UK businesses have struggled to handle an upswing in personal data access requests since General Data Protection Regulation (GDPR) came into force, it has been revealed.
Research by business process outsourcer Parseq was conducted following the first anniversary of GDPR, and shows that two-thirds of UK businesses (63 percent) saw an increase in data access requests from customers and their own employees in the 12 months following GDPR’s introduction in May 2018.
One-in-ten (10 percent) businesses experienced an increase of more than 50 percent in the volume of requests. This rose to almost a fifth (17 percent) for businesses with a turnover of £500m or more. Almost nine-in-ten (87 percent) businesses that have seen an increase in requests reported they had found effectively responding to them challenging, citing complexity (54 percent) and cost (54 percent) as the biggest obstacles.
A third (34 percent) of businesses that had experienced an increase in data access requests cited a reliance on paper documentation as a barrier. This figure rose to 47 percent for businesses with a turnover of £500m or more, tying with a lack of time as their second most frequently flagged hurdle after cost.
Under GDPR, individuals can submit a data access request free of charge to receive a copy of personal data that organisations hold on them, along with information on factors such as why their personal data is being used. In general, GDPR requires that organisations must respond to data access requests within one month.
Craig Naylor-Smith, Managing Director at Parseq, said: “GDPR made it easier for people to access their personal data from organisations. With this power at their fingertips, we expected to see that data access requests would rise. However, the fact that so many firms have struggled to respond to the surge in requests suggests that the pressure this has put on businesses has been greater than they anticipated, or that many were simply unprepared for what GDPR would bring.
“It could also have been affected by the August 2019 deadline for consumers to claim back Payment Protection Insurance, with individuals possibly using data access requests to help them uncover information to support their claims.
“What’s particularly interesting to see is that so many businesses state a reliance on paper documentation as a barrier. The digitisation of paper documents can make personal information easier to process and manage, make data access requests easier to respond to and, ultimately, help businesses use data to deliver innovative services in an increasingly competitive, digital landscape.”
In the scramble to achieve last-minute compliance before the General Data Protection Regulation (GDPR) deadline last year, many companies engaged in some ‘privacy theatre’ – adopting basic consent models, and meeting the requirements just enough to comply with the new law and avoid fines.
With this kind of minimal compliance mentality, it should come as no surprise that consumers don’t feel much has changed for them when interacting with companies.
Only 31 percent of consumers think their overall experience has improved since the introduction of GDPR and 40 percent don’t feel companies take data breaches seriously, according to a recent Marketing Week study. In only aiming for the lowest GDPR bar, firms have missed the opportunity of turning consent and privacy in to a way to build relationships, earn trust and gain a competitive advantage.
To provide truly engaging digital experiences, businesses must set their sights on a higher level of customer-centric data management that goes far beyond the essentials. Indeed, the biggest mistake we’re seeing in GDPR compliance is leaving the decisions to the Legal department. Too many marketers think that it’s “someone else’s job” and just wait for the lawyers to give them consent language for yet another grey cookie banner. It is vital that marketing take a central role in turning privacy from a compliance issue to a competitive advantage of superior customer experience and loyalty.
The GDPR impasse: a matter of perception
Marketers know that content is what hooks the attention of consumers and keeps them coming back time and again. But that content needs to be tailored or personalised so we can deliver the right messages to the right audiences at the right time. Data is a critical component to creating the right segments, assigning individuals to those segments, and testing the effectiveness of our messages. For that reason, organisations must be focused on exceptional data practices that maximise consent and therefore effectiveness of the personalisation and content stack.
Personalisation can both make or break consumer trust: it can benefit them by adding relevance and value, but it may also fuel privacy issues because consumers are concerned about how their data is collected and used. Despite the appetite for meaningful, personalised content, when it comes to gaining consent businesses still encounter resistance from consumers.
But consent doesn’t have to be an obstacle for organisations or consumers. Rather than operating on a purely functional approach that gets consumers to click and continue – making the organisation legally compliant – if it is well-handled from the start of the marketing funnel, consent requests can be the launch pad for creating deeper understanding of your consumer and in turn providing them with the options they prefer when browsing.
Today, organisations face, on average, a 50 percent bounce rate and 25 percent of consumers running ad-blocking technology. These visitors are completely opting-out of your marketing technology, but are invisible to your consent statistics if you only view “yes vs no” consent resolutions. Those organisations that build earning trust and gaining consent as part of customer experience will earn a higher share of consumers in the technology system and therefore gain structural competitive advantage in the market.
Turning obligation into opportunity
The way businesses ask for consent matters. Intrusive pop-up forms and cookie walls not only interrupt activity, but also leave consumers with a sense of powerlessness; 59 percent say companies don’t allow them to browse their websites unless they share personal data. If businesses want data access, they must reduce friction, and view consent as the first touchpoint of the consumer journey – an opportunity to set new, mutually beneficial rules of engagement. In the case of cookie walls, companies are asking consumers to give access to their personal data and enable tracking before the consumer has even decided if there’s anything valuable on the site. That’s a difficult value proposition to scale.
Put simply, the consent request needs to be a positive experience. Companies need to make this initial interaction a preview of the compliant, customer-focused communications and services consumers can expect after sharing data. In practical terms, this means outlining exactly how and why data will be used, and giving consumers a choice. For example, firms might use an expandable form that restricts disruption by enabling consumers to opt in for multiple sharing purposes at once and, crucially, reject each one if they wish.
By prioritising transparency and consumer control from the offset, companies can boost the odds of gaining consent, as well as encourage individuals to continue along the funnel.
Identifying the consent line
Equally as vital as an enticing welcome is knowing where to draw the line. Given the starring role data plays in determining how online content should be tailored and delivered, it’s easy to see why marketers are especially tempted to collect as much data as possible. But from the consumer perspective, hungry data requests can feel intrusive, increasing the likelihood that they will both lose trust and refuse consent.
Before making consent appeals, businesses should carefully consider how much information they realistically need. More often than not, firms have much of the data necessary to drive impactful content, but not in a unified state. By embracing agile technology that can plug into isolated systems and blend existing pools of freely-given data, organisations may find they already hold a near-complete view of consumers. Combined with other, non-personally identifiable insight – such as recent web-browsing activity and keyword search – this data can help them achieve relevant and contextually appropriate digital marketing. And by issuing reasonable requests that have a higher chance of positive response, this data foundation can be further supplemented to offer optimally meaningful and effective content.
Organisations need to also consider asking for just the data and consent they need to improve the experience. Many sites today ask for geo-location data on first page load – a request that many consumers are likely to refuse as they don’t perceive the value to them. Waiting until a location search, and suggesting sharing geo-location data as a way to improve results – yields higher consent rates, happier consumers, and increased trust.
Forging lasting consumer bonds
Consent isn’t a one-and-done process, and neither is consumer engagement. To prove they are worthy of consent and loyalty, companies must persistently strive to provide high-quality experiences. On the marketing side, this means ensuring interactions are tailored, seamless and consistent throughout the consumer journey. Mismatched branding across mobile and desktop, broken links and low-grade content can be just as damaging to consumer trust as irrelevant ads or overly frequent emails. Businesses must focus on the finer details; sustaining revenue and credibility by maintaining genuinely valuable and accessible, cross-channel content.
Similar principles also apply to data privacy: organisations need to demonstrate a continual dedication to protecting consumers. In the short-term, companies should ensure they have a complete picture of individuals so that preferences can be accommodated no matter which screen or platform they are using. In the longer term, it is essential to allow room for change; ensuring consumers can easily access and adapt their preferences at any time.
There is a growing requirement for companies to shift their attention back towards the real driver of their success: consumers. Amid rising regulation and awareness of how businesses use personal data, consumers understand their rights and are determined to exercise them. To guarantee future prosperity, businesses must up their data and content management game: moving past the compliance minimum to implement consent processes and deliver positive digital experiences centred around the real needs of today’s privacy-conscious customers.
Organisations must treat privacy, consent and data security as customer experience issues. Those that do will get access to more customers and drive better personalisation in the years ahead.
Today’s consumers want it all – freedom to research purchases using any device (66 percent), the ability to visit stores if the internet doesn’t meet their needs (49 percent), and personalised advertising offers (26 percent) – all as part of a seamless, integrated experience.
Businesses recognise these rising demands; globally, almost two-fifths (34 percent) plan to adopt an omnichannel model in the next year. Yet meeting this goal can be challenging. Ensuring consistency, convenience, and relevance requires a comprehensive view of individual journeys: insight that isn’t easy to obtain when shopping activity is highly fragmented.
With CX rivalling price and product as a factor that matters most to customers, it’s crucial for retailers to understand the always-connected consumer by adjusting their measurement approach.
The troubled status quo
Most retailers are already striving to keep up with convoluted consumer journeys: using siloed, channel-specific tools and metrics to assess the impact of online and offline marketing efforts. And these silos are only getting deeper, especially when cookies are becoming less effective, privacy regulations are imposing stricter requirements on data, and walled gardens are preventing meaningful insights into the consumer journey altogether.
As a result, retail marketers are left with fragments of insight they must attempt to piece together, making it increasingly difficult to gain a complete view of how individuals connect with their brand across touchpoints. Little wonder only seven percent of firms have successfully implemented an omnichannel approach. Clearly, measurement must evolve to match modern consumer habits. If marketers want a precise picture of where purchase paths flow, how their initiatives perform and what form strategy should take, they need the right measurement solutions at their disposal.
Making the right measurement choice
Modern marketing measurement approaches can pave the way to better customer engagement; giving retailers the means to analyse interactions across every channel and device, evaluate the impact of each touchpoint on sales, and power smarter future decisions. But different measurement models serve different needs, which means retail marketers must select the approach that matches their data, channels and goals.
For example, marketing mix modelling harnesses summary level data to provide a holistic understanding of what’s driving sales, including online, offline and external factors that can affect product demand. It looks at the historical relationships between marketing spend and business results, and is most valuable for retailers who want to inform their strategic and periodic planning on an annual, half-yearly, or quarterly basis.
In contrast, methods such as multi-touch attribution offer more frequent, granular analysis. Leveraging household and person-level data from addressable channels, it measures the influence that each touchpoint – from ad creatives and offers to placement, keyword, recency and so forth – has on consumer actions in near real-time. For retailers looking to make tactical optimisations to live campaigns, multi-touch attribution is likely to be the best option.
Comprehensive media coverage matters
It goes without saying that marketing measurement relies on a steady and comprehensive supply of data. The more complete the coverage, the more accurate the analysis will be. But amid the growing emphasis on data security, media coverage gaps are increasingly common.
Measurement providers must therefore be chosen as carefully as the models, and maximum coverage should be a top priority. Finding a partner that has strong relationships with large media platforms, ways to track data despite cookie limitations, and methods to cross-check the accuracy of data sources is key for getting as much visibility into the omni-channel consumer journey as possible. Only then can retailers dissect the complex web of factors that affect consumer decisions and make smarter, more impactful decisions.
The value of preparation
One final and often overlooked aspect of successful measurement is preparing for the future. In the wake of the General Data Protection Regulation (GDPR) and an increasing focus on digital security, the utility of cookies has significantly diminished – and with the e-Privacy Regulation (ePR) due to be enforced in 2020, its value is only set to fade further.
This makes it critical to choose a provider with the resources and ability to adjust to the ever-changing marketing landscape. Declaring intent to plan for a cookie-less world isn’t enough; providers should also be proactively demonstrating their commitment to future proofing marketers’ measurement success.
As consumer preferences for multichannel shopping grow, it’s becoming increasingly difficult for retailers to make sense of the fragmented data they leave behind and understand true marketing effectiveness. Instead of siloed tools that are at odds with the needs of always-connected consumers, retail marketers need a modern measurement approach so they can drive performance to the maximum and put their marketing investment where it matters most to their businesses.
Mastering the balance between exceptional Customer Experience and data protection legislation isn’t easy, and many businesses are unintentionally teetering on the edge.
Ironically, in a bid to meet customer needs with hassle-free digital services, some companies have missed the regulation mark with 200,000 reported GDPR breaches and fines totalling €55.9 million, so far. Walking the line between compliance and delivering great customer experience takes skill – brands must identify and stick to the perfect middle pathway; starting with a clear understanding of the factors that can send them off course.
Top-heavy convenience impedes privacy
Efficient services are vital in the digital age; customers want experiences to be fast, simple, and streamlined. In fact, 26 percent will abandon online checkouts if processes are too complex. But companies focusing solely on convenience are putting themselves at risk of not only breaching regulation but also losing the trust of their customers.
While convenience matters, it shouldn’t surpass compliance and choice. A recent investigation by brand comparison site Which?, found a number of potential regulation breaches in e-receipts. By providing opted-in paperless proof of purchase, brands sought to improve customer experience, providing an instant buying record that enables easier returns or exchanges. However, the inclusion of unwanted marketing messaging in the emailed receipts, for which retailers had not received consent, meant many were breaking the rules of GDPR lawand seemingly ignoring customer preferences.
Impenetrable defences dissuade customers
Following laws such as the GDPR is non-negotiable if firms want to avoid sizeable fines and reputational damage. The companies that embrace regulations will reap the rewards by demonstrating their dedication to protecting consumers’ data and will have a much greater chance of building lasting confidence and relationships: 84 percent of consumers cite good data security as a central factor in spending decisions. However, the introduction of safety measures and privacy protection can sometimes become obstructive itself.
As noted by Jeff Bell, Forbes Technology Council member and CEO of LegalShield, “excessive regulation leading to poor customer service” is high on the list of potential unintended GDPR consequences. For example, trying to mitigate all consent issues by installing a different opt-in widget for every single cookie is more likely to leave consumers feeling exasperated than empowered. Not to mention causing disruption to their journey that could result in negative brand perception.
And it almost goes without saying that extreme action such as blocking EU site visitors is a one-way ticket to loss of audience; the Chicago Tribune, for instance, has blocked all European readers from seeing its content since the GDPR arrived, an approach that can be seen used across a variety of US publishers and ecommerce sites.
Usability is the key lesson here. Companies must aim to build robust data defences that effectively mitigate privacy risks, without making it impossible for customers to get through.
Equilibrium: the answer to the ultimate Customer Experience
The value of CX is self-evident; amid increasingly tough competition and rising acquisition costs, success belongs to those who forge the deepest personal connections. But recognition of the most critical element remains limited: maintaining a consistently even balance. If businesses want to create memorable journeys and impactful interactions that fuel positive results, they need to provide the right blend of speed, simplicity, and data security.
Of course, the ideal mix varies for each brand. Among the best examples of current leaders is IKEA; despite famously poking fun at the GDPR, the company still sent out opt-in emails to ensure sustained contact with existing customers, and continuously uses data well. Drawing on fully consented membership insights, it highlights genuinely relevant discounts and provides unexpected yet impactful bonuses, such as in-store café freebies.
What every organisation must remember is that while convenience might attract customers, measured compliance is what makes them stay. So, there should always be two core components in place: clear and efficient data options that are easy to use, and holistic insight management. Only by unifying the information customers share can companies gain the full 360-degree view needed to define each individual’s ideal experience and deliver it.