22 December 2024, 12:20
By Dene Walsh Sept 04, 2015

How to prevent your consumer data being outlawed

Furniture retailers in the UK need to prepare for the forthcoming EU data law, or risk the possibility of fines running into tens of millions of euros – plus the possibility of members of the public being able to claim damages for misuse of information, warns Dene Walsh …

When the new EU regulation – or General Data Protection Regulation (GDPR) – comes into force, retailers will need to ensure that the consumer information used for marketing purposes meets the strict new compliance standard.

The date for the introduction of GDPR is yet to be decided, and it could be as far away as late 2017, but, given the amount of preparation needed by those with even a modest database, time is not an abundant commodity. 

The key tasks in preparing for the new regulation are auditing to ensure data meets the new opt-in permission consent standard (and refreshing it to the new level where it is not), creating an effective storing system for consent forms, and providing a data removal system for when consumers act upon their right ‘to be forgotten’.

To be able to continue using existing data there are two key criteria that will have to be met. It is necessary to check whether the level of opt-in permission used when initially collecting information meets the new ‘unambiguous’ terms that will be required, and whether every individual opt-in consent form for every consumer has been kept – either in electronic or paper form.

Even among some specialists in consumer data compliance there is confusion about how consent should meet the ‘unambiguous’ permission criteria stipulated.

Perhaps the best way to describe how opt-in permission will work in future is that it will be like a traffic light system. Consent will have to be sought and provided if you want to convey information about a given subject to a customer or prospect through a given communication channel – for example, information about promotional discounts on bedroom furniture to be sent via email.

If at a later stage there is a desire to communicate on another subject, or in another way, it is like stopping at another set of traffic lights at which further permission must be sought in order to move forward once more.

What this means is that the majority of existing data consent will have to be refreshed by contacting consumers. Also, the collection of new data will have to meet the new standard, and each consent form stored.

Storing consent forms is something that most data owners have never done as it has not been necessary, but in future these forms will have to be presented if requested by the Information Commissioner’s Office (ICO). This is further complicated by the fact that few – if any – CRM systems have facilities for storing electronic consent forms.

“The likelihood of strict compliance enforcement and accompanying heavy penalties will combine with the possible right of consumers to obtain damages for misuse of data. This could create a compensation trend similar to the PPI situation”

The other key element to put in place is the facility for consumers to have their data removed upon their request. A method through which this can be done quickly and efficiently will have to be established, including the creation of a nominated contact point that members of the public can easily identify.

The new law will mean major change, and there will be a temptation to cut corners, or simply ignore some elements of compliance. But this is not a realistic option. It is inevitable that, at some time, every company will come under scrutiny.

The likelihood of strict compliance enforcement and accompanying heavy penalties will combine with the possible right of consumers to obtain damages for misuse of data. This could create a compensation trend similar to the PPI situation. Nobody knows yet, but the possibility exists.

There are very few retail groups or individual outlets equipped to manage compliance tasks on their own. It is therefore important to take as much advice as possible, but only from established reliable sources. Inevitably, an industry of compliance consultants of various types will emerge, but only those with an existing background in handling compliance involving high volume data and market planning should be considered. They will have a heritage in compliance preparation based on existing law, plus they will understand the current technical situation most companies find themselves in, and how change should be applied.  

Once the new regulations have been met it will be sensible to adopt a data regime that includes regular reviews. It is easier to put problems right through scheduled checks than risking sanctions, or having to undertake potentially destabilising major overhauls.

For most retailers there will be considerable cost and work involved in becoming GDPR compliant. It is not something to be welcomed, but it does present a positive opportunity. If you have to refresh opt-in permission by creating dialogue with customers and prospects, you can use it to find out much more about them, their true buying potential, what their trigger points are, and even make direct offers.

GDPR has to be tackled, so it is worth considering using it as a catalyst that enables information gathering that drives income beyond the time and costs imposed by new regulations.

What may be the most effective route for many is the use of sophisticated telemarketing using well-trained operators that that can work to multi-layered scripting. They will be able to accurately interview consumers to establish buying triggers, while appearing to conduct a non-interrogative dialogue. They can gain valuable information on the buying potential of individuals, record verbal opt-in permission, and make any one of a range of different offers based on the details they obtain. 

The new EU law presents retailers of all sizes with an unwanted challenge in understanding and working to the new regulations, but within it is the possibility of improving dialogue with customers and prospects and obtaining benefit if GDPR is tackled positively.

Dene Walsh is the operations director of lead generation service Verso Group, and is responsible for data compliance at the company. He also plays a leading role in compliance in the data sector as a whole as a member of the Direct Marketing Association’s contact centre and telemarketing council. This article was published in the September issue of Furniture News magazine.

© 2013 - 2024 Gearing Media Group Ltd. All Rights Reserved.