New privacy rules such as the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”) are changing the way that marketing activities are managed. They require companies to more formally organize customer data when executing their customer 360 strategies. Customer 360 is a strategic approach enabling businesses to offer the best customer experience across all channels. It includes having a unified view of all customer touch points with all departments involved in nurturing customer relationships.
Under the new privacy rules, the conditions for obtaining consent to collect, use, and store data is stricter. Marketers now have the obligation to provide consumers with data transparency and consumers now have the right to know how their data is being leveraged. The biggest burden on marketers, and the most important power of consumers, is their right to withdraw consent to having their data processed.
What are the rules?
Separate consents now need to be obtained for each data processing activity. This means marketers must be able to track each consent that the individual gave. Providing an opt-out option is not enough. If after some time the individual wishes to withdraw a given consent, organizations must abide by the individual’s request. However, because the use of data is so strategically important, the organization should continue to include all data not subject to a withdraw request. Balancing a consumer’s right to withdraw consent with an organization’s right to use collected data requires an audit trail that will track what consent was given, when it was given, and how it was given.
If a company used marketing lists, collected user IDs, or leveraged other pseudonymous identifiers that matched known and unknown data, they are still responsible for getting the proper consent information. This is regardless of whether a vendor or outsourced partner was responsible for the initial gathering of the data.
Companies must clearly ask users for permission to use their data and be transparent as to how the data is collected, used, stored and if that the data will be shared with anyone else. Data can only be collected if it is directly relevant for its intended use. If the organization collecting that information later decides to use it for a different purpose, they must get a new consent from each individual. The transparency requirement means that information can no longer be hidden in overly complicated privacy policies with legal jargon that cannot be understood. Disclosures need to clear and “freely given, specific, informed, and unambiguous”.
If a user does not agree to have their information collected, marketers cannot block them from accessing content based on that fact. For example, nothing in the CCPA prohibits a business from charging a consumer a different price or rate, or from providing a different level or quality of goods or services to the consumer, if that difference is reasonably related to the value provided to the consumer by business’ use of the consumer’s data. This rule highlights that the “free” content and services that consumers have enjoyed in the digital age was not free at all. The price consumers have paid is their privacy. A byproduct of the CCPA will be to establish the market value of privacy. This opens the possibility for the creation of new pricing models based in part on a consumer’s desire for privacy.
What does this mean for today’s marketers?
These new rules around data have many marketers concerned with the way that data restrictions around use, harvesting, and access could impact customer 360 campaigns and loyalty programs. However, this is an excellent opportunity for the industry to reinvent marketing by using privacy as a business-maker, not killer.
To succeed with the new legislation, today’s marketers must place emphasis on trust and transparency. Customers are more likely to disclose purchasing and personal information with a business that they know, like, and believe in. Enabling trust requires being upfront and honest about the organization’s intentions and clearly demonstrating that an individual’s data is being treated with respect and held securely. If marketers can demonstrate that they are pursuing their target audience’s best interests, then they are more likely to strengthen engagement with customers and subsequently, create more accurate customer 360 strategies.
Becoming transparent does not mean just stating that the organization is compliant with recent laws. It requires a few significant infrastructure upgrades. These include proactively creating new data handling policies for the entire organization and enforcing them. In the age of data scandals like Facebook–Cambridge Analytica, an organization’s data governance policies and procedures should be prominent at every point of customer interaction. Begin with existing web properties that are customer facing and identify applicable state and regulatory cybersecurity requirements. Once the policies are enacted, make sure to train employees. The entire organization should understand the data policies. Each employee should know their role in enforcing corporate data procedures. For example, the marketing team should learn what permissions are required to add data to a customer profile.
Organizations should consider modifying their technology stack by adding secure analytics tools that can efficiently store, segment, and retrieve customer data on a narrowed, more micro-level. Data visualization software should be used to view customer data more holistically. This can help marketers better understand, control and stay accountable for how data is being leveraged. It is now part of the organization’s responsibility to be able to speak to what is being done with the information that is being collected throughout each stage of the process. By centralizing the collection, use, and storage of personal data into one system, information can be efficiently accessed when customers have questions about the usage of their data, and the organization can make changes as necessary.
Furthermore, marketers navigating this new legal territory should consider onboarding data technologists or specialists whose sole purpose is to connect digital analytics data to marketing initiatives. This frees up employees on the team who were once inundated with sorting through and making sense of customer information, to focus on the creative aspect of marketing – ultimately strengthening the effect of integrated campaigns.
Marketers should approach these new privacy rules systematically and look at this major shift in marketing as a positive. They should embrace the higher quality content that will result from a strengthened, transparent relationship with the consumer. This new legislation is written to encourage marketing teams to gather valuable data, freely given by a happy customer who is willing to contribute to an improved customer experience achieved through consent.