GDPR is on everyone’s minds and it’s been difficult to ignore the number of oddly-worded emails filling up our inboxes.
Every business operating in the EU is affected by the new data protection regulation. Some have grown anxious over what re-consent will mean for their CRM system and sales, while others see this an as opportunity to cleanse their databases, retaining only highly-qualified leads.
One of the main challenges the re-consent process has thrown up is how to do this in an ‘on brand’ way. As we’ve seen, there have been good and bad examples, with some companies delivering well-thought out or attention-grabbing communications way ahead of the deadline and others leaving things to the last minute and spamming customers with jargon-filled emails.
This isn’t surprising: Softcat’s own research in October last year showed nearly half of organisations (42 percent) surveyed didn’t think GDPR was a priority for their business, even though those who fail to meet compliance could pay a considerable fine of up to 4 percent of global turnover or €20,000,000.
A recap on the rules
Under the new rules, to keep using customers’ data, businesses had to identify a lawful basis for their activities. Many have taken steps to gain active consent to statements whether in writing, orally or electronically. Companies can no longer rely on silence or pre-ticked boxes.
The majority of companies chose the email route, with footers or banners for logged-in users being another popular choice. To gain consent from potential new customers, positive action has meant that ticking a box when visiting a website or when choosing technical settings for cookies.
Beyond telling customers who you are, why you are processing their data, how long it will be stored and who receives it, the rules were less clear when it came to adding brand personality.
This meant most companies grappled with the question – “do we choose a fun and original message or a more traditional, corporate style?”
Google: taking the lead
Not surprisingly, Google led the way and started the re-consent process two years ahead of the deadline.
Its marketing team believed this made good business sense and allowed them to position Google’s brand message as one which took people’s concern over how technology companies are using their personal data seriously.
By being clear and transparent from the word ‘go’, Google encouraged consumers to think about how the data trade-off could improve the services they receive.
It launched a privacy link on its homepage, linking through to a site explaining what data it has and how it uses it. The online search giant launched six controls that can easily switch on or off including search history, videos watched and location.
Virgin and Brewdog: getting creative
Virgin saw spamming customers with GDPR consent emails as a last resort and demonstrated the creative thinking it’s famous for. The company accepted losing contacts was inevitable and prioritised acquiring new customers instead of trying to retain those who showed little interest in the brand.
Making the most of its sponsorship deal with ITV’s Saturday Night Takeaway, Virgin saw an opportunity to collect mass data in a fully GDPR-compliant way. It would be hard to resist the chance to win a free plane ride to Orlando, Florida. 250,000 entrants proved this theory correct and handed over information including email addresses, creating high-quality CRM leads.
Another strong example is Brewdog who gave away 1 million bottles of its IPA for those who signed up to its mailing list. This increased brand and product awareness while capturing customer data in a legally compliant way.
Incentivising consent can be controversial as the regulation requires consent to be freely given. It’s important that organisations are mindful of this as in draft guidance the ICO have said joining a loyalty scheme with access to vouchers as part of marketing does not amount to a detriment for refusal.
To counter any uncertainty some organisations have taken the approach of allowing individuals to enter such competitions while still giving them the choice to opt in or out of marketing.
Missguided: keeping it real
Missguided’s “WTF is GDPR” email campaign stood out and it’s obvious why. The UK-based online women’s retailer chose to speak to its customers in a language it knew was engaging and would make them sit up and take notice, by using funny celebrity GIFs and calling them “huns”.
It took the angle that although GDPR may seem boring to some, it is actually empowering them to take control of how their data is used. Putting a positive spin on this makes the re-permission campaign more effective.
PwC’s re-consent email included everything the ICO would want to see. Who’d expect anything less from the consultancy firm?
In keeping with the brand, its best-practice email was professional in tone, informative and clear. It included a link to the PwC privacy statement, two equal-sized buttons to opt in or opt out and a large notice stating recipients failing to respond would be automatically opted out.
So, what’s next?
The GDPR deadline’s about to come and go, so what next?
Well, the most obvious point is many customers won’t have given consent for organisations to use their data or would’ve simply ignored communications, resulting in them being removed from contact lists.
However, marketing strategies have focused on quantity over quality for far too long. These new regulations are challenging every business to conjure up new and exciting ways to engage both new and existing customers in sharing their all-important data.
Companies will see the number of subscribers drop significantly but this does have its positives. Those who choose to allow businesses to keep their data are more likely be stronger leads and will take more from future marketing campaigns and business updates.
Mark Overton is the information security officer at Softcat
Further reading on GDPR
Data protection officers, security issues and the positive impacts of GDPR