Whether signing up to social media accounts, paying bills online or making purchases, we regularly give up all sorts of data about ourselves, without giving a second thought to how it is being used or stored.

And it’s not like this information is banal or unsubstantial, we’re talking about our banking information, contact details, address, and social media posts about our daily lives. Even our browsing history is stored digitally as a record of our online activity.

It’s no secret that businesses regularly use the information we provide them to create “consumer profiles” that they can use to target us for specific adverts, or to create a more personalised shopping experience.

However, as of May 2018, new EU wide regulations will create much stricter guidelines on how businesses and organisations gather, use and store our information, potentially disrupting how brands provide the kind of personal experience we’ve become accustomed to.

The General Data Protection Regulation (GDPR) will create a series of protocols for data usage, requiring companies to comply with a number of new measures, including:

- Asking customers for consent or permission to use personal data
- Making it possible for customers to transfer personal data between organisations
- Guaranteeing customers the “right to be forgotten” and ensuring the deletion of their personal data from a company database on demand
- Making better use of technology to guarantee the security of customers’ personal data

On the face of it, these changes will make it harder for businesses to continue adapting services to suit our individual preferences. But they also present new opportunities for an even more targeted and personalised experience in a way that is beneficial to both consumers and businesses.

Data collection best practice

GDPR is essentially a form of data collection and usage best practice, backed by legislative authority. The regulation does not stop businesses from gathering and storing customer information, it simply requires that consumers opt-in to having their data stored and used, and that they are fully informed of how the information will be used.

Customers must also give consent each time a business wants to collect their data and be clear what the purpose of the collection and storage is. For example, if a customer provides their information online via LinkedIn – to gain access to a research paper – the organisation can no longer just add the same information to an email marketing list.

The same goes if a retailer collects a customer’s email address when they buy something. In the past, the retailer would have likely stored the email address and customer information on a database to be used for future promotional campaigns. GDPR will stop businesses from doing this and the customer will have to be asked to provide their data specifically for future marketing activity.

Creating personalised experiences customers want

As well as requiring customers to opt-in to having their data stored, GDPR also requires a business to delete information immediately on request.

This, however, just means that businesses need to do more to make it worth a customer’s while for them to give up their information, and puts more emphasis on the need to create personalised shopping experiences.

Requiring customers to opt-in to having their information saved also means businesses are given the chance to interact with a more engaged customer base. After all, if a customer consents to having their data stored, they are more likely to be interested in the information they receive.

This consent also makes it easier for businesses to work out how to engage with certain customers. If a consumer gives permission to receive information on email a business can put more effort into creating personalised email marketing campaigns to engage with them.

Businesses will also be forced to be more creative in the content they produce to entice customers and, in the end, consumers will benefit from this new approach.

Keeping customer data secure

Despite our seeming willingness to part with personal information, two-thirds of consumers (67%) do harbour some concerns about how this data is used by brands, according to research.

GDPR requires companies to implement “privacy by design” policies with much stricter procedures in place for the protection of customer data. Again, while this does put more pressure on brands and organisations, enforcing stricter guidelines and penalties for data protection issues will likely increase consumer confidence in the long run.

If consumers can be reassured that their information will remain secure, it is a fair assumption that they will be less concerned about handing that information over. Once this happens the business can continue creating the personalised services they need to stay ahead of the game.

There is no doubt that GDPR is going to change a business’ relationship with its customers data. From the initial collection process to keeping the data secure, businesses will be under more pressure and face greater scrutiny.

However, GDPR does not signal the end of personalised services and, within a tougher regulatory environment, actually creates much better opportunities for those businesses able to be agile and innovative with how they put future marketing and consumer campaigns into action.


By David Duke, chief marketing officer at Visualsoft


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/

comments powered by Disqus