Has your brand been ghosted by individuals you used to think of as engaged customers or warm prospects?
Following the enforcement of the General Data Protection Regulation (GDPR) from 25th May 2018, brands have had to inform consumers of the new basis on which they intend to process their personal data. This meant scores of emails arriving in inboxes either requesting consent or notifying of the intention to use legitimate interest and providing opt-out links. Online, privacy and cookies notices have become the first experience consumers have with brands.
The result? Based on anecdotal evidence from across the data industry, consent-based databases have seen as many as 80% or 90% of former customers and prospects withhold a new permission. This reflects a significant change in mood, with only 7% of UK consumers agreeing strongly that they are more comfortable with the idea of sharing their data with companies now than they were previously. A further 37% agreed they felt like this. (Source: “Global data privacy: What the consumer really thinks,” GDMA and Acxiom). By implication, the majority of consumers are less comfortable with the data-value exchange now than they used to be. Given the opportunity afforded to them by GDPR, they have withdrawn from former relationships. This is perhaps not surprising when the same survey found that 78% of UK consumers think the exchange benefits companies more than themselves.
Having spent two years preparing people, processes and technology for the new data protection environment of GDPR, many brands have been left feeling dumped, weakened and out-of-pocket. Those who chose consent as the basis for their data processing have experienced a significant loss of data resources. Even those using legitimate interest are now much more constrained in how they use personal data, having to keep a careful eye on the original purposes given. For consumers, the new law has clearly changed the way they view the relationship and the data-value exchange. Just as GDPR intended, they are now making the running with commercial organisations and, for many, it’s become an on/off affair.
Consumers who chose not to consent may well come back into market and decide to engage again. When they do, however, it will be with a much clearer idea of their rights and how to exercise them. In research carried out by DataIQ on behalf of DQM GRC, 54.7% of consumers said they will agree to their data being processed for just one activity, compared to 12.9% who say they will agree to all activities, for example (Source: “GDPR Impact 2018 - Technology,” DataIQ in association with DQM GRC).
So how do you make sure you are ready when you those prospects or former customers get back in contact? What can give your brand appeal so consumers swipe right to start the data-value exchange?
It is not just the relationship between consumers and brands that has been changed by GDPR. It is also the relationship between brands and the personal data they process.
Permission management is now a critical activity which needs to sit at the heart of any business process relying on the storage, analysis, profiling and deployment of information about individuals. One-size-fits-all personalisation of the customer experience is no longer appropriate. Neither is a take-it-or-leave-it approach to requesting data in order to access content or services. Brands have to flex their delivery to reflect different levels of engagement and data sharing. Consumers want things their way, whether that is a data-rich relationship or one which barely goes beyond the functional. This is evident from DataIQ research which found that 21% of consumers expect their experience of a brand to be the same across all of the devices they are using, but 25% expect it to be different on each.
While brands may see pursuing a consistent cross-device customer experience as desirable, they also need to recognise that 19% of consumer say this is not what they want (Source: “GDPR Impact 2018 - Mobile,” DataIQ in association with Tealium). Permission management is clearly an enabler of this variable customer journey across channels and also the mechanism by which individuals can choose not to be tracked. Giving choice is a powerful way of demonstrating that the brand cares, rather than insisting on its own way of behaving. Significantly, making it easy for consumers to provide consent or to change their preferences can build trust - or to lose it if a mechanism seeks to camouflage elements of how data will be used, such as sharing it with third-parties. Consumers may well become “consent blind” - having seen so many new privacy notices that they no longer read them. Or they may experience “click fatigue” - accidentally allowing their data to be used because the system for managing their options has been made over complex.
In a trade-off research exercise, 80% of consumers opted-in when shown a “select all” choice for data sharing, with 45% saying they would trust a publisher who used this system.When told this would allow the publisher to share data with up to 60 third-parties, however, trust levels fell to 29%. Consumers do not want to feel they have been taken for granted (Source: “Ad tech consent in the post-GDPR era,” Smartpipe and PSB Research). The data collection surface will continue to grow with new interfaces, like voice assistants and in-device sensors, creating more complex challenges for explaining privacy policies and consent. Another shift in the legal framework may also take place when the revised Electronic Privacy Regulation is introduced.
Your brand will need to resolve these data collection exchanges and be confident it can move forward in the relationship based on a confirmed permission setting for every individual.
Q) Will consumers really be bothered to manage their preferences?
A) Your customers and prospects want to see that you are taking their rights seriously. Whether they go on actively to exercise those rights is a secondary issue. You need to show them the brand is transparent and enabling control over their data
Q) Opting-in or opting-out to a range of different data uses seems like a lot of effort for consumers. Shouldn’t we just give them a simple on-off choice?
A) GDPR says that consent needs to be granular, so you have to explain each purpose and provide a mechanism to manage permission, although this can be layered. The Preference Centre provides an easy to-use interface for consumers however you deploy it.
Q) We launched our new privacy notice and captured consent or provided an opt-out in time for GDPR enforcement. Do we have to keep offering consumers the right to change their minds?
A) GDPR says it has to be as easy to withdraw consent as to provide it. Using The Preference Centre, you can keep up-to-date with each individual’s permission settings
Q) If consent can be withdrawn - or we have to delete it after a period of time - that sounds challenging, so how can we manage it?
A) The Preference Centre has been designed with this in mind, integrating with in-house and external systems to ensure consents are kept up-to-date and identifying where they are within your retention policy.
Q) The third parties we work with, especially in ad tech, evolve and change all the time. How do we keep up both internally and in our privacy notices?
A) The Preference Centre is a dynamic solution which allows you to handle these ongoing changes while providing an audit trail of which partners you named at any given time, giving you an evidential basis and keeping you compliant.
Q) We just rebuilt our processes and technologies for GDPR - will we have to do it all again for ePR?
A) Right now, the final state of the revised regulation is unclear. Investing in a technology designed to manage preferences from the ground up puts you on the front foot for whatever ePR demands.
Q) Our privacy notices are still being tested - and might continue to evolve - so how do we manage this dynamically?
A) Consent statements need to contain different elements depending on where and when they appear, or as part of A/B testing to optimise permission rates. The Preference Centre was designed specifically to support this.
Q) Is everybody doing this or do we risk being at the “bleeding edge” and getting ahead of what our customers want?
A) Managing permissions and offering customers control over their data is not an option, regardless of what your competitors decide to do. Your brand will see a benefit by being transparent and enabling consumer rights.
Q) Will a permission management system ensure we are GDPR compliant?
A) The Regulation is very wide-ranging, covering many aspects of the way an organisation handles data, so compliance goes beyond just one system. Building out a robust, dynamic, secure consent control solution will definitely be part of the journey towards compliance.
Q) Where is the proof that investing in a preference centre yields a return on investment through positive customer engagement?
A) RNLI demonstrates how taking a positive approach towards customers, data and preferences can pay off. From 1st January 2017, it moved all of its donor solicitation towards opt-in, forecasting that it would garner consent from 225,00 of its existing base. As at 1st January 2018, it had gained opt-in from over 500,000, more than double its goal. That provides a sustainable, compliant and ultimately profitable base. Your brand can achieve the same outcome with a similar effort (Source: Third Sector).
The Preference Centre is one component of the award-winning, comprehensive GDPR ToolKit™ developed by DQM GRC. It combines our own proprietary services and technology along with proven technology from leading vendors. The GDPR ToolKit™ allows you to choose the relevant components that work for you and is designed to work alongside your existing processes and technology.
You can find out more here.