7 Key Principles:
GDPR introduced 7 key principles for the lawful processing of personal data. This refers to the collection, organisation, structuring, storage, use, communication and the life span of personal data. These principles are at the centre of compliant processing, an essential part of GDPR to be followed by brands and organisations:
Lawfulness, Fairness and Transparency:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’).
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’).
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’).
Integrity and confidentiality (security):
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Consent vs Legitimate Interest:
Understanding which legal basis best suits your needs is essential! We know that both legitimate interest and consent have their benefits and downfalls when looking to communicate with consumers. However, depending on the brand, industry sector or channel of communication one or the other can play a major role in the success of the marketing strategy.
What is Consent?
Consent is when the individual has given consent in the form of an ‘opt-in’ for a company to process their personal data for a specific purpose.
Consent requires an organisation to be named at the point of data capture and the consumer must ‘opt-in’ to be contacted by the brand, with the consent statement allowing for unbundled data collection with the boxes never pre-ticked i.e consent requires a positive /affirmative action to be recorded.
It is often seen as the ‘safe’ option when it comes to collecting consumer data for marketing purposes. Whether it is using a tick box or a subscription form, consent offers the consumer a clear choice, ultimately helping to build a brand’s reputation as trustworthy, transparent, and responsible, subject to the below guidelines also being followed:
- The opt – in is a positive action – Reliant on the consumer ticking to receive communication (remember, no pre ticked boxes)
- The statement of consent is clear and unambiguous
- All third-party data controllers are named
- Information on how to withdraw consent is clear and easy to find
- The communication methods and content addressed to the consumer must then fulfil the purposes stated when consent with given
Consent is only one of the lawful bases under which companies can collect consumer data. It gives consumers a choice whether to be communicated with, and by which channel, and ultimately can build a more trusting relationship when it comes to data transparency.
Remember – when data is collected via consent, and the purpose of collecting that data remains the same, it can then also be used under the legal basis of legitimate interest.
What is Legitimate Interest?
Legitimate interest is when you or a third-party have a genuine reason that makes processing the data necessary, and there are no other interests that outranks your business interest. For example, your organisation may be able to demonstrate a legitimate interest in marketing your goods to existing customers in order to increase sales.
Legitimate interest is another of the six lawful bases for processing consumer data for marketing purposes, in line with the ‘lawfulness, fairness and transparency’ regulations. However, whereas consent is centred around a purpose, legitimate interest is more flexible and can apply to a wider range of consumer communications where needed.
When using consent, the consumer’s relationship with the brand is balanced and based on a transactional agreement. When using legitimate interest, the purposes are often less transparent to the consumer but offers more flexibility for marketing purposes. You can rely on using legitimate interest, if you can show how your use of the consumer data is proportionate, has a minimal personal impact and the consumer is unlikely to be surprised or object to what they receive.
To be clear, within the GDPR itself, Direct Marketing is specifically singled out as a legitimate interest. It is important to note however, that unlike data which has been captured under consent, once data is collected under that basis of legitimate interest it cannot then be used for consent-based marketing.
How to apply a Lawful Bases:
Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis. Remember, you must determine your lawful basis before you begin processing, and you should document it. Take care to get it right first time – you cannot swap to a different lawful basis at a later date without good reason.
Your privacy notice should include your lawful basis for processing as well as the purposes of the processing. If your purpose does change, you may be able to continue processing under the original lawful basis if your new purpose is compatible with your initial purpose (unless your original lawful basis was consent). If you are processing special category data, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.
Overall, both consent and legitimate interest serve a purpose. Consent builds a level of trust and brand awareness whilst enabling communication to consumers. Legitimate interest on the other hand, helps brands target a broader consumer or prospect base. There is no one size fits all when it comes to collecting data, so when choosing a lawful basis take care and don’t be afraid to ask for advice!
Check out more of our blogs on lawful bases or get in touch today for advice on data protection:
The GDPR came into effect well over two years ago, but understanding its finer points still remains a challenge for many marketers. The lawfulness of processing data (covered in great detail in Article 6 of the GDPR) and in particular the appropriate application of consent and legitimate interest, continue to present challenges and questions.
For example, assessing which is the most appropriate basis to apply and how this might impact their marketing activities, including direct marketing, advertising and so on.
While the scare stories of hefty fines and pre-GDPR panic has largely died down, many businesses are still getting to grips with GDPR. It is unlikely that many are fully compliant as they try to interpret the regulations and how best to apply them to marketing activities.
It is important to remember that the GDPR is a principals-based regulation and while the definitions are explicit, they do not provide specific directives of how to apply them when collecting, processing, storing and using data. That means that responsibility for these decisions sits with the data and marketing professionals who are processing the data on behalf of their businesses Because GDPR doesn’t say how to apply the definitions, marketers still need to know how to make informed decisions and justify them.
So, how can marketers ensure their data processing is transparent, compliant and responsible? And how do they align their legal, compliance, governance, IT and marketing teams in order to meet the data protection regulation and educate them on how to use and process data?
It’s a case for education and process. Marketers must now be very well acquainted with data protection law and know how to apply the regulations to their specific activities. But they also need to be able balance their business objectives and KPIs, while not contravening the regulations. Data Controllers and Processors must now be more responsible and accountable when it comes to processing personal data, and they must be able to record processing activities and evidence the rationale for the legal basis they select.
Even experienced marketers and data and compliance professionals are questioning every action and decision regarding customer and prospect communications in the context of the GDPR:
- What is the best lawful basis to use or choose from?
- How do I choose which is the most appropriate?
- Do I need to write an LIA?
- Does my organisation need to be named when purchasing data for prospecting?
- How do we ensure we have protected the consumers’ fundamental rights?
The list goes on….
So it is no wonder that a lot of confusion stills exist around when and how to use the key lawful bases for processing data for marketing purposes: consent and legitimate interest.
Legitimate interest, based on the ICO’s definitions, is the most flexible of the six legal bases for processing personal data, and it can therefore be applied to many different situations. It is, for example, the most appropriate basis when processing data is of a clear benefit to you or others, there is limited privacy impact on the individual, or where an individual would reasonably expect their data to be used in that way. The balance of fundamental rights is of equal measure and transparency is crucial when making these decisions.
GDPR specifically states that direct marketing may be considered a legitimate interest in recital 47, albeit upon the appropriate and thorough application of a balancing test. By balancing the business and marketing objectives with the rights of the individual – and a good dose of common sense – and documenting it in a professional and trackable manner by completing a Legitimate Interest Assessment (LIA) , marketers can use this basis for marketing with more confidence.
Applying a balancing test to a legitimate interest and also applies to prospect data and data sourced from third parties as well as first party data. There is nothing in the GDPR that prohibits the use of third-party data, provided that it is undertaken in accordance with the data protection principles and regulatory guidance.
When it comes to consent, this is what the ICO has to say; “The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.”
This means that, in many instances, consent may not be required. However, some examples of when it is required involve the use of electronic marketing (including email) and this is where GDPR and the Privacy and Electronic Communication regulation (PECR) dovetail, i.e. email marketing requires consent and the requirements for consent are set out in PECR.
Fundamentally the GDPR is intended to build and maintain trust with consumers. That means applying both rigour and common sense when balancing commercial interests with consumer rights and regularly testing that decision to ensure it is the right approach.
The days of privacy being a box-ticking exercise are well and truly gone. The principles of privacy by design and ‘responsible marketing’ have to be embedded in businesses now. Challenging but necessary – but those business that get these fundamentals right will reap the rewards.
By Jon Cano-Lopez, CEO at REaD Group
It’s hard to believe it’s already been a year since GDPR’s implementation, but things have calmed down considerably in the interim and overall, we are in a much better place. In the last 12 months consumers have become more informed about what their data is used for and equally businesses are paying more attention to the legitimacy of their data and its use and applications. Importantly, companies have started to be much more considerate of the consumer perspective – understanding that a simple customer complaint could lead to financial penalties and reputational damage.
Clarity from confusion
As the GDPR is a principles-based regulation, there has been a considerable amount of confusion in the market as there are some aspects that have no fixed parameters. However, grey areas such as the reasonable amount of time that data should be retained are starting to reach consensus, resulting in self-imposed best practice being seen in the industry. We will undoubtedly see some of these currently accepted norms change in the future as a result of newly published guidance and based on the outcome of audits.
It is becoming normal for our clients to request documentation to evidence the legal right to use the data we provide – and in a transparent and easy to understand format. This will ultimately ensure that data collectors who are fast and loose with their due diligence are removed from the market, which is good for consumers and for the data industry.
Not just about consent…
Reassuringly, people have begun to realise that there is more to the GDPR than consent, or more generally ensuring that you have an appropriate legal base for processing data. Other key requirements, such as the misuse and security of data as well as data accuracy, are starting to take the spotlight. Collecting data in a legal manner is not enough – it must also be retained legally. Data must be respected as a valuable asset, and as it decays so rapidly it must be kept up to date.
As an industry, data quality is something we have always wanted to be recognised at board level – and GDPR has made this a reality.
Standing out from the crowd
It’s encouraging to see that companies and brands are really understanding the importance of giving consumers choice. Companies must now try and appeal to an increasingly discerning and aware audience, which means that finding ways to distinguish from competitors has never been more important.
Consumer communications have changed almost beyond recognition in the last decade (it’s astounding that the law hadn’t been updated since the DPA in 1998!). Similarly, PECR is also more than 10 years out of date and falls short of answering the complex legislative challenges encountered in today’s marketplace. GDPR was, for this reason, desperately needed.
Data elevated to board level
With an increasing number of businesses investing in DPO’s and CDO’s, data and governance is finally being raised to board level. Shortly after GDPR was introduced, many well-known brands ceased using data altogether for fear of doing the wrong thing. The majority have now resumed, but this has meant that scrutiny and assurances over the provenance of data have become even more vital.
Only the beginning
It’s important to realise that GDPR is only the beginning – the ePrivacy regulation (ePR), expected to come into force next year, will address much needed change in digital communications legislation. In tandem the two regulations should ensure that consumers are more informed and trusting of how companies are using their data, as well as ensuring that businesses are using data responsibly.
We can all take heart in the fact that, one year on, GDPR is no longer being seen as an inconvenience or a box to tick, but as an opportunity and a change for the better!
By Jon Cano-Lopez
So, it is 184 days – or six months if you prefer – since The General Data Protection Regulation – aka GDPR – became enforceable.
In the run up to the enforcement date – and in the months following – there has continued to be a huge amount of uncertainty and misinformation around GDPR and in some cases some down-right panic mongering. The avalanche of re-permissioning messages in the weeks preceding May 25th was testament to a prevalence of some database damaging advice.
One data protection lawyer we know likened it to watching lemmings throwing themselves off a cliff!
However, despite the hysteria and here-say the threatened “GDPR data apocalypse” has not materialised. And as we reflect on 2018 and the period since “GDPR day” here are some reasons to be cheerful…
Embracing the spirit of GDPR
REaD Group have been consistent in our view that GDPR is a good thing for consumers – and for business.
And six months on, our view has not changed. In fact, we are even more confident that embracing the principles of the GDPR will only enhance direct marketing – increasing transparency and trust and leading to more positive, long term and profitable relationships between consumers and brands.
The Regulations are not about catching out businesses (who are doing the right thing!). They are about the enforcement of practices that should be in place anyway. Keeping your customers and their rights, privacy and preferences at the heart of your business and being transparent in how you are processing personal data will not only help to protect you from the risk of fines but also enhance your brand reputation, value and relationships. Ultimately, if you are doing things right, it will be reflected in your bottom line.
The Data Economy is thriving
And although the reference to data being the “new oil” has been somewhat over-used, there is truth in the concept. Projections from European Data Market Study for the growth of data economy are extremely positive, with the value of the data economy in Europe projected to be worth €739 billion by 2020.
The rise of the CDO!
Gartner have predicted that through 2019, 90% of large organizations will have hired a CDO.
Another indicator of the growing importance of data is the rise of the Chief Data Officer (CDO) – elevating data strategy to Board level. The appointment of a CDO in many organisations – and across diverse industries – indicates a growing recognition of data as a driver of value and competitive advantage. Data driven decisioning is increasingly becoming a business imperative.
Results from the latest IPA Bellwether Report also provide cause for cautious optimism, with total marketing budgets revised higher during the third quarter of 2018, extending the current period of growth to six years.
After an initial period of post-GDPR caution and inertia, there has been some signs of resurgence for direct marketing, with many businesses successfully utilising third party data and direct mail for acquisition marketing campaigns under the Legitimate Interest basis.
The industry view is also optimistic. In independently conducted research, over 78% of direct brands asked have projected equivalent or an increase in spend on data driven marketing.
Third party data – use it responsibly and reap the rewards
Well, we have been saying this for some time, but to borrow from the recently published DMA advice: Using third party data under the GDPR.
“There is nothing in the GDPR that prohibits the use of third-party data provided that it is undertaken in the right way, with the appropriate safe guards.”
The message is clear – and provides much needed clarity for marketers. The direct marketing industry should have the confidence and conviction to continue to use responsibly sourced and permissioned third party data to optimise the quality and value of their data and data strategy.
Plus, new ways of utilising open source data have provided more opportunities to target direct marketing to addresses – using postcode level data to send partiality addressed mail.
GDPR data quality obligations – don’t bury your head in the sand!
There is a growing realisation that the data quality obligations introduced by GDPR cannot be ignored. Article 5.1 (d) is clear – reasonable and demonstrable efforts must be made to keep all personal data held and processed by a business clean and up to date -or deleted.
Our independent survey indicated those who utilise data quality services appreciate “not having to worry about the accuracy of contact lists when launching marketing campaigns”.
And data quality is now being seen as a ‘must do’ to ensure compliance with GDPR, minimise wasted communications and limit potential reputational damage.
Rapid innovation in technology is also impacting positively on data driven marketing – with developments in DaaS, AI and machine learning delivering even greater opportunities for data optimisation, enrichment and real-time interaction.
Key take aways from the last six months? Businesses and marketers should see GDPR as an opportunity to be more responsible and accountable, to get their data and data strategy in order – get it right and the future is bright!
by Jon Cano-Lopez, CEO at REaD Group
In response to the DMA Advice: Using third party data under the GDPR
After almost six month since the enforcement date for the GDPR, we welcome the publication of this much needed advice from the DMA.
The clarity it provides on the use of third party data should dispel some of the hysteria and business damaging inertia caused by the ambiguous messages and conflicting advice that has abounded before and since the GDPR became enforceable in May this year.
The advice reflects a strong consensus of view from the DMA and a panel of highly experienced data industry practitioners and subject matter experts which provides further weight and reassurance to the content.
At REaD Group we have been very clear and consistent in our views on the value of the responsible use of third party data and this advice paper reinforces what we have been saying all along.
Ultimately, a responsible and common sense attitude to marketing is what is required. If processed with respect to consumers’ interests and privacy and according to the obligations of the GDPR (appropriate LIAs etc), third party data delivers huge benefits to – and in the interests of – consumers and society.
Recent campaigns using our GDPR ready database have delivered extremely positive levels of engagement and ROI for our clients. Consumers are responsive to direct marketing IF the campaigns are targeted, relevant, timely and non intrusive.
Using the right third party data – in the right way – does work!
The direct marketing industry should have the confidence and conviction to continue to use responsibly sourced and permissioned third party data to optimise the quality and value of their data and data strategy. As the DMA reiterates: there is nothing in the GDPR that prohibits the use of third party data provided that it is undertaken in the right way, with the appropriate safeguards.
My key take-away from this advice? Time for marketers to get off the fence and get marketing!
Read the full DMA advice document here
“Rumours of my death have been greatly exaggerated.“ – Direct Mail
Direct mail is alive and well! Far from being an outdated medium – when combined with latest technology, creatively and thoughtfully put together, personalised and targeted, Direct Mail is and will remain, a relevant and highly effective channel well into the future.
And by entrenching Legitimate Interest as a legal basis for Direct Marketing (in Article 47), GDPR creates a unique opportunity for marketers who have phased out or never used Direct Mail to embrace this versatile, tactile and creative channel.
Read on to find out why Direct Mail should be a permanent fixture in your marketing mix!
1. Direct Mail…Is opened AND read
According to an InfoTrends study 66% of direct mail is opened. Great start! If opened, 82% of direct mail is read for a minute or more. Impressive!
Not only that, the same study confirmed that of the 56% of consumers who stated that they responded to direct mail went online or visited a physical shop.
Those are some remarkable stats and conversion rates (unless we’re missing something) unheard of for any digital channels.
This is the really exciting bit…research confirmed that 62% of consumers who responded to direct mail within three months, made a purchase.
A well targeted, well-designed piece of direct mail can resonate with recipients in a way an email cannot. Something tangible and physically engaging can be a novel, tactile and enjoyable change from words on a screen.
Collaborative research by Millward Brown and Centre for Experimental and Consumer Psychology at Bangor University found that tangible materials leave a deeper footprint in the brain.
3. Direct Mail CAN be done using Legitimate Interest as the legal basis under GDPR
The prevailing legislation, GDPR, states in Recital 47 that processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest
Latest guidance from the ICO highlights that all the legal bases for processing data under GDPR have equal weighting and the first line in the guidance on consent states: The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis!
You won’t always need consent e.g. for postal marketing.
What’s more, if you don’t need consent (under PECR) you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.
4. Direct Mail increases ROI
According to Brand Science review. Campaigns including mail had 12% bigger ROI than those without mail!
5. Direct Mail makes consumers feel valued
The Value of Mail in Uncertain Times study found that 70% of consumers indicated that mail makes them feel valued. That’s an impressive stat – and all the more so for engendering feelings of being valued (an elusive goal for many brands).
And Direct Mail still resonates with every age group according to findings from a study by InfoTrends and Prinova.
In support of addressed and personalised mail, InfoTrends found that over 84% of respondents reported that personalisation made them more likely to open a direct mail piece.
*Sources: The Value of Mail in Uncertain Times, August 2017
6. Direct Mail creates a better impression of the company
“Tangible material leaves a deeper footprint on the brain”.
And scientists have proved it! The Centre for Experimental Consumer Psychology at Bangor University recently conducted an experiment using an MRI while presenting participants with both digital and physical advertisements. The results showed that printed materials not only make a deeper impression but are also perceived as more genuine!
Research presented in The Private Life of Mail: Mail in the home, heart and head confirmed that Direct Mail is more likely to grab the recipient’s attention.
Sources: Millward Brown, “Using Neuroscience to Understand the Role of Direct Mail,” 2009,
The Private Life of Mail: Mail in the home, heart and head
7. Direct Mail has longevity!
27% of all mail is still “live” after the twenty eight days*
Contrary to the transient nature of email and other digital channels – direct mail can be retained for weeks (or even months) and is more likely to be shared or interacted with by more than one person in the household.
And in his paper, Print vs. Digital: Another Emotional Win for Paper, Roger Dooley proved that while digital ads were processed more quickly, paper ads engaged viewers for more time and, a week later, subjects showed greater emotional response and memory for physical media ads. Physical ads also caused more activity in brain areas associated with value and desire.
*Source: JICMAIL Q2&Q3, Kantar TNS
8. Direct Mail is more believable
Research by Market Reach has revealed that 87% of consumers consider mail communications to be more believable*
In the age of fake news, malware and phishing, it may be that a growing unease and lack of trust with digital channels is fuelling an increased consumer desire for the tangibility and trustworthiness of mail.
*Source: The Value of Mail in Uncertain Times
9. Direct Mail is liked by Millennials!
It’s true, the born to be digital generation like and engage with direct mail!
The “Millennial” generation (i.e. born between 1982 and 2000) is now the largest living generation in the world. While many generalisations about these “digital natives” abound, that they do not like or engage with printed material is not true. Gallop research found that 95% of 18-to-29-year-olds have a positive response to receiving personal cards and letters.
A study by InfoTrends and Prinova – which surveyed a group of 18-66 year olds and their mail habits – also showed that 63% of Millennials who responded to a direct mail piece within a three month period actually made a purchase.
10. Direct Mail is good enough for Amazon!
Yes really! Amazon’s latest new (old) idea is….Toy catalogues!
According to Bloomberg News, Amazon’s first catalogues will be published in the US before Christmas and will be posted to millions of US households and also handed out at Whole Foods Market shops (bought by Amazon last year). There is also the possibility of a roll out in the UK to fill the gap left by the demise of Toys R Us.
This surprising move into print for the archetypal online retailer is further proof that print as a marketing channel is alive and kicking.
So, its clear that when executed well, Direct mail is an incredibly effective channel for response rates and engagement.
So what are you waiting for? Get in touch to talk to us about your next Direct Mail campaign.
At REaD Group we have been helping businesses of all shapes and sizes get great results from Direct Mail for more years than we care to remember. And with the advent of GDPR our services have become even more important and relevant to our clients (from optimising data selections and data quality to campaign reporting and analysis). We’re a safe pair of hands.
In an attempt to inject some lightheartedness into GDPR (no easy feat!) we thought we’d have a go at addressing some of the regulation’s key changes…by reappropriating Dua Lipa’s recent hit, ‘New Rules’.
I’m sure Ms. Lipa never envisioned her song being used in such fashion, and might well be appalled… Anyway, let’s delve into these new rules in a bit more detail.
One – Do pick up the phone, but if they’re on TPS then leave them alone
It clearly states in guidance from the ICO that individuals are still able to be contacted via telephone using Legitimate Interest as a legal basis. Consent is not strictly needed. However, an LIA must be carried out which concludes that you have a legitimate interest in contacting said individual, and that they equally would have an interest in hearing from you. Likewise, it goes without saying – if they’re registered on TPS then put that phone down.
Two – Don’t let bad data in, you must do your due diligence
Three – You must clean and amend, or you’re only gonna wake up with a fine in the morning
Article 5(1)d is explicit about this – data must be kept up to date and accurate or be deleted. Simple as. Besides the obvious threat of a substantial fine from the ICO, perhaps more troubling for many businesses should be the potential for brand damage. Consumer expectations around data accuracy have never been higher.
Recent research conducted by REaD Group found that more than 70% of consumers expect their data to be accurate [Source: Accuracy and Relevance – GDPR Impact Series 2018]
Continuing to market to deceased individuals and goneaways could have huge repercussions and lead to losing loyal customers. Keeping data up to date and accurate couldn’t be simpler and can be done real-time nowadays with Data as a Service (DaaS) solutions. So clean your data!
Don’t contact them – without a legal basis for pro-cessing
Whichever legal basis you choose for processing, once you have chosen it you must use it thereafter – there’s no going back. With that in mind, you might want to reconsider the misguided notion that consent is the be-all and end-all. It is often not the best basis to use. Direct Mail can be used under LI and is set to make a huge come-back – Amazon in the US (a famously online-only retailer) recently announced their intention to distribute a printed toy catalogue at Christmas time!
Respondents to MarketReach research confirmed that mail is more believable (87%), makes them feel more valued (70%) and creates a better impression of a company (70%).
While I await correspondence from Dua Lipa insisting that I never again use her songs to highlight changes in data protection law, be sure to follow the new rules – And if you don’t abide, the ICO might skin your hide! (Well, not really, but you get the idea!).
By Scott Logie, MD, Insight at REaD Group
At our recent GDPR briefing, a mere 3 days before May 25th, we asked those attending to sum up their final thoughts and feelings on the new regulation in 1 to 4 words. Needless to say, we received quite a range of responses! Many were whole-heartedly optimistic – ‘About Time Too!’, ‘An Opportunity’ while another begrudgingly conceded that it was a ‘necessary evil’. And one (we certainly hope they were being tongue in cheek!) simply labelled it ‘a pain in the a**e!’ – GDPR has been labelled as the 4 letter word.
‘Necessary’ seems like a very appropriate word. GDPR’s predecessor (the Data Protection Act) was introduced in 1988 – long before much of the technology involved in today’s marketing practices had been developed and before the amount of contactable data available exploded! Analogue legislation for a digital world.
There is no doubt that the last two years plus spent preparing for GDPR have been a challenging period for many. Particularly smaller companies who have more limited resources to ensure that they meet all of the new regulation’s requirements (of which there are quite a few).
Don’t give up!
Those who find themselves still just short of readiness, now that we are on the other side of the deadline, should not fall into utter despair just yet. To quote some sage advice from Hannah Crowther of renowned law firm, Bristows LLP – as long as you can clearly evidence that you are working towards adhering to the new Regulation (but haven’t quite crossed every ‘t’ and dotted every ‘i’), it is extremely unlikely that the ICO will come a-knocking. Information Commissioner, Elizabeth Denham, has been quite clear that they would rather use the carrot than the stick!
However, those who consider themselves to be ‘GDPR ready’ should not be taking their foot off the pedal – far from it! As a regulation, GDPR demands ongoing compliance which is no small task. Undoubtedly, once you have the proper systems and procedures in place and they have been adopted into company culture, this task should only become easier.
A ‘New Challenge’
While some are concerned that GDPR signals an end to marketing practice as we know it, this is hardly a bad thing! ‘Inbox bombing’ has become widespread practice over the last few years, to the extent that consumers have definitely become desensitised to email offers.
Marketing will not cease to exist now that GDPR is law, it will simply require some refinement and a change in approach – as well as a renewed focus on the consumer. There will certainly be a substantial dip in terms of contactable individuals initially, as companies determine which legal bases they intend to process data under.
Nevertheless, by using data intelligently to understand your customer base and utilising techniques such as segmentation and modelling, marketers will be able to offer consumers more personalised communications that they are actually interested in receiving. A ‘new challenge’ as one attendee aptly described it.
What is more, GDPR champions openness and transparency – consumers that are being contacted should now actually EXPECT to receive these communications.
Another word to crop up was simply the word ‘consent’. Truth be told this has been the main concern for the majority of marketers since GDPR was first incepted – and the media furore has hardly helped matters. However, in the FIRST statement of the ICO’s recent consent guidance it clearly says:
“The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.”
Don’t forget that there are five other legal bases for processing data, and in many instances consent may not be the right one to use. When it comes to honing your marketing strategy under the new legislation, it seems as though Legitimate Interest is in many cases the most obvious and appropriate for contacting prospective customers.
Mail has been found to be a much more trustworthy and tangible form of communication for consumers – and much more likely to yield a positive response. Furthermore it is a channel that has a much greater scope for creativity, as opposed to email which can be limiting, presenting an opportunity to create some truly engaging campaigns.
While our word collection was a fun exercise aimed at providing some levity before the big deadline, it was reassuring to see that so many people seem to appreciate GDPR as an opportunity and a change for the better. Regardless of people’s opinions towards GDPR, the fact remains that it is now LAW – no ifs, ands or buts!
See the full list of people’s GDPR words in the video below:
By Scott Logie, MD, Insight at REaD Group
It’s been a turbulent few months for the UK retail sector – Debenhams and House of Fraser both recently announced multi-million pound losses. On the other hand, Tesco revealed a rise in their annual profits to £1.3bn and Sainsbury’s and Asda announced a ground-breaking merger to make a super-supermarket.
The level of competition between retailers is reaching fever-pitch. Amazon’s seemingly never ending reach, the growth of online brands such as ASOS and boohoo, and the general rise of the discount retailer have disrupted a sector that has been slow to respond. It is therefore vital for retailers to demonstrate their value to consumers and develop robust strategies to capture and retain customer attention and loyalty. A strategy that has proven highly effective in both the past and the present? Loyalty schemes.
Is the loyalty scheme on its way out?
While some have criticised loyalty schemes in recent years, they remain a powerful way of connecting and engaging with customers. In our recent Retail Trend Report we found that there is an intrinsic link between how long a loyalty scheme has been running and the level of customer loyalty. The research found that Tesco lead the way in supermarket retailers when it came to customer loyalty – the Tesco Clubcard was the first scheme to be launched (in 1995). Consequently, retailers with less mature loyalty schemes have lower levels of trust – Morrisons was ranked 10th for customer loyalty and only launched its scheme in 2014.
Some critics have insisted that the loyalty scheme is dying out, however, Tesco’s announcement earlier this year that they were going to downgrade their Clubcard programme was met with widespread backlash from customers. The demand is still there it would seem. Loyalty schemes offer a tangible value and benefits to the consumer, and many budget and plan accordingly to make the most of them. They may not necessarily attract new customers but certainly encourage more frequent purchases and customer retention. Loyalty schemes have become expected as part of the offering by consumers – gaining points rather than just lower prices.
Changing consumer landscapes
It has gotten to the stage where many consumers are experiencing ‘’offer fatigue’’; being bombarded with endless 2-for-1-deals, flash sales and coupons to the point where they become desensitised to all of it. Comparable prices are no longer the differentiator, consumers expect retailers to offer them deals that are suited to their individual shopping habits.
With discounting so rife, consumers are no longer prepared to buy full price products unless they absolutely have to, which has meant that supermarkets like Co-op have suffered for a number of years now. In order to break the cycle, retailers must renew their focus on their customer loyalty propositions to make it worth customers investing their time and money in selecting their chosen retailer’s products. But how exactly?
The Digital Shift
Facilitating an easier process for customers to access their rewards is one way of tackling this challenge. Customers are increasingly using contactless technology and phones to make payments, and the prospect of carrying a wallet bulging with loyalty cards is becoming an increasingly unattractive one. It is high time that retailers shift their loyalty card schemes to digital platforms.
Tesco recently set an example by launching a contactless version of their Clubcard last year, followed by a Tesco Clubcard app. Customers who are presented with wads of paper coupons after swiping a loyalty card are, more often than not, unlikely to retain these for a future purchase.
Personalisation is key
Saving money is no longer the only priority for customers – they have come to recognise the value of personalisation and appreciate receiving deals that have been intelligently tailored to their shopping habits. Retailers therefore need to make sure that they are segmenting their customer data and analysing it to ensure that they are building and engendering trust and anticipating customers’ needs.
Building customer trust is a gradual process and not an overnight fix; this makes loyalty schemes more significant than ever before. Retailers must ensure that they are clearly explaining the benefits of a data-value exchange to their customers and remaining as transparent and open as possible.
Brands must demonstrate through these retail loyalty schemes that customers that consent to share their data stand to be rewarded for their loyalty and custom. And for those brands with long standing schemes already in place – now is not the time to abandon them! They’re a key means of understanding customer habits and maintaining valuable patrons.
The recent implementation of GDPR has provided a welcome impetus for brands to take this initiative. All things considered, by introducing loyalty schemes and using segmentation to enrich customer understanding, brands should soon enjoy better communication with an increasing number of data-savvy consumers.