In less than four months, the European Union data regulator will begin enforcing the EU General Data Protection Regulation (GDPR) to strengthen the security and protection of EU residents’ personal data. Companies that don’t comply with the GDPR not only risk losing their customers’ trust, but they could also face fines of €20 million or 4 percent of global annual revenue.
Like many regulations, the GDPR is not an easy to understand or practical manual for how brands should go about protecting their customers’ data. Therefore, figuring out how to interpret it and making changes across your organization to adhere to the regulation will be an expensive undertaking on its own. The IAPP and EY predict that Fortune’s Global 500 companies will spend a combined $7.8 billion working to achieve GDPR compliance.
With more questions than answers, I’ve found that the complexities and costs associated with the GDPR tend to overshadow the many benefits for businesses across the globe.
Here’s why I think the GDPR is a good thing for brands:
It will cut the ‘data gossip’
Consumers expect the brands they buy from to adhere to strict standards around protecting personal data. They also expect brands to obtain consent for collecting their data in the first place. According to a recent study from Accenture, “87 percent of consumers believe it is important for companies to safeguard the privacy of their information.”
The GDPR will promote responsible use of data that aligns the law with customer expectations. Specifically, the GDPR requires that businesses be more transparent about how they collect and use data. This means the standard for valid consent will be far higher, and it will be difficult to rely on third-party consent.
As a consequence, marketing departments will likely need to reduce their reliance on third-party data. Third-party data is user or behavioral information that companies purchase rather than collect themselves. It is often aggregated from multiple websites and segmented based on user interests, demographics, shopping behaviors and more.
This data is often collected with questionable consent and shared across companies without explicit consumer permission. That’s why I call the act of companies sharing third-party data with each other “data gossip.”
If you’ve ever received an email promotion from a company you never shared your email address with, you’ve experienced data gossip. Your customers wouldn’t tolerate their grocer telling their banker what they just purchased, and data gossip is no different. Moving away from third-party data will improve customer trust, which in turn will boost your brand’s reputation.
Brands will have to personalize without compromising trust
Reducing third-party data usage doesn’t come without its challenges, however. Third-party data is often used to personalize customer experiences, and customers increasingly expect this. The Accenture study mentioned above found that “58 percent of consumers would switch half or more of their spending to a provider that excels at personalizing experiences without compromising trust.”
Many companies purchase third-party data to personalize their websites or show ads to a specific audience based on previous behavior. The problem for these companies is the last part: “without compromising trust.”
How can your company deliver on respectful, private and personalized experiences? The answer is by activating your own first-party data. First-party data is data on how your customers use your products or services. This includes information on which products a customer views or purchases from you, how often they visit your website or mobile app and even your CRM data.
First-party data is valuable for showing customers that you’re attentive to their needs, showcasing products that fit their interests, or removing irrelevant content. It also has many advantages over third-party data.
First-party data is not usually shared with other brands, which is beneficial for both your customers and your business. It’s typically more accurate than third-party data, as well, because it reflects actual customer behavior from your own channels (web, mobile, in-store, etc.).
Companies must ensure they always use first-party data in line with the principles of the GDPR: transparency, accuracy, fairness, minimization, purpose limitation and security. I believe the GDPR will accelerate trends leading away from third-party data and toward the ethical use of first-party data to deliver helpful, respectful customer experiences.
As a result, I think the GDPR is good for brands—even with its complexities.