Damn the blast
Written by Keith Carlton, Senior Planner
How important is personal data to your business? The chances are that most of you will say very: it drives your digital marketing, your CRM, your tailored online ad placements and much more.
So how happy would you be to hear that most consumers don’t trust brands to handle our personal data? According to the Information Commissioner’s Annual Track Survey 2016, less than a quarter trust brands with their data. 75% of us are afraid that our data will be stolen by criminals, 68% worry that our data will be sold to other companies for marketing purposes, and 63% of us are concerned about spam emails and texts.
As consumers, our attitudes and behaviours reflect this lack of trust. Experian-DataIQ research in 2016 showed that nearly half of us prefer not to share our data unless we absolutely must.
This could be because the information we get from sharing our data is irrelevant - 86% of consumers would certainly agree and 83% feel we get the same information more than once. And despite marketers’ messages about relevance and personalisation, 80% think the same information is sent to everyone!
The winds of change
So data is important, but as brands, there’s a negative perception around how we collect it, manage it, and use it.
This is the landscape in which the new EU General Data Protection Regulation (GDPR) has been developed. Its stated aim is to rebuild consumers’ confidence and trust when sharing personal data, and to put them in control of their data in a way which they do not feel currently.
EU member states need to be compliant with the GDPR by 25th May 2018, and Brexit won’t stop this as the government has committed to deliver within that time-frame. Even with a review once the UK leaves the EU, it’s likely that future trade with Europe will require that the UK’s data protection landscape is comparable with that of the EU.
So, what’s all the fuss about. Well, as the European Commission and the UK Information Commissioner has said, it’s about putting consumers in charge of their data. It’s ultimately about trust, and giving consumers confidence that organisations will handle and protect their data in the way they want.
If organisations don’t, consumers will have the right to object to processing or to restrict processing. Ultimately, consumers will have the right to be forgotten – meaning deleting all data held on them if necessary.
Consumers also have a new right to something called data portability – they will be able to request all data held on them, in an easily transferable electronic format, so that they can give it to another organisation. This may seem rather arcane, but once consumers start to see the value – being able to transfer their personal claims history to a new insurer, for example – they will also start to realise something very fundamental which is inherent in the principles of the new regulations: they will start to realise that this is their data, not the brands’ data.
New Rules on Privacy & Consent
The new requirements regarding privacy statements will oblige us to inform consumers, in a clear and prominent manner, on about 13 different areas relating to the data we wish to collect. This includes the sort of information we’d expect to share now, such as the identity of the data controller, and the purposes for collecting the data. But it also now includes a requirement to set out the categories and uses of the data more specifically, how long the data will be retained for, and the various rights of the data subjects which we have outlined above.
Hand in hand with this, from May 2018 brands must obtain an opted-in consent for email marketing. Currently, it has been legal to use an opted-out consent for email marketing (although the Information Commissioner and the DMA both recommended opt-in as best practice). In future, it not only needs to be opted-in, but consumers must take a demonstrably affirmative action to give their consent. And data controllers must be able to record when and how they obtained this consent (something I suspect few marketing databases are currently able to do).
And come May 2018, brands must be able to demonstrate that the personal data they use at that time has come with consumer consent which is comparable to that required under the new regulations. In simple terms, if you want to hold data beyond May 2018 that you are collecting now, you’ll need consent. If not, you won’t be able to go on using that data without getting new consent post the change.
It’s not all bad news
As mentioned above, both the Information Commissioner and the DMA have, for a long time, recommended opted-in consent as best practice for email marketing. Despite that, many organisations have continued to use opted-out approaches.
Why have we done this? It happens, in my opinion, because we have feared that opt-in rates would be far lower than opt-out rates – a tacit admittance that our email communications are intrusive and unwanted by significant proportions of consumers. Because it’s easier to think that high volume batch and blast will meet our marketing objectives regardless of the impact on the consumer.
The truth is that the entire direct marketing industry has been historically built – to a degree – on the idea that consumers don’t want our communications, and that it would be dangerous to give them a real, front-of-mind choice, rather than collecting their data on the sly and hoping for the best.
In many respects, this is the sort of thinking which the new GDPR is intended to challenge. But before you throw up your hands and decide that the new regulations are marketing and business unfriendly, it’s worth noting that the new regulations – for the first time ever – identify marketing as a legitimate use for personal data. The thrust of the GDPR is to enable consumers to feel in control of their data, and to redress the balance of trust between brands and consumers, not to stop marketing in its tracks.
Time to react
What is needed is a fundamental rethink of how we approach the gathering and the utilisation of customer’s personal data. One which needs to go hand in hand with a more confident, and a more tailored, approach to our communications activity to our customers and prospects.
If we are confident that we can talk to fewer customers than before, but still achieve our aims because we are talking in the right way to the right people, batch and blast needs to become a thing of the past.
Part of the problem here is that email – compared with old fashioned postal DM – is cheap. What wasn’t being factored in, in this world of cheap email communications, was the reputational cost to the brand which arose from:
• Consumers discovering they had been added to a mailing list without being aware they had been offered the choice to be contacted. Or being added because they had taken an entirely unrelated action to the marketing communications they are now receiving
• The experience of being bombarded with emails on a daily basis.
• The palpable lack of relevance of most emails, either in relation to our previous purchase or engagement history, or in terms of the email’s content
At best, such behaviours cause consumers to start to ignore emails which come into their inbox. More typically, the carpet-bombing approach will irritate consumers and leave them feeling antagonistic to brands. At worst, consumers will see too many irrelevant emails from brands as no better than spam.
So, looking forwards towards 2018, what do we need to be thinking about right now to be ready for the GDPR?
First, we need a fundamental rethink of how we collect data.
• No longer the covert, semi-hidden, spiv-like approach the industry has broadly followed in the past. From now on we need to be open and transparent, in a manner which will gain trust and engagement from the consumer. We must put them in control, give them the overall choices of what they share, to hear about, and how frequently. And we need to do this in a way that they can believe in: make it simple and straightforward to do, make it easy for them to change their minds at any time, explain clearly and honestly what we will do with their data.
• How best do we do this? The Information Commissioner and the DMA have both recently suggested that preference centres might be the best way forward: they allow consumers to see and amend their choices in one place which is easy to access. That might mean adapting the current unsubscribe link to be a permanent link to the preference centre, encouraging consumers to update their data whenever they feel the need. And it might mean removing this from the small print at the footer of the email, and placing it more prominently.
• Some organisations – people.io for example – are already developing the idea of a one-stop-shop preference centre which consumers would use as the over-riding source for their preferences, rather than having to manage separate preference centres for every brand they engage with. Research suggests that a high proportion of consumers would use such applications, and it’s easy to understand: why go through the bother of having to update preferences, or even details such as your email address, on multiple sites for multiple different brands, when you can do it all in just one place.
And then, we need to fundamentally rethink how we use data.
• End batch and blast, and instead, start to listen to what consumers have told us they want to receive. Start to use long-established but criminally underused techniques to segment consumers based on behavioural, attitudinal and motivational metrics in the data. Use modelling and propensity targeting tools to re-align what we send out with what consumers want, or are likely to want.
• Learn dynamically from the consumer, by examining browsing behaviours, and by examining open, click and engagement metrics, so that we can stop sending out email after email, all of which remain unopened.
• Place the consumer at the centre of the model, so that much of what we do is driven by consumer triggers, rather than the traditional marketing cycle.
Remember this is not new! It’s all stuff that we’ve talked about for years. The shame is that we have so rarely delivered on it. But in the new climate the GDPR is aiming to create, perhaps it will start to happen.
In fact, it needs to happen. Because, for those brands and organisations who don’t embrace the new world order, the future isn’t going to happen.
So how can we help?
First, we can help you audit your current data and database systems, to understand just how compliant your current situation will be, once the GDPR is ‘live’. Does your current data have the appropriate consent for it still to be usable after May of next year? Do your systems support the need to record consent, or the new consumer rights which will be introduced?
Once we know this, we can help you with your plan of action:
• What technical developments are needed to ensure compliance?
• What communications activities do we need to carry out to ensure that current data is correctly opted-in and usable after May 2018? And what creative strategies are best to achieve this?
• How do we optimise opted-in engagement over the longer term – two-step validation and preference centres, for example – and how creatively do we address the new privacy statement requirements?
• What are the quick wins we can identify to keep your marketing communications up and running?
If you’d like to know more, contact us at bigdog, and let us help you prepare for the opportunities the GDPR will bring.