Insider Perspective

Marketing in a post-GDPR world: what’s changed?

In an increasingly data-driven world, the GDPR aimed to give consumers more control over their data and protect them from privacy and data breaches.  How are we faring so far?

In the digital age, marketing professionals are not only bound by a code of ethics to uphold their customers’ fundamental right to privacy, but also legally obliged to do so in line with the latest data protection regulations. The landmark General Data Protection Regulation (GDPR) has been in force across the EU since May 2018 – giving birth to a new era of data management practices, as regulators and responsible organisations work hard to keep personal information private and secure, and give customers control over their data. 

While the GDPR represents a much-needed shift in mindset, it has also had a substantial impact on the organisations that serve people in both the private and public sector. Beyond shouldering a new compliance burden, many of these organisations have also had to overhaul systems and processes, including their marketing practices.

Let's look at the facts
 

More than a year has passed since the GDPR was introduced. What has changed?

At a time like this, it’s important to take stock of the challenges experienced as well as the lessons learned during the GDPR’s first year.

Are customers more aware of their rights?

According to the European Data Protection Board (EDPB), most national supervisory authorities report an increase in queries and complaints received during the first year of GDPR compared to the previous year. Over 144,000 queries and complaints and over 89,000 data breaches have been logged by the supervisory authorities in the European Economic Area.

This is more than likely due to an increased awareness among the general population of their data protection rights. During 2019, EU citizens have been polled on the topic through the Eurobarometer. This survey found that 67% of respondents knew about the GDPR; and 57% said they were aware of a public authority in their country responsible for protecting their data privacy rights.(1)

Another survey, conducted by Deloitte across consumers and organisations in 11 countries (both inside and outside the EU), reveals that consumers are more aware of data protection issues, with 58% saying that they are now more cautious when sharing personal information online than they were become the GDPR came into force.(2)

Has there been an increase in customer trust and confidence?

According to the Information Commissioner’s Office (ICO) in the UK, customers have more confidence in the way that organisations store and use their information post-GDPR. Their levels of trust and confidence have increased from 21% in 2017 to 34% in the latest study.(3)

Reinforcing this finding, the Email Tracker Report published by the Data & Marketing Association (DMA) in the UK found that now, after the introduction of the GDPR, 41% of consumers are more comfortable and confident that brands are handling their data correctly. (4)

Do customers have more control over their data?

While there has been an increase in customer awareness, trust and confidence, there is still room for improvement, especially when it comes to one of the GDPR’s primary intentions – the transfer of data decision-making power from the organisation to the customer. According to the Deloitte study mentioned earlier, most people do not yet feel that they have gained enough control over their own personal information.

At this point in time, it seems as if many organisations are obeying the letter of the law, but not living up to the spirit of the law. Rather than approaching this as a pure compliance exercise, more companies need to view the GDPR era as a new chapter – and an opportunity to be more customer-centric in their data management practices.

Are customers still receiving spam?

According to the new data laws, any organisation communicating with customers via email or text message must ensure they have explicit consent from each customer to use these marketing channels. However, research charity Nesta found (six months after GDPR implementation) that 60% of UK internet users felt they had no more control over how many marketing emails they were receiving than they had before the rules came into force. And, of the 2,000 people surveyed, around 22% said the number of spam emails they had received had actually increased post-GDPR.(5)

Clearly, there’s still more work to be done by many marketers to ensure they’re not sending unsolicited, indiscriminate and irrelevant messages to their customers.  

Are marketers GDPR literate?

Before educating customers on their data protection rights and assuring them that these are being respected, marketers need to fully understand the law. According to DMA research, 90% of marketers say they have a good knowledge of the GDPR and 89% have received formal GDPR training during 2018.(6)

That being said, the new legal environment has been a steep learning curve for some companies. For example, Telecoms company EE was fined £100,000 by ICO for sending around 2.5 million text messages to consumers without their consent. The organisation initially stated that it had sent the texts to provide service information; and they were therefore not required to obtain consent under electronic marketing law. However, the ICO ruled that the texts also included a direct marketing message (relating to a phone upgrade). EE has since accepted ICO’s ruling and apologised to its customers.(7)

This case highlights how important ongoing training and education are, even in companies that believe they have a sound understanding of their compliance obligations.

Challenges that still need to be addressed

Some organisations have worked hard to maintain compliance within the GDPR and implement customer-centric data protection policies. Given the findings discussed above, however, others still seem to be struggling to wrap their heads around the law, let alone embed the principles of the GDPR into their businesses.

During this transitional period, three major challenges have become evident:

1. A lack of clarity

Despite being in force for more than a year, there’s still some uncertainty and confusion when it comes to how the GDPR should be applied day-to-day. This is largely due to the fact that the GDPR is principles-based, which means that every organisation has a duty to conduct a risk assessment in order to determine which activities pose a risk to customers’ privacy rights. These findings must then inform a risk-based approach, where each organisation sets their own appropriate data protection policies and practices.

2. Risks evolve along with technology

Adding to this challenge is the speed at which sales and marketing technologies are developing. These tools may create exciting new data processing opportunities, but they also put customers’ data privacy at risk – and organisations need to understand the legal implications.

For example, the ICO recently raised concerns about adtech organisations relying on “legitimate interest” as a lawful basis for processing data during real-time bidding (RTB) methods. As stated in the ICO report on this topic, “One visit to a website, prompting one auction among advertisers, can result in a person’s personal data being seen by hundreds of organisations, in ways that suggest data protection rules have not been sufficiently considered.”(8)

While case law for the GDPR has begun to emerge and industry bodies will hopefully provide clearer guidance going forward (especially for UK-based businesses who are also navigating Brexit), organisations need to be proactive in gaining a clear understanding of the risks associated with all their data processing activities, online and offline.

3. The pace of enforcement action has been slow

While there have been many threats of enforcement action, authorities have been slow to issue penalties. Despite 10,000 reported breaches in the UK – the ICO has only published 127 enforcement notices in the past 12 months. (9)

Before organisations become too complacent, however, they must understand that investigations take time. A case in point is the recent announcement that, pending an appeals process against the scale of the penalty, British Airways could face a record £183 million fine for last year’s breach of its security systems, which compromised customer data. This would be the largest penalty that ICO has handed out since the new laws came into effect and first to be made public under the GDPR. (10)

It stands to reason that the future will hold tighter enforcement. Businesses of all sizes must make sure they are fully aware of their compliance obligations and that data protection is at the centre of everything they do, or they could make an expensive mistake.

What’s needed going forward?

Here are some recommendations for best practices as your organisation navigates a more mature GDPR environment.

1. A change of mindset

Rather than focusing on data protection as a tick-box exercise, it can be viewed as a way to show the customer that you care deeply about their right to privacy. This can go beyond reducing compliance risk to increasing trust and confidence in your brand – becoming a competitive advantage.

When individuals trust an organisation, they are more likely to share data more openly with the business. According to the Deloitte study, “The ethical use of data, which can reside in the grey area between regulatory compliance and a higher standard, is seen as an increasingly important driver in this level of trust.” (11)

2. A company-wide commitment

Misinterpretation, ignorance and complacency are often responsible for data breaches. This calls for clear and well-communicated data protection policies that gain commitment at every level of the enterprise. Marketing, sales and other functions must work together to ensure that treating customer information responsibly and respectfully becomes an integral part of every business process. Think of it as an enterprise-wide commitment to earning and maintaining the customer trust.

3. Clear communication

The Deloitte study referenced earlier found that many customers are not reading privacy policies. Often, these are treated like fine print, which makes them unappealing and easy to ignore.

Marketers can play a valuable role here by finding more compelling ways to keep customers informed and more effective ways to ask for their explicit consent. This involves clearly explaining why you’re asking for personal data, how this information be used, how this will impact the customer, and so forth. If you communicate this in a user-friendly way, customers are more likely to feel comfortable about sharing their information. Ideally, you could view every piece of GDPR-mandated communication as an opportunity to engage with customers and build the relationship.

4. Expertise

All this considered, you may realise that your data protection practices – and your data itself – could do with some refining and work harder for your business.

If you want to make sure that your data is accurate and compliant, and that you’re only engaging in relevant, consent-based communications with your customers, it may make sense to pull in an expert partner to help address any issues. That might be a consultancy that can give advice and guidance on your processes, or a data-cleansing provider that can make sure you have a clean, accurate database for your sales and marketing communications.

Addressing areas of concern will not only minimise risk of incurring costly fines, it will bring other benefits such as enhancing relationships with your customers and increasing trust and confidence in your brand.

A challenge and an opportunity


While the new regulatory landscape is not without its challenges, it can also be viewed as an opportunity to change the way that you treat your customers. By respecting their right to privacy and being more transparent, you may find that good GDPR practices enable you to improve lead quality, increase conversion rates, reduce churn and build lasting and lucrative customer relationships.

If you need help in creating a clean, accurate and compliant database, our specialist CATI agents provide expert phone-based data services. Used strategically to target a cleansed, profiled database, our telemarketing services can help build relationships with your most valuable clients and prospects, at the same time enriching your data with insight to deepen future relationships.

If you’d like to discuss the ways we can support you, please get in touch.
 



(1) https://edpb.europa.eu/news/news/2019/1-year-gdpr-taking-stock_en
(2) https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf
(3) https://dma.org.uk/uploads/misc/new-gdpr-one-year-on_v13.pdf
(4) https://dma.org.uk/uploads/misc/new-gdpr-one-year-on_v13.pdf
(5) https://www.telegraph.co.uk/technology/2018/11/24/eu-data-rules-have-not-stopped-spam-emails-nesta-survey-finds/
(6) https://dma.org.uk/uploads/misc/new-gdpr-one-year-on_v13.pdf
(7) 
www.research-live.com/article/news/ee-fined-for-unlawful-marketing-texts/id/5055452
(8) https://ico.org.uk/media/about-the-ico/documents/2615156/adtech-real-time-bidding-report-201906.pdf
(9) https://www.b2bmarketing.net/en-gb/resources/articles/gdpr-what-has-happened-one-year-plus-find-out-how-set-data-retention-policy
(10) https://www.bbc.com/news/business-48905907
(11) https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf

Related articles

Lose the language barrier: the value of multilingual marketing

Lose the language barrier: the value of multilingual marketing

Wednesday, September 4, 2019
Find out more
Creating an emotional connection in the era of hyper-personalisation.

Creating an emotional connection in the era of hyper-personalisation.

Monday, March 18, 2019
Find out more
When analogue and digital meet, marketing magic happens

When analogue and digital meet, marketing magic happens

Thursday, February 14, 2019
Find out more

Our full range of telephone services

Data Services

Do you want to improve data quality, increase marketing ROI, and ensure GDPR compliance?

Data Cleansing
Data Cleansing
Expert data cleansing creates clean, accurate and compliant data that matches your target audience
Read more
Data Enrichment
Data Enrichment
Data enrichment delivers the insight needed to connect better with your target audience
Read more
Email Opt-ins: GDPR
Email Opt-ins: GDPR
Boost engagement and ROI with consent based communications
Read more

Pre Sales Research

Do you need actionable insight to inform your sales and marketing strategy?

Pre Sales Research
Pre Sales Research
Arm your sales and marketing teams with clear customer intelligence and accurate data.
Read more

Telemarketing

Want more opportunities to drive revenue?

Lead Generation
Lead Generation
High-quality lead generation at every stage of the customer journey
Read more
Call Handling
Call Handling
Professional outsourced customer service. We can provide your customers with an expert, personalised service – making every interaction count
Read more
Appointment Setting
Appointment Setting
Successful appointment setting requires meaningful human interaction with senior decision makers
Read more
Lead Management
Lead Management
Drive value by improving lead flow, quality and conversion
Read more
Event Marketing
Event Marketing
Strategic event marketing can generate higher demand and deliver greater value.
Read more
Lead Qualification / Nurture
Lead Qualification / Nurture
Move leads through the funnel more strategically with our expert lead qualification and lead nurturing services
Read more

Sales

Is your sales strategy driving the results you need?

Telesales / Inside Sales
Telesales / Inside Sales
The quality of your Inside Sales skills can be a key differentiator in a competitive market.
Read more
Account Based Marketing
Account Based Marketing
Smart account based marketing helps to increase profitability, reverse churn and increase customer lifetime value.
Read more

Post Sales Research

Is your customer intelligence keeping pace with your business goals?

Welcome Calls
Welcome Calls
An effective welcome call helps to create a foundation for a lasting relationship. Retaining customers costs less than acquiring them, so it makes sense to have a robust retention strategy in place – starting as soon as a prospect is converted.
Read more
Customer Satisfaction
Customer Satisfaction
Measure customer satisfaction and gain a more nuanced view of your customers’ experiences through phone-based surveys.
Read more
Treating Customers Fairly / Compliance
Treating Customers Fairly / Compliance
An FCA authorised and regulated business, our expert team can help you meet your TCF compliance needs with greater confidence and increased customer insight.
Read more