Annoyingly, I’m currently deluged by D-cup digital display ads, bombarded by basques and surrounded by smalls. With no recollection of visiting any related site, or of giving my consent to receiving these messages, I’m guessing my wife (or teenage sons!) has been doing some research on my Mac. Either that, or my unrelated cookie data has been sold on. Next year, however, my unsolicited lingerie advertising could be thrown into the digital laundry basket.
Enforceable from 25 May 2018, the European Union’s General Data Protection Regulation will strengthen individual data safeguards. Giving customers control over their personal information, it demands that organisations become accountable for why they need customer data, what they’re going to use it for, how they’re going to keep it secure and the legal basis – for example, consent and legitimate interest – that they’re using to process it.
In the future, people will demand that companies act as data-controllers and trusted custodians of their personal information
For many organisations, this is the first time they will have had to comply with a set of extensive data-protection laws. But data-driven marketers have known for decades that the value-exchange they offer needs to be grounded in data transparency and reciprocity. People are motivated to disclose accurate data about themselves, providing that marketers give something in exchange for it, and do so within a trusted framework. This means that the fidelity of information about people increases dramatically, allowing for better and more accurate targeting to (in theory) ever-more receptive customers.
However, businesses relying on reach and cookie-bombing, as opposed to pinpoint targeting, will be hit by GDPR – with a possible 50%-80% reduction in their addressable-audience prospect pools. Bulk personally identifiable information players, including cookie farmers, third-party list providers and information "enhancers", could struggle.
The implications for one-to-one marketing are clear, but, importantly, this also has an impact on how companies develop new products and behave, per se.
In an annuity-based subscriptions economy (with a surge in the number of new, personalised data-driven products and services), becoming more human-centric and respecting privacy will be central to achieving both initial and repeat business. If people don’t trust companies to keep their data secure, or think they’re going to do things with it they don’t like, then the whole booming subscriptions category is toast.
In the future, people will demand that companies act as data-controllers and trusted custodians of their personal information. Customers will increasingly come to consider the way companies deal with this as a brand differentiator. It’s clear: respect for data privacy needs to be a core brand value.
Rather than treating the implementation of the new regulation as a legal-compliance, box-ticking exercise, baking "privacy by design" into how they operate is a massive opportunity for organisations.
Marketers need to pull their data socks up, or risk being exposed. GDPR mustn’t be consigned to the bottom drawer.
Mark Cripps is the executive vice-president, brand and digital marketing, The Economist; board director, DMA UK