Tomorrow [Saturday] will be the first anniversary of the General Data Protection Regulation’s (GDPR) implementation.
It introduced substantive changes and harmonised data protection laws across the European Union.
Some businesses have found positives, using it to clean databases, tighten security and apply creative solutions to marketing. Organisations have also had an opportunity to use the GDPR to build trust among their customers.
But complaints have also been made about grey areas and the restrictions it has placed on how they market people.
Maximum penalties of €20m (£18m) or 4% of global turnover for the previous year, whichever is the higher, has focused hearts and minds.
MCA gauged the reaction of a variety of industry players:
Jane Jones, marketing director, Fullers: “It’s been relatively straightforward to comply with GDPR. Changes were not major from a marketing perspective, and measures to ensure compliance were put into effect prior to 25 May last year.
“We were required to ‘re-consent’ our database and this reduced our contactable customer base quite significantly. However, we retained our most engaged contacts which has been of significant benefit.
“It has affected the way we obtain customer information from third parties, and changes required by GDPR to data integrations caused some technical challenges.
“We have implemented a number of initiatives to ensure compliance – for example, a universal privacy policy that communicates how we collect and store data and we abide these principles. We have also implemented a privacy enquiry service to respond to any incoming requests for rights of access or deletion to protect our customers and their data.
“The database is now smaller but now consists of customers with higher levels of engagement. The result has been positive campaign performance.”
“At the time of compliance there was a huge amount of effort in cleaning up the database and a reality is our data base growth is slower than pre- GDPR.
“Rules around compliance appear to been interpreted in different ways across the sector, we ensure a very compliant approach and actively manage our customer contact relationship to ensure it is in line with their expectations.”
Mark Jones, managing director, Carluccio’s: “It was burdensome to comply, but less so than we previously thought but in many ways the timing for us was appropriate because when it came about we were already in the process of saying ‘look we’ve got this database of hundreds of thousands of people; how often are they reading our emails, what’s the quality of our database? We are closing restaurants and therefore is it appropriate to communicate with people in Aberdeen when there isn’t even a restaurant in Scotland?
“In many ways it helped us really focus on getting a high-quality database where people were consciously opting into communications with us because they were fans of the restaurant instead of getting to them by us pre-ticking a box when they didn’t really want to receive our communications.
“I felt at the time a lot of people felt it would be very onerous. We didn’t see it that way in the end. It had some benefits in that we now have a very high quality database and people who have now added themselves to it are now doing so in a very proactive way.
“In any business there is always a rogue database or social media here or there. We’ve been very strict about that and we’ve centralised everything so we’ve got control over it. To date to the best of my knowledge we have been very strongly compliant.”
Ed Turner, founder, Buff & Bear: “We had to start from scratch again because I was more honest than most and gave up most of my database. I think there’s a general market move away from databases.
“Direct email is great but people prefer to go through social media and I think there’s got to be much more of a balance. In the olden days, certainly with the big companies like Geronimo’s or Young’s, we’d have huge databases and it was very easy to communicate but I think punters are getting all a bit bored of the direct mailing nowadays. They want it a bit more personalised and you can get more personality over in social media. That’s not to say I’m giving up on it. I’m still keen to have a look at it.
“I think I’ve got a good understanding of GDPR but I’m not going to go on Mastermind for it. When I need to I get advice from my website company and through my personnel advisory company so I’m very aware of it. I will always ask. I’m not taking risks on it although I’m yet to hear of anyone being caught out and fined and I’m sure there are lots of people who are just ignoring it.
“I think my business hat says the GDPR is not a good thing but I understand why they are doing it. It’s there and there’s not a lot we can do about it. We’ve just got to work in different ways.”
Keith Knowles, chairman, Beds & Bars: “We haven’t really noticed any difference. There were some positives to it in that we tidied up all of our databases and we checked and rechecked all the security we’ve got which is no bad thing.
“However, we are very unclear as to what data we can share with the authorities. For instance. if the police ask us for some CCTV footage are we expected to give it to them? It’s not clear. There’s no question of you giving it to them but it’s the procedure under which you give it to them. If there are people in any CCTV footage who are not associated or engaged with what’s going on where are their rights protected?
“I don’t think people realise how many people can ask you for that data. It can be local authority licensing officers, EHOs, traffic control, the police, fire, ambulance. What is the legal procedure that safeguards us as the holder of that information in case some of that information goes astray? It’s a grey area.”
Nick Desai, co-founder, Zerodegrees: “We’ve managed pretty well with it. Most of the data was always kept secured and locked up with reputable companies like MailChimp. All the data is either from Open Table where it already logs customers preferences and all we are doing is following suit.
“We complied from day one It wasn’t too big a challenge. We were able to sort it out ourselves purely because when we read everything we found our data was already compliant so it was pretty easy for us. We didn’t have to do anything really.
“You are unable to reach out easily to new customers. They won’t know about us unless we have existing contact or they’ve signed up to us so they miss out on the deals we have available but we understand that other companies might abuse the system so you have to have one policy in place for everyone to follow.
“You have to be a bit more careful than before. You must have proof of consent whereas previously people would untick the boxes. It’s getting the balance right. It would be better if data was free-flow if no one abused the system but sadly people abuse it which has put a spanner in our works I guess.”
Precis
A year of GDPR: The industry view
Saturday marked the first anniversary of the General Data Protection Regulation’s (GDPR) implementation. Andrew Don spoke to a variety of industry players to gauge their reaction to the implementation and how it has changed the way they speak to customers.