If I’m being honest, data privacy is a topic that tends to elicit more eyerolls than expressions of enthusiasm among marketers. After all, data is supposed to be the fuel that powers the modern marketing machine. Marketers are awash in myriad types of data about past, current and potential future customers. Personal information, purchase history, web behavior, social graphs, second- and third-party audience segments — it’s all synthesized, sliced and scored to optimize marketing outcomes, often to great effect.
In addition to the promise of increased effectiveness for marketers, there is an implied value to consumers: receiving benefits — discounts, special offers, tailored experiences — in exchange for their personal information. Yet many consumers no longer view this tradeoff as fair. In research conducted in 2015 by the University of Pennsylvania’s Annenberg School of Communication, 84% of Americans reported a desire for control over what marketers can learn about them online. But close to two-thirds also reported resigning themselves to accept having little control over marketers’ collection of data.
Brands might sense an opportunity to differentiate by providing more transparency and control over personal information to consumers. But any organization that does even the slightest bit of business with EU citizens will soon be required by law to offer such control, thanks to the GDPR. Shorthand for the European General Data Protection Regulation, the GDPR is slated to go into effect on May 25, 2018. According to the EU’s GDPR portal, the directive aims to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.”
My colleagues, Bert Willemsen and Andrew Frank, go into the minutiae of GDPR marketing implications in their “What Marketers Need to Know About GDPR” report available to Gartner clients. In essence, the regulation defines rules businesses must abide by when collecting, controlling and processing personal data of EU citizens (though many businesses are looking to implement a global operating framework). Here are three potential ways that the regulation could affect how brands approach personalized marketing:
- “Privacy by Design” becomes a guiding principle for building new customer experiences: Privacy is indeed a technical issue, but it also manifests as a customer experience design challenge. The GDPR elevates the requirement to embed privacy protection, control and portability into experiences that collect personal data and usage consent. Doing so successfully will entail a multidisciplinary approach that will include crafting clear communications regarding consent, designing intuitive user flows and governing how information flows through to the marketing systems that orchestrate each audience touchpoint.
- The elevation of preference and consent management: One construct familiar to CRM marketers that may be applied in a much broader manner in response to the GDPR is a preference management console. Because data control and processing consent must be explicitly granted by consumers and tracked by businesses, a central place to manage these selections becomes paramount.
- The risk of first-party data persistence may outweigh its benefits: One capability touted by Customer Data Platforms in particular is the ability to not just unify but also persist customer data over an extended period of time. Historical customer data across multiple touchpoints helps marketers calculate lifetime value, support segmentation and enable personalization. But the GDPR insists that businesses house data for the shortest time possible and define time limits for erasure or review. Without a legal basis for storing information in perpetuity, brands may need to anonymize historical data to continue use.
Personalized marketing won’t end on May 26 this year. Nonetheless, marketers must elevate the importance of privacy as part of their data-driven initiatives to ensure they comply with the GDPR. Audit your current marketing activities, including what data is collected and how it’s processed. Coordinate closely with your legal and privacy teams about your approach. And think about how you can use a pivotal moment like the GDPR as a way to engender value and trust in your future engagement with customers.