Bar the odd agency fee scandal once every ten years or so, marketers are not known as law breakers, but there is a very good chance many will be before the end of 2017. This is because most are sleeping walking towards the introduction of the new EU data law, or General Data Protection Regulation (GDPR).
It will be a law with proposed fines of hundreds of millions of Euros, or five per cent of turnover, plus the possibility of consumers being able to claim damages for misuse of data.
No matter the degree of obvious frustration the new regulations will bring, brands and agencies do need to prepare to be data compliant, or write off hard won consumer information.
To meet the forthcoming compliance standards data owners and users have to ensure data meets the new consumer opt in permission rules, and where it does not conform then refresh consumer permission to the new standard by contacting customers and prospects and asking for the new level of consent. There is also a requirement to create an effective storing system for individual consent forms, and build a process through which consumers can act upon the right to have their information removed.
Given the degree of complexity involved it is important to seek help. Few brands or agencies are equipped to manage the compliance task, but when seeking support only take it from established reliable sources. A heritage in compliance and the technicalities of the forthcoming legislation is essential. It is important to identify the right sources of help in what will inevitably become a small industry of EU compliance advisors.
One of the key tasks is to appoint an individual within the brand company or agency who will be responsible for overseeing the introduction of the new regulations. They should be given ownership of the task, or there is a risk that compliance will get pushed back and forth and ultimately not get done.
Whoever becomes responsible should establish clear guidelines made known to all marketing or agency personnel. They should describe what can and cannot be done with existing data, and new or refreshed data. This will minimise disruption and allow for safe planning and creativity.
GDPR will mean data audits and protocol change. This cannot be rushed, and months of work may be involved, often involving changes to software. For example, no current CRM software system has a facility for storing consent forms.
Although the new EU law may not come into effect until the end of 2017, or even later, it may take some brands more than two years to prepare. Even starting work on compliance today may be too late for some. Not undertaking the compliance process early is therefore a risky strategy. Not being prepared could be costly in terms of financial penalties, but also in any last minute intensive bid to play catch up, or damage to brand reputation.
To continue using existing data there are three key tasks that have to be completed. Establish whether the level of opt in permission meets the new unambiguous terms required, refreshing it appropriately, and storing consent forms from every consumer, whether in electronic or paper form.
Even among some specialists in consumer data compliance there is confusion about how consent should meet the ‘unambiguous’ permission criteria stipulated in the forthcoming law. Perhaps the best way to describe how opt in permission will work in future is that it will be like a traffic light system. Consent will have to be sought and provided if you want to convey information about a given subject to a customer or prospect through a given communication channel. If at a later stage there is a desire to communicate about another subject in another way it is like stopping at another set of traffic lights at which fresh permission must be asked in order to move forward once more.
The storage of consent forms is something that most data owners have never undertaken as it has not been necessary. Under GDPR all forms will have to be presented if requested to do so by the Information Commissioner’s Office (ICO), so it is important to get this right.
The other key job is to create a facility for consumers to have their data removed if they request it. It is recommended that a system for doing this quickly and efficiently be established, including the creation of a contact point that members of the public can easily identify.
Inevitably there is a temptation to cut corners, or put off some elements of compliance, but these are not realistic options. Sooner or later all companies will come under scrutiny from either the ICO or members of the public, and the likelihood of rigid compliance enforcement and heavy fines combines with the potential of consumers having the right to obtain damages for misuse of data. There is even the possibility that a PPI type trend may emerge with members of the public demanding compensation on a large scale. Plus there is also the significant potential for damage to brand reputation.
Of equal importance to meeting the new compliance regulations is maintaining a new data regime. This is best done through regular reviews. It is easier to put problems right through scheduled checks than risking sanctions, or having to undertake data overhauls.
Obtaining qualified third party assistance that can objectively assess processes is an effective way of ensuring major compliance updates are not needed, and will also provide advice on improving protocol and making better use of data.
GDPR compliance is far from welcome, but it does present a positive opportunity. If you have to obtain revised opt in permission by creating dialogue with consumers, you can use it to learn a lot more about them, find out their real buying potential, buying triggers, and at the same time sell directly to them. Compliance can be used as a catalyst for obtaining greatly improved knowledge and driving sales.
One form of communication that functions well in this circumstance is the use of sophisticated telemarketing using well trained operators that can work to multi layered scripting. They can accurately interview consumers to obtain information while appearing to conduct non-interrogative dialogue. Valuable information can be gained, they can record verbal opt in permission that can be stored electronically, and make any one of a range of different sales pitches based on the details they obtain.
The forthcoming EU regulations are an unwanted challenge, but with it is the possibility of improving communication with consumer targets, generating valuable new data and making direct sales. Instead of viewing GDPR negatively it is possible to meet it head on in a positive way. Investment required in becoming data compliant can more than be recovered by using the new law as an opportunity.