Skip to content Skip to footer

Data protection: legislation vs personalisation

As brands leverage vast amounts of data to get personal with consumers, Finn Raben, director general at ESOMAR, explains that there shouldn’t be any ‘tension’ between privacy and personalisation as they can both coexist side by side. 

The digital evolution has created a number of new trends over the last decade, from the explosion in granular customer experience technologies, to constant always-on data collection. This has created a new normal in digital offerings to consumers, and at the heart of that is personalisation. Being able to provide relevancy to consumers has been key in communications for years, and the current environment of hyper-competitive brands and marginal gains means that personalisation in marketing and communications has never before been thought to be as important. But let us be clear, personalisation at the right time, is the key, not personalisation all the time.

However, recent data legislation on both sides of the Atlantic has rocked the boat of personalisation. When the GDPR came into effect last year, our inboxes were full of re-opt in campaigns, and as the date ticked over to the day of legislation even some US websites were closed to EU citizens as companies struggled to align themselves with the new laws – this despite an official 12-month early warning and alignment period. The knee jerk reaction to all of this was a general feeling that GDPR would hamstring companies’ efforts to personalise and communicate with their customers. January next year will see California introducing similar data legislation, yet many US efforts to bring in new data laws have been met with fierce lobbying from big tech and business.

One of the key issues that big tech and business are missing, however, is the appetite from the public for tighter legislation (and greater transparency). ESOMAR’s own study data – co-conducted with HERE Technologies – suggests that 3 in 4 UK consumers are concerned about sharing personal data, and 89% of people in the UK feel government legislation is essential for protecting against misuse of personal data. And with data scandals becoming an almost monthly occurrence, who can blame them?

However, tighter legislation doesn’t mean the end of personalisation or the extreme value of consumer data. It can in fact push you to better long-term data practices for your business that will not only improve your marketing and communications, but will also build trust and potentially have a positive impact on your bottom line – over a third of UK consumers stated they would be more likely to buy products, or use services if they knew the business was storing and using their data in the way they should.

Challenge is opportunity

GDPR should only be a challenge if you’re making a real mess of data collection and personalisation. New data legislations do not stop you collecting consumer data, but instead push you to be more ethical and transparent and ensure that your systems are continuously being kept up to date and shedding data that is no longer relevant for you as a business. Instead look at it as an opportunity to build trust and streamline your data systems. Be data smart and adopt a philosophy of data dignity in your corporate social responsibility programme.

With the introduction of GDPR many felt that it was at odds with a sector that was increasingly collecting more customer data to provide a greater understanding of their customers’ preferences and purchase histories. This was also coupled with a sudden fear that you would lose a huge amount of your database through re-opt-ins and permissions, which is why many of us were bombarded with a digital ton of email campaigns running up to the introduction date. While the GDPR was created in isolation by the lawmakers, it was through the successful lobbying of organisations such as ESOMAR that ensured that the voice of business was both considered and listened to.

Key principles such as purpose limitation, data minimisation, accuracy, and storage limitation, in no way act as barriers for collecting and using personal data. What they do instead is make sure you are only collecting what you need and are storing only that customer and consumer data that is still relevant. If anything, this should ensure you are keeping your datasets clean and effective. While purpose limitation, or legitimate interest, actually means that if you have a legitimate interest to do something – including personalised offers based on preferences – you do not need further specific permission to use personal data for this.

The right to be forgotten is also an element to GDPR that has some marketers and customer experience people shook. However, this should only be an issue for companies that are providing a bad service or poor personalisation. Personalisation is about increasing relevance for consumers at the right time, based on preferences and purchase histories. Frankly, if your customers are requesting to be cleared from your databases, you’re not doing a very good job of using their data in the first place, and legislation is not your key issue.

You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.