The Black Friday/Cyber Monday period is the starting pistol that signals that start of ‘the golden quarter’, when most retailers lock in their profits for the year. It’s also a time when having a good customer database – along with reaching the right consumer with the right offer at the right time – is critically lucrative for brands. However, the looming prospect of GDPR is set to make the gathering and use of customer data more complex. So what should marketers be doing now to ensure their golden quarter & GDPR plans go platinum in 2018?
The Golden Quarter kicked off at the beginning of October, with its biggest milestone firmly established as the Black Friday/Cyber Monday long weekend. Some £2.6 billion was expected to be spent in the UK just on Black Friday itself this year, up eight per cent on 2016, according to the Centre for Retail Research. Around £7 billion was expected to be spent across the whole weekend period, up from £5.8 billion the previous year.
However, this Golden Quarter is like no other for a particular reason. The looming introduction of the EU’s General Data Protection Regulation (GDPR) in May 2018 is already shaping how marketers, especially those in retail, are collecting, using, storing and re-certifying their data sources. In order to ensure day one and ongoing compliance, change is needed now, as actions at this stage will directly impact the amount of work needed at the last minute to make the GDPR grade.
Getting data compliant during and after the Golden Quarter
The primary short-term aim in this quarter is to maximise revenue. However, preparation and planning now will ensure long-term marketing benefits and a far less painful transition into the GDPR era, not to mention helping to avoid the EU’s punitive non-compliance fine structure:
- Look at your existing data and think about how you are going to communicate with your key audience segments going forward; the channels you’ll use, how you will segment and target your audiences, and how you’ll personalise the messages and offers
- In thinking about this, you should also look at the data points you have available to in order to drive your marketing efforts. Consider whether they are fit for purpose, as well as what permissions you have for using that data
- Factor into your considerations how and what you will communicate around the use of personal data. Getting this right now, during a period when your current and new customers are paying particular attention to your messages, will give you a significant head start in ensuring compliance and re-certification of permission to use data for marketing purposes.
Not only does the GDPR lay out strict requirements for data security, retention, collection and disposal, it also has a very broad definition of what constitutes personal data and personal identifiable information (PII). That’s before we even consider the new and clarified rights that individuals now have across the EU regarding their information. These include Article 17 (the right to be forgotten) and Article 21 (the right to object).
As marketers, GDPR presents a genuine challenge to our business needs. We want to use data to create a better customer experience, as well as to promote and sell our wares effectively. However, we now need to do that in a way that does not compromise the new legal framework governing the collection and use of our existing data sources, as well as any new data we collect, going forward.
Golden Quarter & GDPR – best practice and consent
Ensuring your organisation has the right to hold and use PII in the GDPR age, starts with the issue of consent. While GDPR does not specifically ban opt-out boxes, that method of marketing communication is essentially the same as pre-ticked boxes, which are banned under the regulation. Therefore, best practice would be to move to a stance whereby customers and leads need to actively opt-in to marketing communications. This is also the advice offered by many country-level information regulators, including the UK’s Information Commissioner’s Office (ICO).
Therefore, any existing data collected using automatic opt-in or pre-filled boxes, needs to be revisited. Individuals need to be rechecked to ensure they are knowingly giving consent for the continued use of their data.
Look at the different data points you collect from individuals and determine what can be considered to be PII. Data such as IP addresses are considered PII, along with more obvious things such as names, addresses, credit card numbers, phone numbers and email addresses.
From here, you need to look at how you process this information, and the GDPR articles that will apply. For most retail marketers, the most relevant grounds will be contractual – Article 6 (in relation to the sale of goods or services), consent – Article 7 (opting in to marketing communications) and legitimate interests – Articles 6, 7 and 29 (the benefit inherent in processing PII for that company itself or perhaps for wider society).
Different grounds may be better aligned with different types of personal data. For example, legitimate interests with web tracking to drive personalisation, consent for marketing communications and contractual for transactional messaging. In evaluating the different legal basis for each data type, you’ll need to consider the rights of the individual. Also, consider how they might exercise their GDPR-enshrined right to withdraw consent or ask you to stop processing their data. Those considerations should then be documented in an updated privacy policy and made available at key customer touchpoints throughout the digital customer journey.
Capitalising on the Golden Quarter for data collection
Ensure that any new customers or prospects you engage with in the quarter give you marketing permission. Don’t auto-fill the box for them. This will ensure that any permissions gathered now still hold true after May 2018. Also log where that permission was acquired (for example, a website pop-up, initial registration or delivery/billing details page of the checkout process) to ensure it was collected alongside an opportunity to see the revised privacy policy. In the event of a compliance challenge, if you can cross reference the point of collection with the visibility of the link to the privacy policy that was published at the time, you’ll be on a strong footing to defend your actions.
The same applies for engaging with existing customers. Refreshing data and consent does not need to get in the way of making sales, especially if you integrate it into the checkout or sign-up process. For example, we are working with clients to develop post-purchase systems that not only enable up-selling and cross-selling, but also encourage existing customers to confirm their marketing preferences and details at the same time.
For those customers who don’t come back or respond during this quarter, retailers will need to consider a more aggressive programme of soliciting reconsent in early 2018.
Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.
Leave your thoughts