assignment of this responsibility comes down to a judgement call – namely that the nature of a company and the way in which it uses data will influence who takes charge. This makes a lot of sense. Depending on a company’s corporate objectives and strategy, data will be used in differing ways to reflect this. For example, putting a CMO in charge of data may result in a greater focus on ensuring that data is fit for marketing purposes.
In any case, the good news is that data has become a responsibility that sits at board level – this would have been unthinkable even 10 years ago. It is encouraging (and necessary) that it now gets the attention it deserves, and GDPR has had a huge impact on this.
In 2012, just 12% of Fortune 1000 companies had a CDO. By 2018, 67.9% of surveyed firms reported having a CDO. [Big Data and AI Executive Survey 2019, NewVantage Partners]
Rise of the CDO
In terms of skillsets and responsibilities opinions differ as to what falls within the CDO’s remit. Many believe they should come from a technology background, others a business background, and some think that both are beneficial. There is also the question of how much data governance responsibility a CDO should have. In a recent Gartner survey, two thirds of CDO’s asked said they were responsible for everything from data quality, governance and management to information strategy, data science and business analytics. [Third Gartner CDO Survey — How Chief Data Officers Are Driving Business Impact, 2017]
Above all though, most agree that a CDO should be an agent for change within a business – especially within the first few months of appointment. Liaising and communicating with multiple stakeholders to ensure that appropriate data is made available and securing buy-in from the board to leverage a company’s data as a strategic asset.
No matter who
As the data available to businesses grows and its uses become more versatile and sophisticated – the role of the CDO (or whoever has the responsibility of data management) will only grow in importance. The ‘who’ is ultimately less important, so long as the data is appropriately managed in accordance with data regulations and in alignment with business requirements.
Research points to the benefits of companies that have someone dedicated to managing data. According to a study conducted by KPMG in 2018, businesses that have a CDO are twice as likely to have a clear digital strategy. And two-thirds of such firms say they are outperforming rivals in market share and data-driven innovation. [The Chief Data Officer playbook: Creating a game plan to sharpen your digital edge, IBM, 2016]
Data is such a vital tool for businesses to operate at their optimum capacity. Manage it well and see your company go from strength to strength. Manage it poorly and not only will your competitors thrive, but the downside risk of fines and brand exposure could be enormous.
Businesses need data to survive. And that has never been more true than it is today.
In a recent report by dun&bradstreet, The Past, Present and Future of Data, of the 500 business leaders interviewed, 50% believe their business won’t survive without top quality data and 69% agreed that having access to more data will support revenue generation. That’s compelling stuff.
And one of the top data challenges noted is identifying prospects or potential customers.
The first party data you collect and hold is an extremely valuable asset – as long as you are applying the right insight! But when it comes to acquiring new prospects and customers, why limit the scale and profitability of your campaigns? If you choose your data partner wisely, third party data can help you to find more of your best customers, drive more informed decisions and deliver ROI.
54% of business leaders asked believe third-party data is valuable for enhancing the data that they hold in their organization
54% of the 500 business leaders interviewed said that third-party data is valuable for enhancing the data that they hold in their organization, while a similar proportion – 56% – agree that they would benefit from even more of it.
The devil is in the due diligence
So, it’s clear that third party data can help businesses to gain even more value from their marketing activity. But how do you find quality data?
As with any important purchase it is imperative to do thorough research. When it comes to buying marketing data you should apply strict due diligence before you select a supplier – or repent at leisure.
Here are some of the qualifying questions you should always ask when you are choosing your data provider:
Source and provenance
How is the data collected and what is the source? You should also ask for confirmation of the collection methods and audit trails to ensure the principles of the regulation have been meet and the data is being processed lawfully, fairly and in a transparent manner.
Your supplier should be able to provide you with the permission statement used at the point of collection.
Validation and Due Diligence processes
Ask for confirmation of the validation process. A provider with nothing to hide should be able to provide on request an outline of their due diligence process and the steps they take to ensure their data fully satisfies legislative requirements.
When was the last engagement?
Is the data accurate and up to date? Has it been screened against a reliable suppression file to remove deceased and Gone Away contacts to meet GDPR data quality requirements?
Check out their creds and ask peers for a recommendation or ask to speak to an existing customer of the supplier for a candid view.
Ask for some examples of the results and case studies – especially if you are using the data for acquisition campaigns.
Do they offer a trial?
If you are new to buying data or using a new supplier – ask if you can run a trial campaign to test the quality of the data.
If a supplier can’t answer these key questions…approach with caution. It is important to remember that at the heart of GDPR is transparency, accountability and the fundamental rights to process data. It is the minimum you should expect from a reputable data provider.
About REaD Group
REaD Group have been supportive of the GDPR from its inception and we are proud to say that our due diligence is the best and most thorough in the UK.
All contributors must pass our strict Data Compliance Due Diligence Audit and GDPR rules before REaD will accept the data. The audits for existing and prospective data contributors also include the following verifications and checks for compliance:
- Contributor’s legality, location and contact details
- Contributor’s Professional membership, accreditations and certifications (ICO, DMA, ISO) registration
- How contributors deal with enquiries, complaints, data subject access requests etc.
- Full Permission statement audit including audit of all permission statements, FPN and privacy policies served at point of data collection
- Details of how the permissioned data was originally captured and channel collection methods
- Asking suppliers to confirm information security practices and that data is processed in a manner that ensures appropriate security of personal data
The REaD compliance team also carry out 6 monthly audits on the data provided, requiring contributors to provide full details of when and how the data subject’s permission for their data to be passed onto a third party was obtained to ensure collection methods remain compliant and align to the principles of the regulation.
If you’d like to know more about quality marketing data contact us today!
It has been one hell of a year – and we are beyond delighted to now be multi award winning in 2019! And to be shortlisted for three categories in the DataIQ Awards is the icing on the cake.
But, ultimately, the real winner is data.
With all the hype surrounding data – it’s the new oil, gold, best thing since sliced bread, etc – it is easy to lose sight of the real impact of using it intelligently. Well managed, maintained and respected data will drive better strategic decisions and deliver tangible value to businesses on a day to day basis.
To be honest some of it isn’t that sexy but has the potential to transform businesses and achieve outstanding results – and win awards!!!
Data quality is one of the bedrocks of good data management and an obvious first step towards getting the most value from data. The old adage of “rubbish in, rubbish out” has never been more relevant – or potentially costly. In these highly regulated times, all businesses need to be confident that their data is clean, accurate and complete (and compliant!). And with the technology available to manage data quality more efficiently and securely advancing almost daily, there really is no excuse.
It can be as ‘simple’ as understanding your customers better. If you know who your best customers are, what they like, and how you should be communicating with them, then your messages to them will be more personal and positively received (not just personalised). The right analytics can transform strategy and with dramatic results. And deeper insight projects can completely transform business structures and promote new and more productive ways of working – as the award-winning project we have delivered with Marie Curie UK, The Big SHIFT, so aptly demonstrates.
Using high quality third party data, from a credible supplier, can have a dramatic impact on marketing strategy – particularly when it comes to acquisition. If you understand who you best customers are (see actionable insight!) third party data can help you find more of them and engage with them in the right way – using the right channel, message and offer – to ensure more successful outcomes. As our client Titan has very successfully demonstrated.
A new marketing mix
We believe there is a new marketing mix in town – data, creativity and technology.
The companies that use the data they have to make informed decisions that drive both creativity and personalisation – and choose the right technology to put the consumer at the heart of everything they do – are in the best position to win.
As our multi-award winning year goes to show, get the balance of these right and the sky is the limit!