How to ensure GDPR doesn’t kill your data capture efforts

Despite GDPR changing the methods of capturing and managing customer data for good, the regulations don’t need to herald the end of useful data. There are still ways in which businesses can continue to gather useful data and, crucially, help gain customer trust at the same time. Here are the three essential areas to address. 1. Justify the data you are collecting Once GDPR is in force you can only collect data for specific, explicit and legitimate purposes. Every company should be able to answer the question: “Why are we collecting this data, and is it justified?” Transactional data is easier to answer – retailers have a legitimate reason to collect this so they can account for sales, manage stock and understand what products customers are buying. If there’s no personal data involved, this is even more straightforward. Once personal data becomes involved, it becomes more complicated. Obtaining a person’s address so you can send them their order makes sense and this is a very specific purpose which is easy for the customer to understand. But, capturing their date of birth to deliver their order is a less clear proposition, unless, for example, you’re using it to supply restricted products. From a marketing perspective, justifying personal data capture can be even more challenging. On date of birth, for example, there would be no traditional reason to capture this for the purposes of marketing. But if you plan to reward a customer on their birthday, the data capture is justified – as long as you actually follow up on your intent. If you don’t, the need to hold the data vanishes, and you should delete the data. Lastly, ensure your privacy policy clearly states that you may use collected data for analysis or profiling, meaning you could use a correctly captured date of birth to segment customers by age group to understand your sales better, or improve your targeting. 2. Be honest and transparent about the data you’re collecting This is another vital part of GDPR – tell your customers, clearly and succinctly, about why you’re capturing their data. There are two key elements here: Firstly, for marketing permissions, the consent wording used when they pro-actively tick the box indicating they opt-in to marketing should be unambiguous: “we will send you SMS marketing containing the latest news and offers" Secondly, your privacy policy should state clearly that you might use any collected data for analysis or profiling. It should also state how they can exercise their GDPR rights – such as ‘Right to be Forgotten’ – for any personal data held by your company. Being honest and transparent at every stage will make customers feel more comfortable about handing over their data and inspire further trust in your brand. So when a customer receives an email from you, they’re less likely to ask “why am I getting this?” and mark you down as spam – or worse, report you to the Information Commissioner’s Office (ICO). Instead, with a transparent sign up process, your customers will fully understand why they’re getting the email, were hopefully expecting to receive the email, and will be more engaged with its content. For retailers capturing customer data at till – to sign them up to a loyalty card, for example – you will need to ensure store staff have the right training to communicate clearly your brand’s data capture policies, and to ensure they follow the right processes to correctly collect permissions. If they do, the data they collect from a customer remains usable in the future, otherwise you’ll need to delete anything incorrectly captured. Lastly, a point on execution. Most customers won’t have read the ICO’s guide on GDPR and aren’t going to understand, or care, about every GDPR term. Embrace this as a chance to avoid jargon in your policies and say things concisely, simply and clearly. And absolutely steer clear of double negatives and pre-ticked boxes. 3. Follow best practice to keep using collected data in the future Post-GDPR, it’s no longer enough to simply have honest and transparent consent wording up front. You’ll need to remind customers at least annually about what they opted-in to, and that they have the option to change these preferences. For customers no longer interacting with your brand, ensure you have a process to eventually remove them from your database after a certain period of time. The time needed will vary based on whether you can justify keeping that data longer – if you sell multi-year warranties, holding their personal data for the duration of their warranty makes sense. For retailers with shorter product life spans, you can still hold onto the order history – you have a legitimate accounting reason for knowing what you’re selling – but you may need to remove their remove personal data so that their orders become anonymous. Complying with the new legislation is essential. And being even more straightforward and transparent with your customers in the process means you should gain greater brand trust and, in the longer-term, improved customer retention. Nicholas Blake is the head of data and digital operations at Armadillo CRM, who specialise in customer relationship marketing.