The Case for Customer Centricity in GDPR Compliance
Originally appeared on Customer Experience Magazine
In the scramble to achieve last-minute compliance before the General Data Protection Regulation (GDPR) deadline last year, many companies engaged in some ‘privacy theatre’ adopting basic consent models, and meeting the requirements just enough to comply with the new law and avoid fines.
With this kind of minimal compliance mentality, it should come as no surprise that consumers don’t feel much has changed for them when interacting with companies.
Only 31 percent of consumers think their overall experience has improved since the introduction of GDPR and 40 percent don’t feel companies take data breaches seriously, according to a recent Marketing Week study. In only aiming for the lowest GDPR bar, firms have missed the opportunity of turning consent and privacy in to a way to build relationships, earn trust and gain a competitive advantage.
To provide truly engaging digital experiences, businesses must set their sights on a higher level of customer-centric data management that goes far beyond the essentials. Indeed, the biggest mistake we’re seeing in GDPR compliance is leaving the decisions to the Legal department. Too many marketers think that it’s “someone else’s job” and just wait for the lawyers to give them consent language for yet another grey cookie banner. It is vital that marketing take a central role in turning privacy from a compliance issue to a competitive advantage of superior customer experience and loyalty.
The GDPR impasse: a matter of perception
Marketers know that content is what hooks the attention of consumers and keeps them coming back time and again. But that content needs to be tailored or personalised so we can deliver the right messages to the right audiences at the right time. Data is a critical component to creating the right segments, assigning individuals to those segments, and testing the effectiveness of our messages. For that reason, organisations must be focused on exceptional data practices that maximise consent and therefore effectiveness of the personalisation and content stack.
As we begin to see enforcement — in cases like the proposed £183 million fine for British Airways, the £99 million fine for Marriott, and even the rumoured US$5 billion fine for Facebook — regulator compliance is needed not just from a financial risk perspective, but from a customer trust view.
Personalisation can both make or break consumer trust: it can benefit them by adding relevance and value, but it may also fuel privacy issues because consumers are concerned about how their data is collected and used. Despite the appetite for meaningful, personalised content, when it comes to gaining consent businesses still encounter resistance from consumers.
But consent doesn’t have to be an obstacle for organisations or consumers. Rather than operating on a purely functional approach that gets consumers to click and continue — making the organisation legally compliant — if it is well-handled from the start of the marketing funnel, consent requests can be the launch pad for creating deeper understanding of your consumer and in turn providing them with the options they prefer when browsing.
Today, organisations face, on average, a 50 percent bounce rate and 25 percent of consumers running ad-blocking technology. These visitors are completely opting-out of your marketing technology, but are invisible to your consent statistics if you only view “yes vs no” consent resolutions. Those organisations that build earning trust and gaining consent as part of customer experience will earn a higher share of consumers in the technology system and therefore gain structural competitive advantage in the market.
Turning obligation into opportunity
The way businesses ask for consent matters. Intrusive pop-up forms and cookie walls not only interrupt activity, but also leave consumers with a sense of powerlessness; 59 percent say companies don’t allow them to browse their websites unless they share personal data. If businesses want data access, they must reduce friction, and view consent as the first touchpoint of the consumer journey — an opportunity to set new, mutually beneficial rules of engagement. In the case of cookie walls, companies are asking consumers to give access to their personal data and enable tracking before the consumer has even decided if there’s anything valuable on the site. That’s a difficult value proposition to scale.
Put simply, the consent request needs to be a positive experience. Companies need to make this initial interaction a preview of the compliant, customer-focused communications and services consumers can expect after sharing data. In practical terms, this means outlining exactly how and why data will be used, and giving consumers a choice. For example, firms might use an expandable form that restricts disruption by enabling consumers to opt in for multiple sharing purposes at once and, crucially, reject each one if they wish.
By prioritising transparency and consumer control from the offset, companies can boost the odds of gaining consent, as well as encourage individuals to continue along the funnel.
Identifying the consent line
Equally as vital as an enticing welcome is knowing where to draw the line. Given the starring role data plays in determining how online content should be tailored and delivered, it’s easy to see why marketers are especially tempted to collect as much data as possible. But from the consumer perspective, hungry data requests can feel intrusive, increasing the likelihood that they will both lose trust and refuse consent.
Before making consent appeals, businesses should carefully consider how much information they realistically need. More often than not, firms have much of the data necessary to drive impactful content, but not in a unified state. By embracing agile technology that can plug into isolated systems and blend existing pools of freely-given data, organisations may find they already hold a near-complete view of consumers. Combined with other, non-personally identifiable insight — such as recent web-browsing activity and keyword search — this data can help them achieve relevant and contextually appropriate digital marketing. And by issuing reasonable requests that have a higher chance of positive response, this data foundation can be further supplemented to offer optimally meaningful and effective content.
Organisations need to also consider asking for just the data and consent they need to improve the experience. Many sites today ask for geo-location data on first page load — a request that many consumers are likely to refuse as they don’t perceive the value to them. Waiting until a location search, and suggesting sharing geo-location data as a way to improve results — yields higher consent rates, happier consumers, and increased trust.
Forging lasting consumer bonds
Consent isn’t a one-and-done process, and neither is consumer engagement. To prove they are worthy of consent and loyalty, companies must persistently strive to provide high-quality experiences. On the marketing side, this means ensuring interactions are tailored, seamless and consistent throughout the consumer journey. Mismatched branding across mobile and desktop, broken links and low-grade content can be just as damaging to consumer trust as irrelevant ads or overly frequent emails. Businesses must focus on the finer details; sustaining revenue and credibility by maintaining genuinely valuable and accessible, cross-channel content.
Similar principles also apply to data privacy: organisations need to demonstrate a continual dedication to protecting consumers. In the short-term, companies should ensure they have a complete picture of individuals so that preferences can be accommodated no matter which screen or platform they are using. In the longer term, it is essential to allow room for change; ensuring consumers can easily access and adapt their preferences at any time.
There is a growing requirement for companies to shift their attention back towards the real driver of their success: consumers. Amid rising regulation and awareness of how businesses use personal data, consumers understand their rights and are determined to exercise them. To guarantee future prosperity, businesses must up their data and content management game: moving past the compliance minimum to implement consent processes and deliver positive digital experiences centred around the real needs of today’s privacy-conscious customers.
Organisations must treat privacy, consent and data security as customer experience issues. Those that do will get access to more customers and drive better personalisation in the years ahead.