« Go back or View all posts
Often the biggest disruptor in any marketplace is new legislation.
And while some incoming laws and regulations merely tweak details, others fundamentally change the way things are done from one day to the next. Just under a year ago, GDPR did just that.
In case it’s slipped your mind, GDPR (General Data Protection Regulation) made companies much more accountable for how they gather, use and protect an individual’s personal information.
The effects were wide-ranging. Professional services firm PWC declared that GDPR would impact "every entity that holds or uses European personal data both inside and outside of Europe.”
Suddenly, businesses and organisations of pretty much every size and type had to find new ways of dealing not just with the data they would collect in the future but also, and more problematically, the data they already had in their possession.
In one fell swoop, it made previously acceptable practices like the selling and buying of people’s data, a no-go area.
Some predicted apocalyptic consequences.
In April 2017, Forbes magazine ran an article headlined: ‘Worldwide climate of fear over GDPR data compliance', based on a survey that among other things suggested almost 20% of firms globally thought that breaking GDPR rules could put them out of business.
The wording of the legislation itself offered little comfort to those of a nervous disposition, opening up as it did the prospect of anyone suffering "material or immaterial damage" from an infringement having "the right to receive compensation for the damage suffered.”
With potential fines for breaches amounting to 4% of a company's annual turnover, or €20 million, nerves were jangling in the run-up to implementation day: 25th May 2018.
As we all know, GDPR didn't stop the world turning, but it was a catalyst for change and it did have consequences.
The extensive publicity given to GDPR compliance helped bring home to individuals that their data was theirs and they needed to guard it more jealously. Scandals such as Cambridge Analytica’s use of personal data in the US presidential campaign all fed into a narrative that saw people becoming increasingly angry about how they and their data were being treated by many organisations.
As a result, many started walking away from a now tarnished social media. Facebook blamed GDPR and increased awareness about data issues for a drop in its active users, with advertising revenues taking a consequent hit.
With organisations now having to get an opt-in from would-be recipients of their communications, the database size of many small businesses was cut by 25% to 40%, according to research firm Forrester.
Often this was not because the public had concerns about a specific company but simply through compliance fatigue. Having been bombarded by pleas that could have come from a desperate ex-lover — ‘Stay in touch', 'I’ll miss you', 'Sad to lose you' — they simply couldn’t take any more and never bothered to opt in.
Given its global reach, GDPR shifted the balance of power towards the consumer. Suddenly, individuals were the ones calling the shots and they were looking to tear up the old relationship rules they’d previously had with organisations.
For instance, nearly two-thirds of us now claim we would stop buying from a company that didn’t protect our data. And over 80% of us say we’d tell friends and family to boycott the perpetrators as well.
Just as it has at other companies, GDPR has had an impact on us at Swiftpage and made us think afresh about how we operate as marketers.
Since GDPR was clearly going to happen, we decided early on to see compliance as an opportunity rather than a threat. So we embarked on a six-month-long programme of change, beginning by surveying our customers to get a better understanding of what they already knew about the new legislation.
Then, to comply with GDPR requirements, we emailed everyone on our database to ask them if they still wanted to remain on it or to be removed. This also gave us the chance to update the details of those who did want to stay on our lists. Our subscribers and active customers were also asked if they wanted to continue using our products.
By the end of this process, we’d ‘lost’ about half our data. On the face of it, a significant issue, but in reality it meant that instead of a bloated database we now had something much more fit for purpose — a tight list of our most interested prospects.
Going through this whole process also had the added benefit of allowing us to engage with many of our customers, something that helps to build trust and loyalty — always vital elements in business, but increasingly so in our online age.
For small businesses, achieving GDPR compliance was always going to be particularly difficult given that they didn’t have the resources of larger firms.
So, to help our SME customers get an even better understanding of GDPR and its implications for them, we also began an 'education programme' of content marketing. This included, for instance, guides and white papers that examined the legislation in more detail and helped to put it in context.
We also ran a follow-up email campaign that linked to a GDPR landing page explaining the new legislation and what our customers needed to do to comply with it.
Further collateral was created and published about how our CRM and Marketing Automation software Act! would help users become GDPR compliant.
GDPR also required us to change the way we marketed ourselves to potential customers. That meant amending the lead generating forms on our website so that prospects could give us permission to use their data. That inevitably led to a slip in conversion rates, though we worked hard to mitigate the impact.
From the start, we looked at GDPR compliance as much more than just some box-ticking exercise. Instead, we thought of it as a full-blooded commitment to doing what is right with someone else’s information and truly reflects their wishes.
And so that we are shaping our data protection around what consumers want, we take a lot of care to make sure those who unsubscribe really are scrubbed from our databases. This is all about meeting people’s expectations and we believe that if we don’t, we can’t build the trust of our customers.
So, as we develop new products and services, we ensure that ‘confidentiality, integrity and availability’ are built into the way we process customer data. For example, with our next product release 2019 release, Act! users can now authenticate through their Windows profile.
We are now in a new era of inbound marketing where increasingly trust and loyalty are taking centre stage. To reflect this, organisations of every size need to see GDPR compliance not as an imposition, but as a way to generate business growth. Businesses that are viewed as trusted ‘data guardians’ are likely to benefit most — research shows that consumers tend to reward those who protect their data by spending more money with them.
The 500 calls a week to the UK Information Commissioners' GDPR hotline is another indicator that more and more of us are trying to take back control of our data. Given that it takes eight to nine months for each complaint to be reviewed, it’s only now that we are beginning to see the legislative teeth of GDPR.
There will, of course, be a growing crackdown on those who continue to flout the rules, with warnings starting to turn into fines that become ever larger for persistent offenders.
Google is the largest casualty so far, fined £44m (€50m) by the French data regulator CNIL for non-compliant advertising that lacked valid consent for personalisation.
Though GDPR compliance for small businesses is now firmly part of everyday life, with well bedded systems in place, there’s still a need to guard against ‘compliance complacency’.
Some predict, for instance, that this year will see the rise of ‘GDPR bounty hunters’ who target big firms, breaching their data processes then extorting payments that are considerably less than the ICO fine they would receive if the breach was made public.
This may not be something for smaller businesses to worry about, but an interesting twist in the GDPR tale.
Big results. Small investment.
Ready to take the first step?