GDPR Compliance: Raising the Stakes for Customer Experience
In the past, many companies treated privacy practices and customer consent as mere checklist considerations. Not much thought was given beyond the bare minimum to maintain compliance with toothless regulations. There were pre-checked marketing tick boxes and “to whom it may concern”-style banners stating that customers who continue to browse a website implicitly agree with the data policies. But now, these methods won’t suffice given the recent GDPR compliance regulations. With fines for non-compliance of up to 20 million euros or 4 percent of global annual revenue, violating GDPR could become a life-or-death question for an organization.
The stakes have become so high that companies all over the world are working tirelessly to enhance their customer experience protocol to comply with new regulations. But as the saying goes, every challenge is an opportunity in disguise. So it is with GDPR compliance; the higher stakes actually give organizations the chance to improve customer experience using their GDPR processes. Here’s how.
GDPR Compliance and Customer Experience
There’s no doubt that GDPR has raised the bar on acquiring and using customers’ personal data. In response, organizations have tried different strategies for obtaining customer consent. According to Finextra, for example, some organizations have chosen to offer their customers something of value, such as a free conference place or a voucher for skincare, in exchange for customers’ consent to use their information. But GDPR is not just about simply appeasing customers and obeying the law — it presents a real opportunity to strengthen customer relationships.
GDPR regulations require organizations not only to ask customers for consent to use their data, but also to disclose what it’s being used for. Additionally, GDPR makes organizations reconsider what data they need to collect and how long they need to retain it to serve their customers. This pushes organizations to become focused on the customer experience, making strategic decisions to protect information and meet the needs of their customer base.
GDPR also gives organizations an opportunity to boost customer engagement. The opt-in model guarantees that customers only receive offers they have explicitly requested and only in the channels they have designated. Hence, by complying with GDPR, organizations can also target customers with relevant offers in sync with the brand. That’s what marketing is all about: delivering the right message, to the right customer, through the right channel, at the right time. So no more unfocused outbound SMS or mass email; in the era of GDPR, communications need to be personalized for the customer.
Risking the High Stakes
In contrast, some organizations fear the massive penalties of GDPR non-compliance so much that they have cut all European customers out of their marketing efforts. Some ad-tech firms in the geo-location-data and cross-device-promotion spaces have already cut out EU customers. Even internet heavyweights have made changes: Facebook pulled the plug on its Partner Categories offering, and Google suspended its third-party ad services and pixel-tracking on YouTube, according to Digital Commerce 360.
Other companies have required their European customers to sign off on every possible use for their data, creating a really terrible, virtually nonexistent customer experience. “No experience necessary” is probably only a good policy for hiring unskilled labor.
To reduce the danger of third-party data, organizations should redact data to remove it on demand for those who invoke their right to erasure. Redaction provides a solution for an organization’s compliance needs, and an auto-redaction tool could simplify the process for managing customer data-privacy concerns.
Today the EU, Tomorrow California
Since GDPR has taken effect, many companies are rightfully concerned about losing customers. Some startups and small businesses, however, believe that those who remain in the database are more active, more engaged, and better candidates for promotional efforts. Early anecdotal evidence cited by Marketing Week seems to back this up: Small businesses cited in the article say they are getting more return on their investment in data protection even while engaging fewer customers. The customers they do engage are interested in their products and receptive to their communications, showing that enhancing the customer experience is the key to using GDPR as an opportunity to improve the overall business.
GDPR compliance is sure to be a business requirement far into the future. And it may only be the beginning — there are reports that Canada, California, and other governments want to enact similar legislation. Focusing on the customer experience is critical to letting GDPR work for your business.