Some companies will soon find they are barred from using customer and prospect information they have spent years painstakingly building. This is because a huge number of companies are sleep walking towards the time when General Data Protection Regulation (GDPR), the forthcoming EU data law, will come into effect.
For brands that use data that does not comply with the new permission based rules there is a proposed fine of up to 100 million Euros, and the possibility that consumers will be given the right to claim damages for misuse of data that may replicate the situation of PPI. The new law is due to be introduced by the end of 2017.
Compliance is the key factor in all of this. The biggest challenges are auditing data to establish whether it meets the new consumer consent standards, and where it does not there will be a need to refresh opt in permission by contacting individual consumers, gaining their opt in permission, storing the individual consent forms, and providing a method that allows consumers to have their information removed on request.
But there is actually an opportunity to make GDPR pay dividends in sales and market knowledge. The following steps are a guide to getting this right.
- Act now. The new law may not be introduced for two years, but it could come as early as next year. Some companies that are heavily data reliant will already be too late to introduce compliance programmes that are ready in time.
- Seek advice, but only from those with a background in handling compliance, data and market planning. They will understand the current technical situation companies find themselves in, and how changes should be applied.
- Appoint an individual responsible for overseeing the introduction of the new regulations. New compliance protocol should be clearly set out and made known to all sales and marketing personnel with guidelines on what they can do in terms of data.
- To be able to use existing data there are key criteria that will have to be met. It is necessary to ensure the level of opt in permission meets the new unambiguous terms required. If it does not new permission will have to be sought from consumers, plus the consent forms used will have to be stored whether in electronic or paper form, and be presented if requested by the Information Commissioner’s Office (ICO). This may be complicated by the fact that few, if any, CRM systems have facilities for storing electronic consent forms.
- Another other key element to put in place is the facility for consumers to have their data removed if they request it. A method through which this can be done quickly and efficiently should be established.
- Once the new compliance regulations have been met it will be sensible to adopt a data regime that includes regular compliance reviews. It is easier to put problems right through scheduled checks than risk sanctions, or having to undertake major overhauls. Appointing a qualified third party will provide independent expert analysis, and suggestions for constructive improvement.
For most brands there will be considerable investment in becoming data compliant, but it does present a positive opportunity to increase knowledge on consumers and sell directly to them.
What may be most effective is the use of sophisticated telemarketing using well trained operators that that can work to multi layered scripting. They will be able to accurately interview consumers to establish buying triggers, while appearing to conduct a non-interrogative dialogue. Good tele operators can gain valuable information on the buying potential of individuals, record verbal opt in permission, sell direct, but most important, they can be used to make GDPR become a catalyst for improving sales performance.
By Jeremy Whitaker, chairman, Verso Group