Sales and marketing after GDPR is still a bit of a headache for many companies. Whose data can you collect, how can you use it, where should you store it and what will happen if anything goes wrong? It’s a lot to think about, that’s for sure.
Sales after GDPR: Still finding its feet
In early 2019, returning unwanted Christmas gifts got more awkward than ever, as some online retailers warned customers they were obliged to inform original buyers of returns.
After GDPR came into force, 11 of 30 online retailers claimed they were obliged to tell customers if purchases were returned - regardless of whether these items were a gift. Some advised individuals making festive returns to inform the gift-giver before the company did.
Clearly there’s still some confusion around sales after GDPR. The ICO has stated that retailers are not legally obliged to inform buyers when gifts have been returned, but consumer expert Martin Lewis said he could understand why companies would cite data protection, “although it does seem to be a little over the top."
"Data protection law does not set many absolute rules,” he explained. “Whether and how organisations comply depends on exactly why and how they use the data, and there is often more than one way to comply."
Marketing after GDPR: More careful targeting
Marketing after GDPR is evolving too, as research by TransUnion suggests that marketers have increased their use of data segmentation since GDPR came into force.
With 66% of surveyed marketers stating they are now less able to personalise marketing, 78% agree that customer segmentation is increasingly important. As a result, 62% feel confident they can segment their consumer database more effectively, with 63% utilising accessible data such as firmographics, demographics or geodemographics.
In other words, marketers are paying more attention to the qualities of their target persona. Is this actually just great inbound marketing in practice?
“The GDPR has restricted marketers’ abilities to micro-target customers,” said Ryan Kemp, business development director at TransUnion. “That’s why we’ve seen a huge rise in the use of widely accessible data that doesn’t infringe on a person’s privacy, but can give a better understanding who you’re marketing to.”
Caring for customers after GDPR: Businesses take more responsibility
Hotel and resort giant Marriott was one of the first to have a data breach make headlines after GDPR came into effect. Now under investigation in several countries, Marriott could be fined $915 million (4% of $22.89 billion global revenue in 2017) by the Information Commissioner’s Office (ICO), which is leading the investigation to uphold data protection rights in the EU.
In addition to this, the US Securities and Exchange Commission could potentially pursue prosecution, and individuals may also take independent legal action to claim damages. Marriott’s breach involved 383 million guest records, exposing 5.25 million unencrypted passport details, alongside 20.3 million encrypted passport numbers and 8.6 million encrypted cards. Fortunately, much of this data was encrypted and therefore more difficult to hack, as these highly personal details can be used for criminal activities.
However, whether in a bid to help customers or to placate the ICO and avoid huge financial penalties, Marriott has taken some generous steps. These include offering compensation to victims for passport replacement and setting up a dedicated call centre to support all those affected. Are businesses taking data breaches more seriously after GDPR?
Six & Flow after GDPR
Elements of the new data protection laws are relatively clear cut. Pretty much everyone knows you can’t cold call after GDPR, for instance, and we can’t say we miss it much. However, when it comes to getting under the skin of GDPR, businesses can struggle to identify what they should be doing and how they can implement changes.
That’s why we’ve created this useful guide for sales and marketing after GDPR. Download for free and see if we can add anything to your current understanding.