The most up-to-date followers of the news will have noticed that GDPR legislation will be on us in little over a year. This will oblige companies to review the way in which they manage the personal data of their clients, affiliates and members. It relies on five pillars:
- Access to data;
- Identity management;
- Data governance;
- Data protection; and
- Auditing and data administration
If the use of their personal data results in a disappointing customer experience, the penalty is likely to be swift and sudden. The consumer will be able to review, or even withdraw, their consent. They may even use the “right to forget” provided by legislation if the experience is particularly poor.
Companies need a process to make consent management interpretable and comprehensible. They might, for example, consider a kind of “privacy profile” with three levels of consent: restrictive, intermediate and permissive. Each of these would need an exhaustive description of the uses of personal data associated with it.
At the same time, why not spell out the reductions and benefits granted according to the level of consent given? As Stephane Amarsy pointed out in his book: “We are at the heart of the win-win relationship, which involves a perception of respective interests and an understanding of common benefits”.
This may sound complicated and challenging but the implementation of the GDPR is likely to involve a jump in value in the quality of customer data. With full consent, marketers will have access to fuller, more reliable, more recent and more exploitable customer data. This can only make analytical marketing even more relevant.
Yes, the GDPR imposes obligations, but is also provides new means to achieve it, and improves the quality of the tools and data at the disposal of marketers. It is not all bad.
Another benefit to GDPR compliance will be a better understanding of the data held by the organization. The right for consumers to be forgotten, and the need for much stronger data governance as a result, means that organizations will need to know exactly what data they are holding, and where. Individual departments and systems will need to be linked up, so that data in one area is not retained in error after a request to be forgotten. That, in turn, means that marketers will no longer have to go looking for the data they need, because they will already know its location. They will no longer have to think about what use they can make of it, because these uses will need to be defined ahead of time, for absolute transparency. And finally, better care taken over mapping and managing data means better quality data, which in turn means more reliable insights generated through analytical tools.
You can then use analytics with this customer data to make your messages relevant, and ensure that every customer’s experience is unique.
It is clear that in this context, companies are not only required to comply with the regulator’s authority, but as many “micro-authorities” as it has customers. As Stephane Amarsy said in his excellent book, “My Marketing Director will be an algorithm”(in French): “After May 25, 2018, companies will no longer have a choice, they will have to sell a promise of quality, [and]relevance through personalization, so that [c]onsumers give their consent “.
- The term “data governance” includes “management of consent”. In other words, this pillar requires the organization to obtain the explicit (and time-limited) consent of all their clients to be able to exploit personal data. It will be necessary to specify what is meant by “exploitation of the data”, and that is where it gets interesting. The marketer will need to pro- actively establish an exhaustive list of the uses being considered. This will not only need to be totally transparent, but is also likely to create expectations among those who see this list!
The new legislation is challenging, but SAS® will be at your side to support you in this process.