Businesses in regulated markets don’t have to choose between satisfying their customers and regulators, because compliance and CX isn’t a zero sum game.
Yet with the right tools and focus, they can do both.
Customer expectations are perhaps higher than ever. Conditioned by the interfaces dreamed up by Cupertino’s and Silicon Valley’s finest, we expect things to just work.
And those expectations don’t exist in a vacuum – we carry them with us into other areas of our lives, demanding equally great experiences from banks, retailers, and almost anyone else who provides us with a service.
For example, Salesforce research found 74 percent of consumers are likely to switch brands if the checkout process is difficulty, while 50 percent said they’d go elsewhere if a business doesn’t anticipate their needs or provide an easy-to-use mobile experience.
It’s a particular challenge for businesses in regulated markets who have to carry out due diligence on their customers. These kinds of checks can add friction to an onboarding experience and give already flighty customers reason to abandon sign-up and go elsewhere.
Worse still – regulation is a moving target! To stay compliant, businesses have to continually adjust their processes to keep up with changes in regulation, leading to yet more risk of friction.
In financial services, for example, businesses are currently having to deal with new anti-money-laundering rules (The Fifth Anti Money Laundering Directive), the introduction of the Revised Payment Services Directive (PSD2) and ongoing compliance with GDPR.
The consequences of failing to meet these and other regulatory obligations are serious. Those found guilty of breaches potentially face massive fines (GDPR infringement can result in fines of up to four percent of a company’s annual global turnover or €20 million – whichever is greater) and prosecution, not to mention the bad publicity and damage to their reputation.
The cost of poor CX
It’s understandable that a business faced with these challenges might err on the side of caution and in so doing, introduce the kind of friction that makes for a lesser Customer Experience.
But while the risks associated with poor Customer Experience might be less tangible, they’re no less real.
Customer Experience consulting firm Walker predicts that CX will overtake pricing and product as the key brand differentiator by next year. Meanwhile, PricewaterhouseCooper’s Future of CX report found one-in-three (32 percent) consumers in the US will walk away from a brand after just one poor experience, while 54 percent say Customer Experience needs improvement at most companies.
Clearly, there’s a big opportunity cost to getting it wrong.
Again, traditional financial services have a particular problem here. Their fintech counterparts are more agile and, without the legacy systems and infrastructures of incumbents, are better placed to create great new experiences for customers – even if they’re subject to the same regulatory requirements.
Cathie Hall, Customer Experience Manager at identity verification specialist GBG, said: “Every single market is being disrupted by people who want the here and now yesterday; who don’t want to wait weeks to open an account; who don’t want to wait weeks to start a service or even get a product. They want what they want now and they want it personal to them.
“And in regulated environments and in a changing landscape, it’s very difficult to get that balance between compliance and the Customer Experience.”
Businesses need to find ways of complying with strict due diligence requirements without making it a chore for their customers, as the best Customer Experiences are frictionless, fast, and intuitive.
Reducing the number of key strokes, auto-populating as much customer information as possible, and performing background checks in real-time removes the burden of onboarding from the customer and speeds up the process, leaving less time or motivation for them to abandon the process.
Using technology to anticipate your customers’ needs and show that you respect their time also makes for a slicker experience that can instil confidence and trust in your brand.
It’s common in retail and other sectors, so if you’re operating in a market that struggles with abandonment, your customers are likely to already expect the same kind of experience from you…and if you don’t provide it, they may go elsewhere.
GBG and Customer Experience Magazine are hosting a free webinar, The Compliance and Customer Experience Conundrum, on October 3 at 11am, British Standard Time. GBG’s Head of User Experience, Henry Thomas, will share insights and CX hacks to inspire attendees.
Businesses in the UK today are very focused on bringing digital tools and tech into the heart of their processes.
You are a brave Marketing or Operations Director if you say that digital transformation is not at the heart of your 12, 24, or 36 month plan.
The benefits of embracing digital are observed everywhere: customers want to browse your products online, buy them online, find your store online, have their questions answered through prompt emails and chatbots, have their returns handled online, and so on.
And there’s plenty of tech vendors selling the dream – tech that enables and automates these processes – helping you to target customers with messages and offers tailored to their needs without any messy set-up requirements, easy to operate, cheaper-faster-better, and pain-free.
Sounds familiar…yet very rarely turns out like that, right? This is because you have to build your digital tech around the way your organisation works, not the other way around.
Less is more with technology, the focus is the customer journey
The reasons for disappointment in digital transformation projects are numerous, but at its core the problem tends to be the same – if you get to the stage where your people are supporting your tech instead of the other way around, you’re in trouble.
Many of our clients ask us for advice on their digital tools and data architecture and are frustrated that they have not obtained the benefits expected from their choice of Data Management Platform, or email service provider, or analytics package. Most often, the problem is not the tech, but the way that the tech has been configured (or not configured), compounded by the fact that the client has set up the tool in isolation from the other tools in their infrastructure. Buying new tools to replace and improve upon the tools’ already there is not the solution!
The solution comes from forensically focusing on identifying exactly what it is that the client needs to execute and configuring the tech for every use case. For large companies, this can require hundreds of use cases and data sets, and that can sound daunting. But that’s what’s required, for many reasons.
One specifically being it’s the law. GDPR requires all companies that hold customer data to have documented processes for the management and deployment of each customer interaction, by channel. To be compliant businesses need to painstakingly deconstruct and document the way they obtain, store, process and deploy their data in each use case anyway.
Another reason is that, whatever the martech salespeople say, the tools do not “seamlessly and automatically interface with your other tools”, or whatever other blasé statement they make to smooth the sale.
This type of mis-selling almost led to a disaster for an international client of ours embarking on a multi-million pound marketing transformation project. As we were specifying the solution, including tools and processes, our new client told us that one of the tools at the centre of their new process was being taken out of the scope, because they had been assured by the vendor that their tool would “set all the taxonomies for the data, and if anything changed, the tool would automatically ripple through all of the changes to the taxonomy…so we don’t think we need help with that”.
Fortunately, we had the experience with the tool and the communication skills to convince the client otherwise – the tool did none of those things and had no automated interface with the large number of data sources in the project. For the client, it was a near-miss; if we had accepted the claim of the vendor that the data would be set up and reconfigured automatically, the project would have been yet another digital white elephant, with everyone scratching their heads, asking what had gone wrong.
Businesses must re-think coordination and collaboration
The final ‘problem’ causing implementations to not go as planned is people. I like to say that any transformation project involves 30 percent of the work getting the tech set up right, and 70 percent “getting people to do things differently”. I’m not advocating that people’s processes and ways of working need to be radically reconfigured.The tools we use for digital marketing are not hard to use, and correctly configured, they should require little reskilling.
The core change that businesses need to make is around coordination: which means, getting people within and across teams to collaborate better, so that the business has a coordinated response to each customer interaction, rather than each team operating in its silo, sending emails, banners or coupons to solve each customer problem in isolation, because it is the only tool they have been given.
The key to success in deploying tools is for the business to be clear on the role for that tool and have a clear plan for how the data used by it will flow to and from other tools in the stack. You can be sure that you will be using different tools in a year’s time, so the instinct to make a decision that you can lock in for years to come is misguided.
You need a set of tools that remains flexible and focused on the tasks required, or you’ll soon find your infrastructure is out of date and not able to give your people the best available capabilities for serving customers. Tools should be just that – tools to do a job.
There is certainly plenty to think about with the rising cost of salaries, managing schedules to meet customer demand, looking after staff wellbeing, PCI DDSS compliance, and now the added requirements of GDPR (General Data Protection Regulation).
Initial concerns about how the new GDPR regulations would affect contact centres, in terms of increasing costs and complexity of managing enquires, have to some extent dissipated. For those contact centres taking payments and already PCI DSS compliant, it was a relatively straightforward process to embrace GDPR regulations. They had typically invested in secure technologies, encryption, and working with third party compliant companies in terms of PCI DSS. On the whole they were able to extend their technology and processes to protect personal data and meet GDPR requirements.
However, other organisations are still evaluating how new ways of streamlining processes can help meet GDPR data governance and management regulation, but are uncertain how to choose the best solution. We have identified three ways that contact centres can apply technology to help them remain compliant:
1. Mobile automated identification & verification (ID &V)
Often a significant amount of time can be spent on identifying and verifying the caller. Having a person perform this task is expensive and means that customer data is at risk. A customer engagement platform is an alternative way to offer a cost-effective, secure solution to automate the screening and identification process.
It can take the customer through set identification questions using Artificial Intelligence (AI) to simulate agent conversations, or it can use SMS text messages to authenticate the device being used. On initial registration and once the two-factor authentication process has been successful, the platform will accept and authorise payment requests that are automatically debited from the card holder’s account.
The advantage of this approach is that all information is encrypted and the agent is not exposed to any personal data, thereby complying with GDPR and PCI DSS. The data is processed and stored securely elsewhere. In addition, having signed up to the service, the customer has agreed to a data handling agreement that sets out how their information can be shared with a third party, ensuring confidentiality.
2. Customer self-service screening using IVR
Accepting credit and debit cards via IVR has long proved to be an effective and secure way of taking payments. It allows customers to pay quickly, via their own unique identifiers – a PIN, date of birth, even voice recognition. Again, reducing or removing agent contact time is a more secure way for contact centres and their customers to comply with PCI DSS. Since everything is fully automated and confidential, the client information is stored centrally and securely within the system hosting the data, taking it out of scope for both PCI DSS and GDPR.
Capturing customer data via IVR also enables calls to be routed to the right agent with the correct skills, in the event of a request to speak to an advisor. The agent then has all of the relevant information available to manage the call successfully, but with key identification data screened, thereby ensuring GDPR compliance.
3. Cloud-based third party payment solutions
The third option to consider, and one that has gained significant traction over recent years, is to choose a cloud-based payment service provider. A trusted third party that complies with PCI DSS demonstrates proven adherence to a recognised security standard, which can also help contact centres to meet the GDPR legislation. Companies can apply a process of ‘de-scoping’ to reduce the number of requirements (tick-boxes) for GDPR, in the same way that they might do for PCI DSS compliance.
Of course, like PCI DSS compliance, the responsibility for GDPR cannot be entirely removed from the contact centre, however the effort required can be dramatically reduced by working in partnership with a payment solution provider.
Aligning GDPR and PCI DSS: the route to successful compliance
There is no doubt that GDPR has improved standards around privacy and data protection, but at what cost? Contact centres that have worked hard to blend people and technology to enhance data and payment processes in the last year, have typically done everything they can to comply with both GDPR and PCI DSS.
For the rest, the good news is that it’s not too late to review what’s in place and make the switch, to new technology and/or a third party solution provider, to enable a secure, multi-channel seamless route for customer payments. The choice is there for the taking.
UK businesses have struggled to handle an upswing in personal data access requests since General Data Protection Regulation (GDPR) came into force, it has been revealed.
Research by business process outsourcer Parseq was conducted following the first anniversary of GDPR, and shows that two-thirds of UK businesses (63 percent) saw an increase in data access requests from customers and their own employees in the 12 months following GDPR’s introduction in May 2018.
One-in-ten (10 percent) businesses experienced an increase of more than 50 percent in the volume of requests. This rose to almost a fifth (17 percent) for businesses with a turnover of £500m or more. Almost nine-in-ten (87 percent) businesses that have seen an increase in requests reported they had found effectively responding to them challenging, citing complexity (54 percent) and cost (54 percent) as the biggest obstacles.
A third (34 percent) of businesses that had experienced an increase in data access requests cited a reliance on paper documentation as a barrier. This figure rose to 47 percent for businesses with a turnover of £500m or more, tying with a lack of time as their second most frequently flagged hurdle after cost.
Under GDPR, individuals can submit a data access request free of charge to receive a copy of personal data that organisations hold on them, along with information on factors such as why their personal data is being used. In general, GDPR requires that organisations must respond to data access requests within one month.
Craig Naylor-Smith, Managing Director at Parseq, said: “GDPR made it easier for people to access their personal data from organisations. With this power at their fingertips, we expected to see that data access requests would rise. However, the fact that so many firms have struggled to respond to the surge in requests suggests that the pressure this has put on businesses has been greater than they anticipated, or that many were simply unprepared for what GDPR would bring.
“It could also have been affected by the August 2019 deadline for consumers to claim back Payment Protection Insurance, with individuals possibly using data access requests to help them uncover information to support their claims.
“What’s particularly interesting to see is that so many businesses state a reliance on paper documentation as a barrier. The digitisation of paper documents can make personal information easier to process and manage, make data access requests easier to respond to and, ultimately, help businesses use data to deliver innovative services in an increasingly competitive, digital landscape.”
In the scramble to achieve last-minute compliance before the General Data Protection Regulation (GDPR) deadline last year, many companies engaged in some ‘privacy theatre’ – adopting basic consent models, and meeting the requirements just enough to comply with the new law and avoid fines.
With this kind of minimal compliance mentality, it should come as no surprise that consumers don’t feel much has changed for them when interacting with companies.
Only 31 percent of consumers think their overall experience has improved since the introduction of GDPR and 40 percent don’t feel companies take data breaches seriously, according to a recent Marketing Week study. In only aiming for the lowest GDPR bar, firms have missed the opportunity of turning consent and privacy in to a way to build relationships, earn trust and gain a competitive advantage.
To provide truly engaging digital experiences, businesses must set their sights on a higher level of customer-centric data management that goes far beyond the essentials. Indeed, the biggest mistake we’re seeing in GDPR compliance is leaving the decisions to the Legal department. Too many marketers think that it’s “someone else’s job” and just wait for the lawyers to give them consent language for yet another grey cookie banner. It is vital that marketing take a central role in turning privacy from a compliance issue to a competitive advantage of superior customer experience and loyalty.
The GDPR impasse: a matter of perception
Marketers know that content is what hooks the attention of consumers and keeps them coming back time and again. But that content needs to be tailored or personalised so we can deliver the right messages to the right audiences at the right time. Data is a critical component to creating the right segments, assigning individuals to those segments, and testing the effectiveness of our messages. For that reason, organisations must be focused on exceptional data practices that maximise consent and therefore effectiveness of the personalisation and content stack.
Personalisation can both make or break consumer trust: it can benefit them by adding relevance and value, but it may also fuel privacy issues because consumers are concerned about how their data is collected and used. Despite the appetite for meaningful, personalised content, when it comes to gaining consent businesses still encounter resistance from consumers.
But consent doesn’t have to be an obstacle for organisations or consumers. Rather than operating on a purely functional approach that gets consumers to click and continue – making the organisation legally compliant – if it is well-handled from the start of the marketing funnel, consent requests can be the launch pad for creating deeper understanding of your consumer and in turn providing them with the options they prefer when browsing.
Today, organisations face, on average, a 50 percent bounce rate and 25 percent of consumers running ad-blocking technology. These visitors are completely opting-out of your marketing technology, but are invisible to your consent statistics if you only view “yes vs no” consent resolutions. Those organisations that build earning trust and gaining consent as part of customer experience will earn a higher share of consumers in the technology system and therefore gain structural competitive advantage in the market.
Turning obligation into opportunity
The way businesses ask for consent matters. Intrusive pop-up forms and cookie walls not only interrupt activity, but also leave consumers with a sense of powerlessness; 59 percent say companies don’t allow them to browse their websites unless they share personal data. If businesses want data access, they must reduce friction, and view consent as the first touchpoint of the consumer journey – an opportunity to set new, mutually beneficial rules of engagement. In the case of cookie walls, companies are asking consumers to give access to their personal data and enable tracking before the consumer has even decided if there’s anything valuable on the site. That’s a difficult value proposition to scale.
Put simply, the consent request needs to be a positive experience. Companies need to make this initial interaction a preview of the compliant, customer-focused communications and services consumers can expect after sharing data. In practical terms, this means outlining exactly how and why data will be used, and giving consumers a choice. For example, firms might use an expandable form that restricts disruption by enabling consumers to opt in for multiple sharing purposes at once and, crucially, reject each one if they wish.
By prioritising transparency and consumer control from the offset, companies can boost the odds of gaining consent, as well as encourage individuals to continue along the funnel.
Identifying the consent line
Equally as vital as an enticing welcome is knowing where to draw the line. Given the starring role data plays in determining how online content should be tailored and delivered, it’s easy to see why marketers are especially tempted to collect as much data as possible. But from the consumer perspective, hungry data requests can feel intrusive, increasing the likelihood that they will both lose trust and refuse consent.
Before making consent appeals, businesses should carefully consider how much information they realistically need. More often than not, firms have much of the data necessary to drive impactful content, but not in a unified state. By embracing agile technology that can plug into isolated systems and blend existing pools of freely-given data, organisations may find they already hold a near-complete view of consumers. Combined with other, non-personally identifiable insight – such as recent web-browsing activity and keyword search – this data can help them achieve relevant and contextually appropriate digital marketing. And by issuing reasonable requests that have a higher chance of positive response, this data foundation can be further supplemented to offer optimally meaningful and effective content.
Organisations need to also consider asking for just the data and consent they need to improve the experience. Many sites today ask for geo-location data on first page load – a request that many consumers are likely to refuse as they don’t perceive the value to them. Waiting until a location search, and suggesting sharing geo-location data as a way to improve results – yields higher consent rates, happier consumers, and increased trust.
Forging lasting consumer bonds
Consent isn’t a one-and-done process, and neither is consumer engagement. To prove they are worthy of consent and loyalty, companies must persistently strive to provide high-quality experiences. On the marketing side, this means ensuring interactions are tailored, seamless and consistent throughout the consumer journey. Mismatched branding across mobile and desktop, broken links and low-grade content can be just as damaging to consumer trust as irrelevant ads or overly frequent emails. Businesses must focus on the finer details; sustaining revenue and credibility by maintaining genuinely valuable and accessible, cross-channel content.
Similar principles also apply to data privacy: organisations need to demonstrate a continual dedication to protecting consumers. In the short-term, companies should ensure they have a complete picture of individuals so that preferences can be accommodated no matter which screen or platform they are using. In the longer term, it is essential to allow room for change; ensuring consumers can easily access and adapt their preferences at any time.
There is a growing requirement for companies to shift their attention back towards the real driver of their success: consumers. Amid rising regulation and awareness of how businesses use personal data, consumers understand their rights and are determined to exercise them. To guarantee future prosperity, businesses must up their data and content management game: moving past the compliance minimum to implement consent processes and deliver positive digital experiences centred around the real needs of today’s privacy-conscious customers.
Organisations must treat privacy, consent and data security as customer experience issues. Those that do will get access to more customers and drive better personalisation in the years ahead.
The digital landscape is continuously evolving and with that the volume of data created and shared grows exponentially month on month.
High profile data breaches and the implementation and enforcement of GDPR have really brought home to customers that their data is of enormous value and that they have explicit rights to consent to its storage and use.
For millennials and Gen X, who may have had the comfort of growing up around emerging technologies and the birth of social media, the use of data may have been apparent early on. Online domains have further highlighted that data is being collected and used to match people to the products it assumes they either want or would like.
When it comes to personal finances, this can be a prickly subject, as in the past major data breaches and mishandling of data have eroded customer trust. However, when handled responsibly, customer data can be used by personal finance providers to offer better solutions and outcomes – something many customers have yet to realise.
Trust in a business and its services is essential to success. In personal finance, it’s about giving customers the tools they need to feel fully in control of their finances, whilst still making sure that there’s people on hand to help. Human interactions are still as important as ever in the financial decision-making process. With that in mind, having someone in your business to bridge the gap between customers, their data and the regulatory landscape, is crucial. That’s where the Chief Customer Officer comes in.
One prime example of the advantages data can bring for customers, is the innovation being made possible by the UK’s Open Banking initiative. People have become increasingly aware of their personal credit scores thanks to a host of places offering free access. In some cases,historical credit data alone may not be enough to satisfy a card, mortgage or loan application – and in those cases, Open Banking has been revolutionary.
A lot of what’s required to determine whether a product is suitable can be found in an applicant’s bank account, where evidence of income is relatively easy to verify. Those with thinner credit files or irregular incomes, such as the self-employed, people new to the UK, or younger borrowers who are yet to build a comprehensive credit file, have the most to gain from Open Banking. Through this route, the data gathered, allows a better sense of an individual’s income and expenditure, resulting in the best possible product being matched to that person.
Open Banking is used as a tool to complement existing practices, allowing a more comprehensive view of a borrower’s information and circumstances, that couldn’t have been achieved through credit data alone, to present a better, broader and often cheaper range of personalised offers.
In recent years, the regulatory landscape has become much more consumer-centric, as seen by the likes of PSD2, a directive that ensured consumers were protected in a more digitised sphere. An era of block consent is being superseded by one of explicit individual consent. Organisations who embrace technology, are paving the way for future innovations and as a result will be able to deliver a higher degree of personalisation for each customer.
Customers can now choose to unlock the power of their data for their own benefit. Data is set to work towards their preferred outcomes and not merely to enrich those organisations with the privilege of accessing it. By experimenting with Open Banking and cloud services, Freedom Finance has been able to make the borrowing process easier for customers, while at the same time delivering a customer journey with consent at its core.
Customers of the future will demand better services that reflect the technology available. The challenge will be for all businesses, not just financial services providers, to find how the best elements of that technology can be combined with human guidance.
Every customer deserves to be treated fairly and with respect.
It sounds simple enough, yet many company policies, procedures, and attitudes create unnecessary barriers – especially when it comes to vulnerable customers.
From plastic surgeons to bankers, there is a growing realisation that organisations are often falling short in good practice when it comes to vulnerability. Moves are underway to regulate industries in order to deliver services with a greater customer focus.
Who are your vulnerable customers?
Vulnerability is not set in stone. According to the Financial Conduct Authority, “Vulnerability can come in a range of guises, and can be temporary, sporadic or permanent in nature.”
Any of us might be fully capable today, but a sleepless night before a stressful job interview might leave you less able to focus tomorrow. Throw in the news that, for example, a close relative has been in a serious accident, and suddenly dealing with everyday tasks becomes a challenge. Emotionally vulnerable and unable to fully focus, it makes all the difference when others are understanding, patient, and respectful.
Identifying vulnerable customers is not easy, especially when it is a dynamic state. An organisation can better meet a customer’s needs if they are made aware. Being open and honest about a condition or situation can be helpful, but disclosure is not straightforward.
Five challenges of disclosing a vulnerability
In order to inform others of the specific support needed to access and use their services, an individual has to:
Be aware of their needs: A person with dementia or impaired cognitive learning is not going to necessarily recognise that they are any different from anyone else. Equally, some conditions may not be diagnosed.
Admit their needs: Would you notice that your hearing has faded or that your habits have become addictions that impact on everyday life?
Understand how disclosure will benefit them: This is very personal information and most people would prefer to keep it to themselves, unless they can see the benefits.
Trust the individual and organisation: How will the information be used? Who will have access to it? Will it have a negative impact on the service received?
Have the right opportunity to share the information: If the frontline staff are unapproachable or the environment is not conducive to a private conversation, it is unlikely that disclosure will occur.
One clear objective is that every organisation has smart data systems in place to record information that is disclosed. The focus is on ensuring sufficient continuation to support a ‘tell us once’ approach. Another focus is on building staff awareness through Vulnerable Customer Training. The aim should be to develop a customer-focused company culture, where the stigma of vulnerability is removed.
It is only when everyone is engaged in the process that consistency in approach can be achieved. As such, all employees should be equipped to spot the signs of vulnerability, respond appropriately, and ask the right questions in order to deliver the best outcomes. The awareness and skills can also come into play when colleagues are in need of additional support.
Disclosure and GDPR
If individuals share information, they expect it to only be available to those who need to know and only for the purpose of improving customer service. This throws up the question of how organisations store and protect personal information in line with GDPR.
Having researched good practice, my recommendation is to be solution focused. In most cases, it is not necessary to know the cause of the vulnerability.
Employees should be encouraged to steer the conversation to what an individual requires in order to access and use services. The data may simply say that this customer needs a longer appointment slot or should be provided with information in large font. This greatly reduces the risk of personal information being shared.
How can organisations encourage customers to disclose vulnerability?
Addressing all of the points raised in this article, I advise companies that wish to treat every customer fairly and with respect to:
Create and implement a vulnerable customer policy that can be responsive and flexible to individual needs
Train all staff to build awareness, competency, and consistency across all departments
Develop a supportive, solutions-focused culture that encourages disclosure
Be proactive in understanding the customer journey and remove the barriers to make their services more accessible and inclusive
Use data systems to effectively support customer service excellence
It should not be difficult for any individual to access and use the services they need. No matter what industry, being fair and respectful is simply good practice.
Mastering the balance between exceptional Customer Experience and data protection legislation isn’t easy, and many businesses are unintentionally teetering on the edge.
Ironically, in a bid to meet customer needs with hassle-free digital services, some companies have missed the regulation mark with 200,000 reported GDPR breaches and fines totalling €55.9 million, so far. Walking the line between compliance and delivering great customer experience takes skill – brands must identify and stick to the perfect middle pathway; starting with a clear understanding of the factors that can send them off course.
Top-heavy convenience impedes privacy
Efficient services are vital in the digital age; customers want experiences to be fast, simple, and streamlined. In fact, 26 percent will abandon online checkouts if processes are too complex. But companies focusing solely on convenience are putting themselves at risk of not only breaching regulation but also losing the trust of their customers.
While convenience matters, it shouldn’t surpass compliance and choice. A recent investigation by brand comparison site Which?, found a number of potential regulation breaches in e-receipts. By providing opted-in paperless proof of purchase, brands sought to improve customer experience, providing an instant buying record that enables easier returns or exchanges. However, the inclusion of unwanted marketing messaging in the emailed receipts, for which retailers had not received consent, meant many were breaking the rules of GDPR lawand seemingly ignoring customer preferences.
Impenetrable defences dissuade customers
Following laws such as the GDPR is non-negotiable if firms want to avoid sizeable fines and reputational damage. The companies that embrace regulations will reap the rewards by demonstrating their dedication to protecting consumers’ data and will have a much greater chance of building lasting confidence and relationships: 84 percent of consumers cite good data security as a central factor in spending decisions. However, the introduction of safety measures and privacy protection can sometimes become obstructive itself.
As noted by Jeff Bell, Forbes Technology Council member and CEO of LegalShield, “excessive regulation leading to poor customer service” is high on the list of potential unintended GDPR consequences. For example, trying to mitigate all consent issues by installing a different opt-in widget for every single cookie is more likely to leave consumers feeling exasperated than empowered. Not to mention causing disruption to their journey that could result in negative brand perception.
And it almost goes without saying that extreme action such as blocking EU site visitors is a one-way ticket to loss of audience; the Chicago Tribune, for instance, has blocked all European readers from seeing its content since the GDPR arrived, an approach that can be seen used across a variety of US publishers and ecommerce sites.
Usability is the key lesson here. Companies must aim to build robust data defences that effectively mitigate privacy risks, without making it impossible for customers to get through.
Equilibrium: the answer to the ultimate Customer Experience
The value of CX is self-evident; amid increasingly tough competition and rising acquisition costs, success belongs to those who forge the deepest personal connections. But recognition of the most critical element remains limited: maintaining a consistently even balance. If businesses want to create memorable journeys and impactful interactions that fuel positive results, they need to provide the right blend of speed, simplicity, and data security.
Of course, the ideal mix varies for each brand. Among the best examples of current leaders is IKEA; despite famously poking fun at the GDPR, the company still sent out opt-in emails to ensure sustained contact with existing customers, and continuously uses data well. Drawing on fully consented membership insights, it highlights genuinely relevant discounts and provides unexpected yet impactful bonuses, such as in-store café freebies.
What every organisation must remember is that while convenience might attract customers, measured compliance is what makes them stay. So, there should always be two core components in place: clear and efficient data options that are easy to use, and holistic insight management. Only by unifying the information customers share can companies gain the full 360-degree view needed to define each individual’s ideal experience and deliver it.
Happy customers are returning customers; they are the ones that will leave positive reviews on social media websites and lift a company’s reputation.
There is no doubt about it, King Customer is ruling the roost and needs to be courted. But the game has changed – it’s 2019 and customers are aware of their privacy rights, newly reinforced by GDPR, and also of the ever-growing danger posed by hackers. Let’s look at the most important factors that have changed the face of customer service forever.
Word on the virtual-street
Brands need to understand that today’s consumers can exert an unprecedented amount of power by voicing their opinions and (dis)satisfaction via numerous communication channels. From email and phone to social media and live chat, customer engagement is at an all-time high.
However, the challenges have also increased. Complaints and less favourable reviews on sites like Trustpilot and Facebook can spell big trouble for businesses. An unhappy customer who might once have complained to the customer service desk can now tell the whole of the internet about it, and as H&M, Pret a Manger, and SnapChat can testify, negative publicity can have a terrible effect on reputation, which frequently translates to a downward direction for revenue and share prices.
Another sure-fire way to tarnish brand reputation is by mismanaging customers’ personal information. In 2017, 2.5 quintillion bytes of data were created each day, and the pace is only accelerating –by 2025 worldwide data is expected to grow 61% to 175 zettabytes. The potential of ‘big data’ to improve our lives by identifying health trends, predicting our lifespans, and selling us things we want to buy, is undeniable.
Considering this, it is no surprise that businesses are holding more data on their customers before. In fact, customer information is the backbone of a range of business processes. However, we need to consider why we are keeping all this data – for marketing? Or just in case? While these might have been acceptable reasons previously, under the rules of the GDPR, they no longer are.
Regulating the service
Regulations offer a great deal of protection to brands as they eliminate any ‘grey areas’. 2018 was a big year for privacy with the EU GDPR coming into force and over in the United States, the California Consumer Privacy Act (CCPA ) was signed to come into effect in 2020. There is a lot to think about for companies taking card payments already, especially in terms of Payment Card Industry Data Security Standard (PCI DSS) compliance. For those in the financial services sector, additional regulations by the Financial Conduct Authority (FCA) come into play.
The 2018 Cyber Security Breaches Survey found that 43% of UK businesses were a victim of a cybersecurity breach in the last 12 months, while Action Fraud reported that victims of cyber fraud lost £34.6 millionbetween April and September 2018, an increase of 24 percent compared with the previous six months. Therefore, it is of utmost importance for a business to ramp up their cyber security to be a match for the modern fraudster. Otherwise, their customers might fall victim to so-called ‘carding’ – the theft and resale of credit and debit cards.
One report revealed that Russian hackers were offering a six-week programme for $945, teaching aspiring cybercriminals how to find legitimate credit card data for sale and hacking into PayPal accounts. The damage caused to consumers by having their credit card details stolen was £4.6bn from British internet users and£130bn worldwide, and we don’t need to guess what that does for the customer satisfaction rating.
But it doesn’t have to get this far – businesses can take a variety of steps to avoid a data breach, including self-contained native apps to increase purchase safety, endpoint protection, anti-spyware, and antivirus software. Artificial intelligence is also bad news for cybercriminals and is getting more sophisticated all the time. AI solutions can monitor and respond to cyber-attacks in real time, enabling IT security professionals to detect threats they couldn’t before and improving their overall effectiveness.
Smiling was yesterday
While smiling is still part of the job, it is no longer enough to keep demanding customers happy. Instead, 21st Century customer service is about taking responsibility for the safety of valuable customer data. Businesses have to acknowledge that today’s customers are aware of their privacy rights, therefore data collection and storage transparency are vital to build and maintain brand loyalty. Thanks to regulations, clear responsibilities are assigned to companies, enabling them to meet customer’s demand for privacy and protection.