Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

GDPR

Consumers warm to brand data handling post-GDPR

Two in five consumers (41%) say they are more comfortable and confident that brands are handling their data correctly due to the introduction of the General Data Protection Regulation (GDPR).

In addition, fewer people find themselves often questioning how a brand got their data in the first place than a year ago, according to the DMA’s ‘Consumer email tracker 2019’ report.

The research delves into consumers’ perceptions and preferences – when it comes to the channel most (59%) prefer brands to get in touch through email. In 2018, consumers believe they received less email than ever before, estimating this at around 57 per week to their personal inboxes – down from 73 in 2017 – and less than half of these (44%) are from brands.

In addition, consumers estimate they’re signed up to receive email messages from around nine different brands, which has also declined from 12 in 2017. The DMA says the figures are a potential by-product of the new laws and consumers’ belief they have more control over the marketing emails they receive.

Rachel Aldighieri, MD at the DMA, said: “Despite the challenges that the GDPR may have brought to marketers and their organisations, it has clearly had a positive impact on consumers. The fact that so many of the people we surveyed said the new rules have made them more confident about how brands treat their personal data should be seen as a very positive step. This year’s report highlights the power of email to be at the heart of brands’ communication with customers, being the central channel that others can then be built around. However, it’s fundamental that marketers combine convenience and relevance, building relationships based on transparency and trust.”

Phil Draper, Chief Marketing Officer at dotdigital, which helped pull together the data, said: “Creating powerful, two-way relationships with consumers should be at the core of all modern marketing strategies. It’s what consumers want, and what marketers are working to deliver. The fact that brands have reduced the number of emails they’re sending is an indication that brands are focusing more on delivering relevant and interesting content.”

Unsubscribe doesn’t have to mean unsubscribing

The most predominant reason for unsubscribing from a brand’s email programme is receiving too many messages (59%), followed by the information no longer being relevant (43%) and not recognising the brand (43%). Most people (70%) take action via the brand’s website or the button within an email, with 40% expecting to never hear from that brand (via email) again or only receive transactional emails (23%).

However, almost one in five expect to be taken to options where they can change their email preferences (9%) or to some form of survey (7%), offering marketers the opportunity to retain that customer by changing their approach or, at the very least, better understand why they’re leaving.

When offered this opportunity for control, around a third (36%) say they would like to reduce the frequency of emails they receive or specify the products/services they hear about (31%) – two of the key reasons they may have clicked unsubscribe in the first place.

Marcus Gearey, Chair of the DMA Email council’s research hub and Analytics manager, Zeta Global, added: “The management of the inbox is an attempt to maximise utility and minimise disruption. The right message of the right value still wins: too many of the wrong one makes it difficult to get that consumer to change their mind that your brand belongs in their spam folder rather than their inbox.”

IAB responds to EU privacy complaints

The Internet Advertising Bureau (IAB) Europe has responded to complaints filed by campaigners with Data Protection Authorities (DPA) in the UK, Ireland and Poland, which make specific reference to the IAB OpenRTB Protocol and IAB Europe Transparency and Consent Framework (TCF).

The complaints allege that programmatic advertising using real-time auctions are inherently incompatible with EU data protection law. The premise of these challenges is based on communication between IAB Europe and the European Commission, from April 2017.

At the time, these conversations were part of a dialogue around the planned implementation of GDPR and revisions to the ePrivacy Directive.

IAB Europe was asked to provide details of potential challenges that would be faced within the digital advertising ecosystem, to ensure regulations developed were appropriate for use and could be implemented without limitation across the entire value chain.

The limitations identified at that time focused on how notice and choice could be given to consumers regarding the use of their data for targeting purposes. These limitations have since been addressed by the development of the Transparency and Consent Framework and IAB Consent Management Platform (CMP) by IAB Europe.

IAB Europe says it remains engaged with the European Commission and regional DPAs on behalf of members and the broader digital advertising industry, and adds that a similar dialogue has been attempted with the instigators of the complaints.

The IAB statement read: “These claims are not only false but are intentionally damaging to the digital advertising industry and to European digital media that depend on advertising as a revenue stream.

“IAB Europe has consistently tried to outline the counter arguments and correct information, mentioned above, to the claimants. However, they have consistently chosen to ignore the facts, bringing more inaccurate information to support their case. Their errors of omission could therefore be characterised as either misrepresentations or just fabrications.”

Click here to read the full statement from IAB Europe.

Has GDPR made marketers more data conscious?

The introduction of the General Data Protection Regulation (GDPR) in May 2018 has undoubtedly disrupted inbound and digital marketing strategies.

From adding compliance overhead to the soaring cost of inbound campaigns and fear of non-compliance undermining confidence in outbound campaigns, marketers are struggling to meet revenue targets.

But GDPR has also served as a massive wake-up call: marketing teams have, finally, recognised the sheer inadequacy of existing data resources.

James Isilay, CEO, Cognism, welcomes a new generation of revenue focused, data-aware marketers who are confidently combining trusted, compliant data resources with Applied Intelligence to deliver focused, targeted outbound marketing campaigns that result in a significant revenue uplift…

Blessing in Disguise

Marketers have had six months to come to terms with the realities of a post-GDPR world, but as the dust settles it is not the fear of punitive fines that is dominating the agenda but the challenge of achieving ROI given the spiralling costs affecting every stage of the sales and marketing funnel.

From the addition of the Data Protection Officer to the sheer weight of compliance overhead now borne by marketing and the spike in PPC costs, the marketing budget has taken a massive hit. The logistics associated with meeting GDPR requirements for routine data cleansing, ensuring that contacts are registered and that any out of date records are deleted are without doubt a challenge for many companies.

Yet what has really taken many by surprise is the sheer inadequacy of existing sales and marketing databases – and the knock on implication for marketing campaigns. The fact is that approximately one-third of data degrades every year and most sales teams have been using data that is up to 60% out of date: recognising and addressing this fact alone will make GDPR a blessing in disguise for marketing teams.

Data Confidence

This new era of data awareness is, in many ways, long overdue. If companies want to maximise the value of marketing data resources, the number one priority has to be accurate and up to date information. That means ditching the spreadsheets and embracing a CRM platform to achieve better data control; and it means ensuring that any data provider is by default providing GDPR compliant data and can prove strong privacy and compliance credentials. But it also means recognising and addressing the speed with which data degrades: how is the business planning to ensure data is kept up to date, accurate and alive?

It is only when armed with a trusted, accurate, real-time and GDPR compliant data resource that a business can truly begin to transform marketing performance, and hence improve the revenue stream. Combining this trusted data resource with Applied Intelligence (AI) marketing can transform performance – from gaining more insight into customer personas to identifying purchasing triggers, and delivering highly targeted, highly effective outbound campaigns.

Global Compliance

Compliance to data privacy regulations is becoming a fundamental requirement for marketers globally – from Canadian Anti-Spam Legislation (CASL) to the diverse interpretations of GDPR throughout Europe and state-specific demands in the US – and that is great news in raising data awareness and understanding. But no marketing team is rewarded for achieving regulatory compliance: it is driving revenue from those data resources that remains the primary goal. And with the cost of inbound marketing campaigns continuing to spiral, there are very real opportunities for those companies able to combine real-time, compliant data resources with AI to deliver highly targeted, highly effective outbound marketing to drive tangible revenue uplift.

GDPR still causing small business owners problems

GDPR is still causing small business owners problems, with many admitting that they are ‘clueless’ when it comes to the do’s and don’ts of data privacy regulations.

Aon commissioned researchers to poll 1,000 small business owners and found that many have procedures in place which could result in multi-million pound fines through ignorance of the new law, brought in from 25th May 2018.

More than a quarter of those polled allow staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home.

One in 10 also revealed they have visitors books in their HQ – where visitors can freely see details of others who have been there previously.

Paper diaries were still used by 26 per cent of businesses – which could contain private information or customer details and be easily misplaced.

And ten per cent said the circulation of printed out sponsorship forms – which often contain names and addresses – is common at their place of work, which is another contravention of GDPR rules.

Chris Mallett, a cyber security specialist at Aon said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

TOP 10 MOST COMMON WAYS SMALL BUSINESSES ARE, OR COULD BE BREAKING GDPR RULES:

1. Allowing staff to use their own computers, tablets or phones for work purposes – if personal data isn’t encrypted
2. Staff using papers diaries used for work purposes and containing personal information – major risk of them being misplaced or falling into the wrong hands
3. Using training materials which feature full details of real life case studies
4. Using images which feature customers to promote your business
5. Storing files which potentially contain personal data outside of a defined structure/naming system
6. Using images to promote your business which feature members of staff wearing nametags
7. Holding unencrypted CCTV footage where individuals are recognisable
8. Recording customer calls which capture customer card details
9. Visitors books where visitors can see other people’s information when signing in – such as names, company they work for, their vehicle registration number etc
10. Staff members circulating sponsorship/charity donation sheets

Complaints to the ICO ‘have doubled’ since GDPR came into force

Complaints to the Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since the General Data Protection Regulation (GDPR) came into effect, according to law firm EMW.

There were 6,281 complaints between May 25 2018, when GDPR came into force, and 3 July 2018, a 160% rise from just 2,417 complaints over the same period in 2017.

EMW says that businesses should be concerned about the significant increase in complaints and the size of potential fines that can be levied under the new GDPR.

Under the new regulations the cap on each fine will be raised to £16.5 million (or 4% of worldwide turnover of the entity being fined) – 33 times more than the current maximum £500,000 fine.

Increasing numbers of individuals are making complaints over potential data breaches, including some more disgruntled consumers making several, repeated complaints. Greater media publicity and Government advertising means there is a heightened awareness of individuals’ new data rights under GDPR. There is now a greater public focus on the accountability of businesses of all sizes in handling personal data.

EMW says individuals are most likely to make complaints when their sensitive personal and financial data is at risk. The financial services sector received over 10% of all complaints (660), with businesses in the education and health sectors receiving a combined 1,112 complaints.

James Geary, EMW Principal for Commercial Contracts, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled consumers prepared to use the full extent of GDPR that will create a significant workload for businesses.”

“We have seen many businesses are currently struggling to manage the burden created by the GDPR, whether or not an incident even needs to be reported. The reality of implementation may have taken many businesses by surprise. For example, emails represent one of the biggest challenges for GDPR compliance as failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine. The more data a business has, the harder it is to respond quickly and in the correct compliant manner.”

37% of UK businesses ‘still not GDPR compliant’

New research shows that over a third of UK business haven’t fallen in line with GDPR, while a similar amount still send marketing emails without consent.

A survey of 1,021 UK workers carried out by MarketingSignals.com, revealed 37% confess they are still not following the General Data Protection Regulation (GDPR).

When asked to elaborate on why the business wasn’t falling in line, 35% said they are still sending marketing emails without the expressed consent.

In addition:

  • 31% say they still have the data of those who haven’t agreed to opt in to having their data stored.
  • 27% say they haven’t secured the data in case of a ransomware attack.
  • 22% say they have a longer process for those choosing to opt out from receiving information.
  • 14% say their firm hides privacy choices from people
  • 17% say they are still unsure as to what the benefits of GDPR are

Gareth Hoyle, managing director at MarketingSignals.com said: “The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR regulations. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible.

“Businesses need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected which is a good thing for UK businesses.”

81% of UK marketers feel ready for GDPR, but their employers may not be

GDPR awareness is at its highest level since 2016 and 81% of marketers feel prepared – although 7% say their employers still have no plan in place.

The deadline for Europe’s most significant overhaul of consumer data privacy laws is this coming Friday (May 25th) and the Digital Marketing Association (DMA) has published research that finds UK marketers’ confidence in their GDPR preparations is at an all-time high.

The report, ‘GDPR & You – Chapter 5’, found that 81% of marketers are confident in their understanding and preparedness for GDPR, having steadily grown from 49% since the DMA’s first survey in 2016.

However, one in five (20%) of marketers state that their employers are behind schedule and will not be ready to comply with GDPR by 25 May. Worse still, 7% state that their organisation do not have a plan in place for GDPR.

Although not being enforced until 25 May, the transition period for organisations to become GDPR compliant began two years ago, and the DMA says there is a growing belief that the benefits of the new regulations to consumers outweigh the disadvantages to businesses, with more than half (52%) of marketers believing this to be true.

“It is encouraging to see that GDPR awareness and preparedness is at an all-time high, with marketers increasingly optimistic about the benefits of the new legislation,” said Chris Combemale, CEO of the DMA. “GDPR is a fantastic opportunity for organisations to build consumer trust and highlight to their customers the benefits of sharing their data. Organisations should use it to build a culture within their business of putting the consumer first and improving their experience.”

68% of marketers believe their employer is either on track or ahead of schedule with GDPR compliance.

In response to the findings that one in four marketers’ (27%) believe their organisations are either behind schedule or without a plan, Combemale said: “While the Information Commissioner’s Office (ICO) has stated that they will be pragmatic before handing out penalties, these companies must show evidence that they are doing everything in their power to be ready. Otherwise they won’t just be receiving fines from the ICO; they could lose their customers’ trust and be at risk of security breaches, with the reputational damage posing a real threat to brand and share value.”

Over a quarter of marketers have received no specific training in GDPR

One of the biggest priorities for marketers and their organisations surrounding GDPR and highlighted in the report revolves around staff training – with a spike in the past six months in the percentage of marketers who feel they have received appropriate training for GDPR, up 21% from November 2017 to 54% in the latest survey.

But the DMA says it’s a concern that despite the complexities of GDPR compliance and its impact on how organisations communicate with customers, more than a quarter of marketers polled (27%) have had no specific training to date. 34% felt that more training was needed and approximately 68% believed training will help their organisation comply beyond the deadline.

Find full details on the report on the DMA website, here: https://dma.org.uk/article/gdpr-and-you-chapter-five 

Two thirds of UK firms won’t be GDPR compliant by May 25

New research says UK companies are massively ill-prepared for this week’s General Data Protection Regulation (GDPR) enforcement deadline.

Less than a third (29%) of organisations surveyed by USB drive specialist Apricorn felt confident they would comply, and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.

Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance.

On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training, and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.

While one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.

The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%). However, 30% still worry they could fail to comply due to mobile working, and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption.

“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe,” said Jon Fielding, Managing Director, EMEA Apricorn. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.”

Firms still not ready for GDPR with less than 3 weeks to go

Only 6 in 10 company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in later this month, a new survey from the Institute of Directors reveals.

The poll of 700 bosses shows many businesses remain unprepared for the changes with just three weeks to go until GDPR comes into force.

Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view. Many business leaders are also less sure about how the new rules will affect their firms, with around 40% reporting they are not confident or unsure as to how GDPR will impact their company.

In preparing for the reforms, businesses were most likely to turn to external private advisors, business membership organisations, such as the IoD, and the Information Commissioner’s Office (ICO) for guidance. The IoD has so far directly assisted over a thousand of its members, providing guidance and template policies.

The new laws predominantly impact how businesses engage with customers and clients. However, directors also report that GDPR compliance is affecting processes in HR and IT, as well as their governance practices.

“GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon,” said Jamie Kerr, Head of External Affairs at the Institute of Directors.

“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.

“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline”.

60% of UK businesses won’t be ready for GDPR deadline

A new report by Crowd Research Partners has revealed that only 40 per cent of organisations are either GDPR compliant or well on their way to compliance by the May 2018 deadline.

The report highlights the lack of GDPR expertise and an overall underestimation of the effort required to meet GDPR, which represents the most sweeping change in data privacy regulation in decades.

The key findings of the study include:

  • A whopping 60% of organisations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.
  • While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise; an alarming 25% have no or only very limited knowledge of the law.
  • The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.
  • Approximately a third of surveyed companies report that they will need to make substantial changes to data security practices and systems to be in compliance with GDPR. The highest ranked initiative for meeting EU GDPR compliance is to make an inventory of user data and map it to protected EU GDPR categories (71%), followed by evaluating, developing, and integrating solutions that enable GDPR compliance.

The 2018 GDPR Compliance Report has been based on a comprehensive online survey of IT, cybersecurity and compliance professionals in the 400,000-member Information Security Community on LinkedIn, and has been produced in partnership with Alert Logic, AlienVault, Cavirin, Data443, D3 Security, Haystax Technology, and Securonix.

To download a copy, click here.

  • 1
  • 2