EU data law: What is the challenge ahead for marketers?

In less than two months time Brussels will finally disclose full details of the EU data law, and with it will come a major overhaul of customer data protocol.

But if this was not enough to digest in one go, it combines with the Information Commissioners Office (ICO) and Ofcom also reviewing their guidelines with a view to tightening up rules, plus they are expanding in size and introducing bigger fines for data breaches.

The ICO will double its number of employees this year, and rather than basing activity on investigation of complaints it is actively going out and auditing companies on a large scale as part of a programme to investigate large data users regardless of whether problems have been reported. Just completing basic ICO enquiry forms can take several days.   

In isolation, guideline overhauls by regulators would present the need for a data protocol review or data compliance audit, but together with GDPR they present customer markers and IT departments with very significant workloads.

However, there is some good news. In the latest communiqué updating the content of the EU data law, or General Data Protection Regulation (GDPR) as it is officially titled, there was good reason to be optimistic that it will not be too dissimilar to the regulations we currently have in the UK.

The biggest challenge will be with consumer consent terms, which will not remain the same under GDPR even if very similar to what we have now. This may seem like a relatively minor technicality, but it will involve a huge amount of work. The current terms and conditions accepted by individual members of the public when they consent to receive commercial information will no longer be applicable. The new law will come with new wording for terms and conditions, and it means asking every individual on databases to agree the new terms.

But there can be an upside to all of this because the new opt in permission levels will be familiar, and getting compliance right means heightened and relevant dialogue with consumers, which is something the buying public positively encourages. Good communication based on openness makes consumers buy more.

The biggest challenge will be with consumer consent terms, which will not remain the same under GDPR even if very similar to what we have now.

There are real-life examples and an abundance of research that shows consumers are less concerned about privacy if they are told why information on them is wanted. More than that, most are willing to trade their personal information. A survey for the Direct Marketing Association found that 69% of consumers will exchange their details if the offer is right, and research for IPG Mediabrands found 46% of consumers will swap data in order to receive better targeted advertising, 48% believe their digital identity has value, and 59% want to share data if there is a reward.

A report titled The Rise of Me-Tail discovered that adding personalisation through enhanced data increases sales by 7.8%, and another by Digital Trends found customised content is preferred by 73% of the public. In addition, 78% believe personalised content means brands care about them.

The year of consent

The fact is most customers and prospects will give opt in consent if the proposition is right, and a large number are ready to sell themselves for some kind of reward.

The findings described above are well understood by those that manage customer relationships. But the importance and value of being transparent in the use of data is not universally practiced, and the consent element is something new to customer relationship managers.  

Until now consent has been primarily about terms and conditions rather than explaining a wish to have a valued conversation. Many struggle with simply cutting and pasting standard opt in terms onto web pages or paper forms. Selling consumers on the value of dialogue is currently a rare skill, but one that will have to become common place if valuable data is to be retained.

In the coming two years, asking for opt-in consent is going to be one of the most important concerns in customer relations because it is the necessary starting pointing of being able to communicate in the post March 2018 period after the new law comes into effect. Without consent, data will have to be written off.

In the run up to the legal deadline, brands and retailers have a window of opportunity to learn about the opt-in processes and practice it, whether via telephone, email or in paper form. There are more than two years to prepare, and the starting point should be about ensuring all existing data is audited for compliance. There are a few data companies that will do this at no cost, so it worth considering using a third party for the task. 

In the coming two years, asking for opt-in consent is going to be one of the most important concerns in customer relations because it is the necessary starting pointing of being able to communicate in the post March 2018 period.

As well as consent compliance, there are two other tasks to be faced in preparation for GDPR. There will be a right to be forgotten, and free access data provision, but the latter only applies in reasonable circumstances yet to be defined.  

The right to be forgotten involves companies creating an easily recognisable way for members of the public to request personal information be erased, and the request will have to be acted upon promptly.

Access data – the right of individuals to see what data is held on them - will be free rather than the £10 that can currently be charged. For major users of consumer data, such as financial companies, providing members of the public with details of their data files could add up to be an expensive procedure.

To avoid fines that could be as much as four percent of turnover it is better to start work on compliance sooner rather than later. March 2018 may seem a long way off, but given the workload involved for those that rely on customer data there is not much time.

Dene Walsh is operations and compliance director at Verso Group, and chair of enforcement and regulation hub, at the Direct Marketing Association Contact Centre and Telemarketing Council.