GDPR: Compliance is not enough

Data Protection and GDPR – Compliance is not enough

Imagine the situation – May 2018 approaching ever closer, you’ve done an audit of your data protection practices, implemented changes to tighten up on existing obligations and put new procedures in place to cover the incremental obligations which GDPR will bring; happy days for the legal and compliance teams and the Board are satisfied that the risk is managed.  But wait a minute. What will the impact of these changes on your ability to reach and engage with customers – has the baby been thrown out with the bathwater? One of the biggest business challenge facing brands will be the ability to keep lines of customer communication open. Just because you’re compliant does not mean that customers will opt in to marketing.


What impact will GDPR and associated consumer perception have on your contactable universe?

For those organisations clearly meeting all of the demands of the existing data protection rules, stepping up to GDPR will not be that big a deal; our experience however, is that some consumer brands have still got work to do to get to this point. Indeed, two recent high profile ICO rulings back this up. If every consumer brand in the country was inspected today, I am willing to bet that a reasonable proportion is not doing the right thing.

How and where do you collect data? Do you know which privacy policy and opt in form of words each customer has signed up to and when?

How do you apply this data? Profiling, matching, enhancing, appending or sharing with any third parties?  Is it all covered in the privacy policy that each customer signed up to? Do any of these things to customer data that is not opted in for marketing?

So now’s the time to get it sorted – get ahead before the privacy deluge occurs. The wake up calls are getting louder by the month; customer awareness is improving with every ICO ruling and data breach. Devise a customer reach strategy to direct all of the workstreams that will be required to protect your customer franchise. Some factors to consider include:

  • What is the true state of your customer contactability nation now? Can you measure it and how does it vary by business unit, product, segment and source channel?
  • What is l channel strategy will deliver the optimal result?
  • How should customers be asked about consent and what should the order of asks be
  • What value exchanges could be offered to customers in return for their agreement?

Finally, consider modelling the financial impact of different consent levels on the growth of your business.  Imagine a scenario where you could only cross sell to say a third of your customers – what is the likelihood and impact of such a situation? Now you’ve got the attention of the Board.

If you’d like to discuss this further, contact me at


Paul Kennedy

Data Strategy Director

Leave a Reply