Share this content

Opinion: Why GDPR will fail

5th Jan 2018
Share this content

Control. Rarely has there been a year where we crave it so much yet appear to have so little.

No one can be delighted with how Brexit is unfolding, Republicans and Democrats alike have unresolved issues with their President in the US and Twitter has never felt like more of a battleground. Elsewhere online, we often believe we have some control over what we see and what others see of us but the reality can sometimes be very different.

Control has become the obsession of the modern age. New research from Thales e-Security shows that half of UK consumers simply don’t trust anyone with protecting their personal information anymore.

Concerned with halting the rampant over-use and misuse of consumer data, GDPR makes its use conditional. For every bit of data companies use, they must have explicit permission from the customer.

This, the EU believes, is the perfect counterpoint to the perceived wild west of customer data use today. It is wrestling power away from the corporate overlords and putting it back in the hands of us consumers.

Except, I don’t believe the legislation will stick. Why? Because it’s not what customers really want.

The problem lies not so much in companies using personal data. Although consumers have some idea, they often still don’t know how or why companies have got their information, or why they’re suddenly being bombarded by emails.

Consumers’ gut reaction to this situation is to try and stop companies knowing so much about them. Why do you want my last three addresses? What are these cookies, and why must you drop them everywhere?

GDPR is a hammer to crack a nut. Consumers want companies to give them exactly what they want, quickly and easily. They don’t want to repeat themselves every five minutes. They don’t want getting what they want to suddenly become a complex process. The whole pyramid of customer experience they have come to expect and enjoy is built entirely on that data - without it, it crumbles.

A nasty shock

The figures speak for themselves. Businesses have to work out how to gather permission for every piece of data they use. Having become used to using data to personalise, target, inform and serve customers, that’s a whole lot of unravelling. It’s no surprise that 42% of businesses claim to be struggling to comply, six months out.

If they do comply by May 2018, the customer could be in for a nasty shock. Visits to websites, calls to contact centres that were all previously met with a ‘welcome back’ or ‘how can we help today, Mr Jones’ could generate ‘Who are you and what do you want?’. All for the want of an unticked checkbox. Or ten.

And how easy are those checkboxes to find? Well now that they’ll need to be will the customer even know what they are for? According to research at the end of 2017, 70% of consumers haven’t heard of GDPR, let alone know what to do about it.

The biggest problem is that the entire concept of legislation isn’t up to the job of protecting the customer. It’s too slow, too general, too lumpen to cope with our era.

Let’s not forget the inexplicable way we’ve gone about teaching consumers how to protect their interests online.

First - establish a series of esoteric questions and answers to maintain security.

Second - avoid ticking all boxes if you don’t want to be signed up to all manner of newsletters and third parties.

Now, thirdly, tick boxes to give permission to use some data - not all, just the stuff we need. Today. There will be a different box tomorrow for the information we need tomorrow.

Are we quite certain we’ve driven the consumer to distraction yet? I’m sure we could come up with something even more fiendish if we really thought about it.

But the biggest problem is that the entire concept of legislation isn’t up to the job of protecting the customer. It’s too slow, too general, too lumpen to cope with our era. An era in which innovation happens at light speed.

Legislation might have worked in the world of ten years ago when name and address was pretty much all marketers still had to go on, when phones were only just contemplating becoming smart and when a high street bank branch wasn’t a development opportunity for another coffee franchise or juice bar.

Today innovation can’t wait for legislation to catch up. In the first instance, customer expectations have been set. Things can change of course, we’ve seen that more than enough over the last 10 years. But we all know that if there’s one direction expectations can’t go, it’s backwards.

Set up to fail

Protection is needed. That isn’t up for debate. All those involved in using customer data need to know where the boundaries are and the consequences for crossing them. For the most part, seeing customers fleeing your brand in droves should be enough, but sanctions are still valid.

But you can’t micromanage the digital world the way GDPR does. It is set up to fail and I can see only a handful of futures for it.

In one, it becomes white elephant legislation, nominally in force but so widely ignored as to be irrelevant. Or potentially a large corporate (or collaboration of corporates) could challenge the legislation, forcing significant amendments or total revocation on the grounds of punitive cost and unworkability.

Most likely though will be corporate representation to the EU on the back of a tsunami of customer complaints. When useful personalisation vanishes, and customer experience levels plummet. Marketing that was at least useful and relevant just becomes more drivel clogging up the screen.

There is no argument that customers and their data should be valued, cherished even, and protected from misuse. But the most effective way to promote that is through education, best practice and solid strategy, not 88 pages of legislation.


Related content

Replies (1)

Please login or register to join the discussion.

By Greg Grimer
10th Feb 2018 13:27

I tend to agree with this.

Having spent decades using and refreshing marketing data, I simply can't see the majority of firms complying. The EU cannot prosecute a million firms. A few fines will be handed out, large international businesses will complain, cross border [***]-for-tat will be threatened and the whole thing become a white elephant with only egregious breaches where a huge amount of personal data a company had no permission to hold in the first place is then stolen/lost.

The GDPR law is then brought out to punish that firm, (in reality for losing the data).

Another possible outcome is that a new business rises up that partners with users to lease their personal data to firms that want to send them marketing messages and sales approaches. I believe such businesses exist already but none has anywhere near critical mass. If there was something in it for the end user/consumer from cash donated to their favourite charities to free Starbucks gift-cards, and, if the information broker could offer the marketers highly targeted and relevant audiences (because you are cooperating with the broker) then I could see that model being superior for all parties involved.

The flaw is that the broker would get greedy and kill the goose.

Thanks (2)