GDPR came into force a year ago tomorrow. Twelve months on from that, what has changed?
The European regulations, which took effect on May 25 2018, require data controllers to safeguard their data, and to gain informed consent on how they may use that data. That includes whether retailers and brands can send marketing emails.
In the first nine months of the scheme, says a European Union report on GDPR, 281 cases have been registered under GDPR by 30 different EEA bodies, stemming in 194 of those cases from complaints by individuals. The three primary reasons for lodging a case came in relation to the exercise of the data subjects’ rights, in relation to consumer rights, and in relation to data breaches.
Industry members say that that the European legislation has put customers in charge, not only within the European Economic Area, but around the world.
Ben Jackson, general manager, SAP Customer Data Cloud, SAP Customer Experience, said: “Since GDPR was enacted, data privacy has become a global conversation. It was a catalyst for a global movement to put customers back in the driving seat of how and when their identity and related data can be used. This regulation was just the first phase, serving as the basis for much of the newer legislation we’re seeing in California, Brazil, India and Japan -- and we can expect more countries and regions to follow suit.
“As part of this global movement, consumers and their representatives have taken steps over the past year to ensure that customers have greater control over how and when organisations store information about them. At the same time, organisations are learning that losing trust with customers and other organisations comes at a huge cost. Research indicates that if an organisation does not take adequate steps to secure customer data and loses 50M records, it would cost their business $350M. While the implementation of fines has not started in earnest just yet, we have seen the start of it -- for example, Google being fined -- and expect to see an uptick in the back half of this year.”
Retail marketing databases have now successfully recovered to 101% of their pre-GDPR levels, according to research from customer journey optimisation specialist Yieldify.
Its study suggested marketers were more pessimistic than they needed to be ahead of GDPR – and that retail businesses had been the most successful in recovering from its impact.
At the time, it found that just over one-third (33.4%) of marketers lost over 30% of their databases and just over one-fifth (21.6%) claimed to be unaffected by the new regulations stipulating higher levels of consent to process customer data - though this included all the legal businesses surveyed.
Since then, retail marketers reported that their databases had recovered to 101% of their pre-GDPR size, whereas travel marketing databases remained at 74% of their levels last year. Larger businesses generally lost greater proportions of data last year (an average of 29% for businesses of 100-500 people), but recovered at strong rate of 24%. In comparison, businesses with less than 100 employees have only recovered by 18%.
While recovery for larger businesses is not complete, their high re-growth rate can be attributed to the diversity of tactics they employed in order to re-capture data. The study found that the larger the business, the greater range of strategies used. These included loyalty programmes, content optimisation and in-store incentives alongside the more common strategies of competitions and incentivising newsletter sign-ups.
Romain Sestier, VP product and data at Yieldify said: “The results of the study really confirm the trends that we’ve been seeing amongst many of our clients over the last year: recovery from GDPR is completely achievable if you employ a smart and diverse range of strategies.”
The survey also found that marketers’ expectations around the impact of GDPR were often inaccurate. With high levels of panic and scaremongering ahead of staging, marketers’ expectations were overly pessimistic: a year later, 25.5% of marketers said that the impact on overall acquisition, website personalisation and single customer view was better than expected. However, this trend changed for email marketing and ad personalisation, where nearly one-third (32.4%) and a quarter (24.4%) respectively said that they were worse than predicted.
One study suggests that most people have not seen any change in their online experience since the regulations that require data controllers to safeguard their data, and to gain informed consent before they send marketing emails and messages. Four in 10, however, believe they now have more control over their data.
OnePoll questioned 1,000 UK adults on behalf of marketing channel BounceX, and found that 60% of respondents said they had seen no change in their experience while using the internet since GDPR regulations came into force.
The study also suggests that shoppers are now more likely to engage with retailers via email than they were before GDPR. Beforehand, says the poll, 50% of shoppers were unlikely to read emails from brands and retailers while 46% were unlikely to engage with email marketing content. Just over half (55%) sent marketing emails from these companies straight to their junk folder. They were also less aware of how their data was used to decide which messages they received.
Today, 36% better understand how companies use their data, while 40% believe they have more control over data thanks to GDPR. Four in 10 (40%) say they now get fewer messages from brands, while 62% say they hadn’t noticed emails being more or less targeted to them after the regulations came into effect.
“GDPR has driven up consumer confidence in the email channel – both in terms of data protection and also the value shoppers receive from the marketing emails they have opted in to receive – and this has reinvigorated email’s role as the single most important identifier when looking at consumers’ buying journeys online,” said Rob Massa, general manager of BounceX EMEA.
“However, most retailers are still on the journey to achieving the levels of personalised communications that can keep shoppers engaged and incentivised to drive conversions and grow customer lifetime value. And realising this relies on being able to identify and understand intent behaviours across devices and across channels.”