MARKET | Mar 1, 2018

GDPR: how marketing is changing

What impact does the new European privacy regulation have on the marketing activities of companies?

The new music that resounds in my ears (and that of my colleagues) is called GDPR. This is a thorny issue for us in marketing, above all because in the collective imagination it seemed like something from IT at the beginning, and we – and I – ignored it a little, I must admit.

I don’t want to dwell on what GDPR envisages, but I would like to examine how it will affect the work of those involved in marketing.

On whom?

Making a necessary premise, GDPR does not impact on how I decide to sell a product or on what, but essentially on the “on whom” in the sense of how I will select and identify it. It is clear that the success of my campaigns derives essentially from the data I have and from how complete, reliable, truthful and updated these data are.

And these I have, but from May 25 legislation prohibits me (“does not allow” to be exact) to use data I have that do not conform to the requirements expressed by the legislation itself.

Let me explain: if my data have been collected in a way that is not in line with what is now required by the GDPR (which for me is absolutely true, because I have collected consent in line with the requirements that were in force in previous years), from May 25 I will no longer be able to send practically any type of personalized marketing communication.

This will happen because the regulation has incorporated precise and stringent rules on how to obtain consent from potential customers before being able to collect and use their data.  In other words, our fantastic landing pages with already precompiled consent will no longer be acceptable. From now on it will be possible to collect contact information only if consent is given explicitly.

We must then ensure the visibility of the data collected and the types of consent expressed for our contacts, giving them the possibility of modifying the various approvals at any time. In other words, we must be able to display the data collected on request. This seems a banality, but it is absolutely not.

As if this was not enough, contact information can be collected only for specific explicitly stated purposes and it will no longer be possible to connect series of data to others without having first explained the goal. In other words, the end of filters on CRM, re-marketing and all marketing operations that begin with “RE-“.

What data do I have?

The first question I asked myself was: what data do I have in my CRM?

The Data Protection Authority partly clarifies this question , What do we mean by personal data?, even if we have to take into account that, in light of GDPR, this net division is in my opinion a bit distorted by the ability made available by technology to assemble items of information and correlate them with each other, changing the value of the datum.

PII or Personally Identifiable Information comes to my rescue – the information used alone or with other relevant data can still allow a company to identify a person.

To expand on this, information (PII) can be sensitive or non-sensitive.

Sensitive personal information includes, for example, data such as full name, address, document information, bank details, etc. To use part of this information for marketing purposes, companies normally use anonymization techniques (so that data rendered anonymous do not fall within the scope of data protection legislation), but this information analyzed together with non-sensitive or indirect personal information – easily accessible from public sources – through techniques of de-anonymization and re-identification can be used to distinguish one person from another (let’s say, thanks to Big Data). So, if I have understood well, all my data are unusable, however they are used.

And consent?

Here is where the debate opens up: how can I obtain consent for my data, without being heavy-handed towards those who would like to continue receiving information from me?  How can I convince them that – by dedicating myself for the right time – to put all those checkmarks, I will be authorized to try to connect data to others in order to really understand what might be useful at that time and avoid flooding with barely adequate information?

Goodbye contact, goodbye

How many customers will I lose (of those less faithful) to whom I currently send communications or invitations to events, who will not want to dedicate those five minutes to me?  Because if it is true that, today, the customers who know me little, perhaps, will no longer allow me to send them information (because the process has become complex), it is also true that within 6 months that client will no longer receive certain information from me.  And within 6 months that customer will have developed other needs, I will have developed other offers, and maybe that was an opportunity for both.

What to do then?

All that remains is to find a way to conform, and quickly. There are only three alternatives: adapt, drastically reduce communication or expose your company to a serious legal risk.


Simona Piacenti