GDPR forces business to consider us as individuals; to think about the relationship they have – or would like to have - with us.
They need to understand and document where their data came from, how they use it and how the people involved would expect them to be using their data.
If a business can’t answer those three things and demonstrate how it got to those answers, it is very unlikely to be GDPR ready.
Getting and recording customer consent is understandably a hot GDPR topic, but you don’t actually need someone’s consent to use their data in some circumstances.
Future seminars through C4di will see me discuss what these are but let’s take a look at two questions which come up every time when it comes to GDPR and consent.
I have a mailing list of x thousand people. Will GDPR stop me being able to send them marketing emails?
If your list is one of farmed email addresses generated by guessing the names which prefix a domain until there is one which ‘hits’ and delivers – NO. You will not be able to use that data.
If your list is one of clearly opted in people and you can demonstrate that – YES, of course you will be able to use that data as before.
The truth is most businesses will be somewhere in between.
They will have a mixture of properly opted in data which will see very little change needed and instances where what the data subject has agreed to is less clear.
The second category will need to be reviewed. You may need to obtain clearer consent from some of the people and stop using the data of others altogether.
Either way, GDPR is a great opportunity to consider who you are communicating with and why.
So, should I just email everyone in my database and ask them to provide consent?
Moneysupermarket, Flybe and Honda are just three examples of firms who got their ‘consent recertification’ campaigns wrong.
Moneysupermarket even emailed thousands of ex-subscribers asking them whether they were sure they wanted to opt out!!!
Let’s assume you have correctly identified a group of people who you should be contacting to clarify their consent, how do you do it?
Again, tailor it to the people you are contacting and sell the benefits of staying on your list.
I received an email from a firm which told me that their newsletter in May would be the last I would receive as my subscription is about to run out.
If I took no action the ‘subscription’ would expire and I would receive no more emails from them.
I could however click a link to renew my subscription to their newsletters.
This was essentially obtaining my consent all over again; but the company concerned took the opportunity to find out what I wanted to hear about and how.
They gave me a number of communication methods to choose from and a list of areas they could send me information on. I was able to choose exactly what I wanted to hear from them about.
I came away happy with how they planned to use my data and more interested in their next newsletter(s) as I was confident they would contain something of interest to me.
They undoubtedly have a smaller list of subscribers, but that list contains only people who want to hear from them and confirmation of the areas they want to hear from them about.
Customer Data is a valuable asset but this does not mean the more data you have, the more valuable it is. Less, higher quality data has a real value.
GDPR may seem an inconvenience, but it also gives you the opportunity to get the data you hold and use into a valuable condition.
If you carry that exercise out with one eye on how you would expect business to treat your personal data – even better.
Get in touch with Michael: