GDPR Just Killed Your Personalization Strategy. What Now?

Say GDPR one more time

Yeah, we know: GDPR fatigue. We all got bombarded with “we’ve updated our Privacy Policy emails” this past week, too. But the fight over personal data and its usage has been brewing for quite a while now, and the rollout of this new EU mandate is just one (albeit important) milestone in a tectonic shift towards “self-sovereign identity”: the idea that users should be completely in control of their own personal data (or digital identity), who is allowed to use it, and for which purpose.

 

The timing couldn’t be better.

The recent Facebook/Cambridge Analytica furor almost seems like a PR stunt for GDPR: the alleged misuse of people’s personal data to impact the last election put a very timely fine point on the urgent need for data privacy rights—or at least clarity around how that data is being used. Combined with ongoing credit card breaches, and good old retargeting ads which have vexed consumers for years, data privacy issues have come to a head.

Some of this consumer angst could be solved by offering better control over their permissions plus transparency: telling users outright that that the reason this super-useful community site is free is because they sell advertisers the ability to target you on their site and across the internet based on the information you share, and giving you the option to opt-out by paying a subscription fee instead. Explain to users why certain data elements are required for software or hardware to function properly so it doesn’t just feel like a black box. We’ve all had this experience when downloading mobile apps: why does this little game need access to my location or the ability to make phone calls? App stores have actually done a pretty good job of improving some of the messaging around permissions to at least provide clearer visibility in layman’s terms of which permissions are being requested, but still have a long way to go regarding explaining WHY they’re needed.

GDPR Syd Schwartz Tweet

But what’s good for consumers isn’t necessarily the death-knell for modern marketing: ultimately, businesses who provide straightforward, transparent explanations of their usage of consumer data—and more importantly, provide value in exchange—will be granted the necessary consent to access and use it.

 

So, what exactly is GDPR anyway?

Here’s a great summary of GDPR (General Data Protection Regulation) in layman’s terms from The Guardian.

Some of the key tenets:

    • You must have explicit consent from consumers for the use of their personal data for specific uses.
    • You must delete data that you don’t have a current, legitimate business need to keep & continue to process.
    • You must provide the user control over their data to update and revoke consent (i.e. “right to be forgotten” – basically, you must delete their data upon request).

GDPR will obviously have a chilling effect on all marketers both B2C & B2B, and businesses whose software functionality relies on identity at its core (e.g. Facebook, Alexa, Google, banks)—though there are allowances for retaining & using data for core, current, relevant business needs. There’s already been a backlash against companies ranging from Facebook to Sonos, who are being accused of forcing users to accept a high level of permissions around their data in new privacy policies to continue using the product—but again, identity is often baked in to the functionality of the devices or software, so these may not be frivolous requests.

Although GDPR technically only applies to consumers in the EU, it is commonly expected to become the standard across the globe; in fact for many small businesses it’s easier to just have universal customer experience regardless of location to ensure compliance, especially since fines are very steep, on the order of 4% of annual revs or €20M, whichever is higher.

 

Could blockchain be the future of digital identity?

We’ve already seen use cases for blockchain for retail, primarily to track sourcing in the supply chain and provide authenticity and accountability at every step of the way. The fundamental concept of blockchain is to use a decentralized network to facilitate anonymous but network-validated transactions at scale. Its very nature requires that multiple parties agree to make something true, which reduces the potential for fraud or gaming the system, which in turn increases confidence in the information it holds. At the same time, blockchain also provides a level of anonymity since the transactions themselves build a unique profile without disclosing the details of the transactions.

Using blockchain to manage digital identity could help solve a lot of data privacy issues and solidify control in the hands of users who could dole out and revoke permissions as needed without sharing specific data. Companies wouldn’t hold the consumer’s actual data, just gain access via a “handshake” or similar validation vehicle to power the experiences they need to, which would provide the oxymoron of anonymous identity. Think of it like Facebook or Google login across the web to verify identity, but under the control of the user rather than a business or government.

With this solution, businesses could potentially also gain the benefit of being able to leverage information from a user’s history, even if this is the first time they’re interacting with you. This of course also works in the other direction, so it becomes even more important to create better experiences and trusted relationships with consumers to keep them coming back to your business in particular.

 

What does this mean for retail?

What’s unfortunate is that our industry has been struggling for years now with how to use data to better understand our customers and provide them with personalized experiences. No one seems to have gotten it completely right, but we have made some headway…which now may feel like it was a waste of time since we may have our hands tied and lose access to the user data that powers these experiences.

The good news is that, even under GDPR, there are still a couple of important cases in which you can utilize your customer’s data:

  1. when there is a current, legitimate business need to do so (such as after someone has made a purchase from you), and
  2. when they give you explicit consent.

Retailers who have a true customer-centric approach to their experience, provide value and transparency, and have built trust with consumers will be in a great position to ask for consent to continue to use the data they have, and nothing much changes. The post-purchase portion of the customer journey is also a perfect time to build that trust. During that period of anticipation awaiting their order, consumers have said there is no such thing as too much communication, and retailers have an opportunity to instill customer confidence by providing proactive notifications that are customized for that person, and earn the right to continue the relationship.

Retailers who have a customer-centric approach, provide value and transparency, and have built trust with consumers will be in a great position.

As voice shopping activity via smart speakers and personal assistants on smartphones becomes more prevalent, retailers will also need to look at those channels with a holistic view. The data they gather as well as the service they provide will need to provide obvious value to consumers, not just push them marketing messages which could easily trigger backlash and cut off that opportunity to intimately understand the consumer and create supportive customer care experiences for them.

 

How could customer experience help solve this problem?

There has long been a balance between data provided and value delivered. There are plenty of studies showing that consumers are willing to trade their personal data for value, potentially an exchange as basic as joining your email list for a discount on their first purchase or more accurate product recommendations. The more value they derive—for example, through highly customized experiences—the more data they are willing to share. Google Assistant is a perfect example of getting it right. Google has access to your calendar details, email, maps and heaven knows what else, but they use all of that data to provide incredible value in return: letting you know when you need to leave to make it to your next appointment in time (and providing directions), or letting you know the weather in Hawaii three days before you head there on vacation and should be packing. How many of us are comfortable letting Google know our home and work locations so Google Maps can give us updated commute information every day?

Consumers are willing to trade their personal data for value.

The key takeaway here is that, despite the restrictions of GDPR, if you can show value to your consumer and are transparent about exactly what you are using their data for, you will be able secure their trust, and subsequently their express consent to access and utilize their data to provide that great customized experience.

Ultimately, the fundamental change is that power over their data has shifted into the hands of the consumers. If you provide valuable service and are straightforward and transparent about the use of their data, they will choose to continue that mutually beneficial relationship with you, regardless of protective regulations.


Want to know how Narvar is addressing GDPR? Check out our GDPR FAQ.