With terms such as “legitimate interests,” “fundamental human rights,” and “necessary and proportionate measures” standing out within the pages of the General Data Protection Regulation (GDPR), there is an understandable temptation for boards to leave privacy measures in the hands of their legal and compliance teams.
But compliance alone will not guarantee companies deliver their desired big data or CRM-driven commercial outcomes. The spirit of the new data laws is a simple one—providing more control, more transparency, and more meaningful choices for the consumers, in order to earn their trust. And who is best equipped to increase brand trust through consistent communications, experiences, and propositions? It’s the CMO.
It’s All About The Consumer
Marketers will be used to an operational reality where consumers call the shots. All the tools, methodologies, and instincts we have are honed to succeed in a world of savvy consumers who navigate through marketing’s “moments of truth” on their own terms. Marketers are, therefore, best placed to deal with new regulations that redefine B2C relationships and create brand communication about its data practices.
The GDPR enshrines a number of important consumer rights, such as the right to access, the right to be forgotten, and the right to data portability. It also strengthens conditions for consent, with brands required to obtain explicit permission to collect and process data for a specific purpose, through an easy-to-understand method. Companies will have to consider cookie consent management alongside their existing customer experience and relationship management policies.
But marketers also need to step back from these measures and ask: in this new environment, how do we secure, reinforce, and refresh a data-orientated relationship with our customers so they happily share their information?
Begin With The Brand
In updating privacy policies, consent mechanisms, and creating “privacy dashboards” in readiness for this new age of data regulation, CMOs must frame the approach in terms of their brand’s purpose, values, promise, positioning, and expectations of service and conduct.
CMOs must define the brand’s expectations of consumer privacy and data protection, taking into account the overall themes of the new regulations in terms of consumer control and consent, and brand transparency. While the legal minutiae of the regulations may change, these overriding principles and intentions will remain consistent. Rather than just interpreting and understanding the new regulations from a legal and IT perspective, broadly aligning the brand’s own privacy expectations with these principles will allow marketers to live alongside the new laws on a practical basis.
The Path To Consent And Transparency
CMOs should not deviate from their core multi-channel strategy just because the challenge at hand concerns data protection. The question is still about providing simple mechanisms for consumers to exercise their choices, and setting out in simple terms how the brand creates consumer value. But marketers need to recognise some historic baggage—while big data is a hot topic, little has been done to approach it from the consumer or privacy perspective. Marketing needs to break the silence.
Nowhere is this more important than in obtaining consent to data processing. But being successful here does not mean re-inventing the wheel—it means using what is already in the CMO toolkit.
This involves looking at the end-to-end customer journey—building entry-level consent at the start of the relationship, expanding consent across the life cycle by up-selling and cross-selling into new purposes or different types of information, and then establishing a process for defending or saving the consent you have established. Applying “business as usual” marketing activities to this area will help build the consent volume.
Rather than focusing on a single moment within the sign-up process, CMOs must widen the communications canvas. They should investigate the best places and times to set consumer expectations in advance of the “moment of truth,” through the company’s website or advertising, or using a customer call centre. The moment a brand confronts its consumers with their “meaningful choice” should not be the first and only time it proactively talks about data—instead, data should be discussed across the whole customer conversation.
In Pursuit Of Privacy And Security
A recent global survey revealed that almost a third (32%) of organisations fear they’re not equipped to deal with compliance because they don’t have the correct technology in place. To succeed, there has to be transformation and innovation—activities which CMOs are well-placed to lead. The touchstone issue is how changing regulatory regimes will impact the practice and norms in digital advertising. Data safety will be just as critical as brand safety.
CMOs need to scrutinise technologies and adtech partners to ensure the mitigation of regulatory risk does not come at the expense of marketing capability. Many are taking the simple route of anonymising data, therefore making the user unidentifiable and removing any possibility of using the data for targeted advertising. CMOs can also look to pseudonymisation, which swaps individual identifiers with an artificial identifier. But the dominant models of pseudonymisation have questionable uses post-GDPR in the real-time world of programmatic advertising. CMOs should seek out new approaches, such as dynamic de-identification, which enable the continuity of digital advertising strategy, the delivery of consumer privacy, and the security of valuable first-party data.
On the surface, the GDPR and new ePrivacy regulation may appear to be all about legal compliance. In reality, they are also about redefining the relationship with the consumer, and CMOs and marketing departments should play a key role in preparing brands for a new era of data regulation from the earliest stage possible. By aligning with the overriding principles of transparency and clear communication, as well as harnessing data protection technologies, they will be able to guarantee compliance while still delivering seamless consumer experiences.