The summer of 2018 saw England almost ‘bring football home’ (and I emphasise ‘almost’ as a proud citizen of Paris), the marriage between Prince Harry and Meghan Markle, the Irish Referendum and the longest total lunar eclipse of the 21st century. It was also the summer GDPR was bigger than Beyoncé, according to Google.
Platforms such as Facebook were held accountable for their data practices globally, and companies finally woke up to the fact that they had to adapt to GDPR’s new rules, to ensure compliance with the new European regulation.
Whilst, to the football fan or loyal monarchist, the General Data Protection Regulation (GDPR) may not have been as exciting as some of the big events that complemented the UK’s heatwave, the lasting impact of GDPR on consumer’s day-to-day lives far outweighs that of the others.
- Majority of companies still aren't GDPR-compliant
- Data Privacy is having its day
- Here is the one reason why companies are getting data protection wrong
The significance of this European regulation has already been huge. We’ve seen the Information Commissioner’s Office (ICO) enforce fines to the big players, making an example of them so all businesses realise the seriousness of breaching the rules.
With so much achieved in 2018, it begs the question: what can we expect from 2019 and the plight of data? Will this year continue to be as pivotal for the battle for consumer privacy rights and what does GDPR still have yet to achieve?
E-receipts show that GDPR might still need to solidify its celebrity status
In January, we once again saw Data Protection Day, an international holiday to raise awareness and promote privacy and data protection best practices. Whilst this day does so much to keep these topics within the mainstream agenda and at the forefront of people's minds, there is still quite far to go as GDPR becomes the new normal. Already, regulators are keeping a close eye on some industries that are going through a lot of innovation at the moment, and on their practices when it comes to customer communications.
In a recent study by consumer body Which?, several major retailers were potentially at risk for violations of data protection regulations by sending marketing content to customers via e-receipts – customers who hadn’t requested to be contacted for promotional offerings. Although e-billing is an exciting new technology that many in-store retailers are now embracing, companies must never lose sight of being fully transparent with their customers on how their personal data is used, and the communication they can expect to receive.
When done properly, e-receipts are a fantastic marketing opportunity. Triggered by a user’s action (like an online purchase), transactional emails have 8x the open rate compared to traditional marketing emails. However, it does not take a GDPR expert to work out that turning transactional communications into a marketing opportunity requires a thorough understanding of the rules about what can and cannot be done.
Even though this is still a grey area, opportunities to include ‘marketing’ within these post-purchase emails can exist if the brand can balance its interests with the rights of their customers, all whilst clearly informing them how they use their data. Something retailers and many other businesses will need to carefully navigate this year is the balancing act between innovation and the use of customer data. Brands will need to ensure there is a legitimate interest for an offer within an e-receipt, meaning that there should be a reasonable link and purpose between the user’s purchase and the brand’s offer.
It is not just e-receipts that have led to trouble for businesses, many have already fallen foul of the new laws due to the way they are collecting and using user data. The likes of Microsoft, Facebook, Instagram, Amazon and TSB have all faced investigation by the ICO since May. Therefore, this highlights that as functioning businesses, we still have a long way to go to ensure perfect data compliance.
Is there a new superstar set to take GDPR’s shine?
GDPR, you did so much in 2018, but could ePrivacy be the new buzzword of 2019? Also known as the “cookie law”, it is set to cause another headache for businesses whilst they are still trying to settle into the new GDPR routine.
This regulation, which repeals the Privacy and Electronic Communications Directive of 2002, is lex specialis to GDPR, meaning it can override the existing regulation. Like GDPR, it pertains to data on devices, processing techniques, storage, browsers – affecting all electronic communications ubiquitously. The regulation requires organisations capturing any third party data from online consumers do so only with their explicit permission. As its pseudonym the ‘cookie law’ suggests, users who don’t set browser-level cookie permissions will face cookie request pop-ups when arriving on a website. 91% of marketers expect this to directly cause a loss in global web traffic, although 57% anticipate that this drop will be 10% or less.
Likely more concerning for marketers, is the decreased ability to extensively track the actions users take on their website. With 31% of marketers in the UK stating that the most important information they collect via cookies is Google Analytics data, there is good reason to be worried. This is going to leave the relevant teams under pressure to find a sensible and legal alternative to this, which can compensate for the significantly large data hole that is going to remain.
Plan of action
With so much at stake, what can businesses do to ensure they are prepped when ePrivacy actually does hit, and what does this mean for GDPR this year?
Forward-thinking brands should have already considered that ePrivacy will redefine the limit of personalisation based on the available data sources, and other businesses should take note. They will need to have a strategy in place that clearly outlines to customers why they will benefit from providing access to their data to be tracked - like they did for GDPR ahead of the last May deadline. Sensible businesses will also be looking to invest in direct communication channels. In fact, our recent research discovered that, 79% of marketers predict they will use email marketing more as a channel post ePrivacy.
Whilst GDPR might seem like it came into force a long time ago, ePrivacy could be set to stir up the way people think about their data again. But will it be as popular as GDPR was in 2018 or have as much of an impact and continue to maintain people's interest in the topic? Ultimately regardless of which regulation will be the most Googled or written about, raising awareness of consent when it comes to personal data should be a joint effort between all - regulators, businesses and consumers.
Darine Fayed, Head of Legal and DPO at Mailjet