The GDPR: a catalyst for improving data quality

Compliance is a challenge, but the new regulation presents an opportunity to re-shape customer engagement and customer data management strategies

The implementation of the EU General Data Protection Regulation (GDPR) on 25 May 2018 will directly affect companies holding poor-quality customer data, such as incomplete, out-of-date or duplicate records. Under the GDPR, any organisation found to be using inaccurate customer data without a recognised legal basis, such as consent, could face the prospect of a significant fine: up to 4 per cent of global turnover, or €20 million, whichever is greater. And then there's the additional threat of consumer litigation.

A new focus on permission

There are various stipulations that organisations need to follow in order to be compliant with the new regulation. Data accuracy certainly needs to be addressed, with any incorrect customer data erased or rectified as soon as possible. But it's the ways in which the GDPR aims to put consumers in control of their own data that significantly affects how organisations are able hold this information - and what they can do with it. Unless certain exceptions apply, customers may not be subject to the type of automated decisions made by profiling technologies such as CRM, and can request a copy of their data in an easily accessible format. They will also have the right to opt out of any type of direct marketing, while organisations will continue to require their opt-in consent for electronic marketing.

But perhaps the most far-reaching of the GDPR's stipulations centres on the requirements for valid customer consent. Organisations need to demonstrate that, if they are relying on consent as the basis for processing, they have permission to use a customer's data, and that the customer understands how their data is going to be used. For those companies that haven't previously sought consent which meets the GDPR's standards, the implementation of an extensive programme of repermissioning may be required.

Yet according to research from RMDS, cited in its report The GDPR and its implication on the use of customer data, nearly half of all firms (48 per cent) either have no plans to conduct a repermissioning exercise or do not know whether they will seek fresh permission from their customers.

Those companies already handling customer information correctly for postal-marketing purposes may, following a review of the GDPR's requirements, decide to continue to claim a "legitimate interest" for the processing of this data and thus avoid repermissioning. But again, this places the onus on maintaining data accuracy at all times - if customers aren't being accurately communicated with, it's difficult for a company to claim that it has complied with the GDPR.

Using third-party customer data for marketing purposes presents a particular challenge under the GDPR. Organisations must assess any external data to ensure that it is GDPR compliant. Evidence suggests that marketers are already becoming increasingly wary of using data sourced from third-party providers, with the RMDS research showing that nearly half (49 per cent) of organisations now rely solely on customer data they have captured themselves. This compares to just 39 per cent of organisations relying solely on their own data in 2014.

The GDPR creates an opportunity

However, by providing a spur for companies to improve the accuracy of customer data, the GDPR should also be seen as an opportunity to reinforce the strategic importance of building strong, sustainable relationships with customers. Even if this could potentially lead to lower volumes of data, the information should be of a better quality and therefore lead to higher engagement and conversion rates.

The GDPR reinforces the idea that to develop trust-based relationships with customers, data processes need to be rigidly adhered to and maintained. There needs to be consistency of validation from the moment that customer information enters an organisation, by whatever channel.

After basic data accuracy has been achieved, the next stage of building trusted relationships with After basic data accuracy has been achieved, the next stage of building trusted relationships with customers is to personalise communications in a meaningful way. Organisations may be reducing their use of third-party data providers in order to promote GDPR compliance, but this could also mean that new marketing opportunities arising from customer life events - such as moving house, acquiring a mortgage, getting married and having children - are being missed.

According to the RMDS research, 61 per cent of marketers consider enhancing customer information with life-event data useful for nurturing customer relationships, as it presents both a reason to engage with customers and potentially new sales opportunities. Using properly permissioned and GDPR compliant third-party data sourced from trusted, reputable providers is therefore vital to improving the performance of marketing campaigns.

While the RMDS research reveals that some companies are still struggling to meet the demands of the GDPR, the enforcement of this new regulation nevertheless presents an opportunity for organisations to re-shape their customer engagement and customer data management strategies as a means to improve overall business performance.

Jim Conning is managing director of Royal Mail Data Services (RMDS)