Many businesses report their GDPR-driven data privacy and protection efforts leading to more sales and better relationships with their customers.
Others find their GDPR compliance has actually disabled their marketing efforts.
Which are you?
The truth is your data privacy management should enable good sales and marketing. After all, what is the point of having good data privacy if there’s no customer data to protect?
Anyone thinking GDPR was nothing more than an expensive, time consuming and confusing exercise without a positive outcome is wrong. If you’re not seeing an “upside”, whatever it is you’ve been doing needs to be reviewed and refreshed.
Because if you’re getting the protection, privacy, accountability, transparency and trust bits right, you can use them to enhance your ability to sell more, to more people and keep them as customers for longer.
Which is what every business wants. Right?
Based on simply looking at the numbers of emails I receive nowadays, it looks as though many businesses are struggling to re-enable their direct marketing. Even those for whom I am a regular customer appear to have chosen to withdraw from using direct communication to encourage me to continue buying. Is it possible that the confusion and conflicting advice about keeping your marketing working whilst observing the changes in regulation has frustrated you, annoyed you or sapped your confidence? If this is the case, how do you go about putting things right?
You can start with this.
“But that’s not what it’s for!”
A little background might help put this into context for you.
I became involved in managing data privacy in my role as a direct response marketer. Knowing that GDPR was coming, I enrolled on a course to discover more about it.
Very quickly it was clear to me that working in tune with the principles and upholding the rights given to customers meant I could use GDPR to build trust.
In my day-to-day work at the time, writing direct response sales copy, the first thing I was trying to achieve, after attracting attention, was trust.
When marketing any product, trust is incredibly hard to achieve. Especially from a standing start. Trust is the foundation of each sale you make. Yet here was a regulation which didn’t just embrace trust, it was built in. While everyone else was banging on about “compliance”, I was thinking about using this to generate trust.
If you read the wording of the articles and recitals of the GDPR it’s right there. Even the Article 29 Working Party (now the European Data Protection Board or EDPB) guidance on the preparation and use of a privacy notice could have been lifted straight out of a direct response marketing textbook. In effect,
“Use plain English, be clear and concise, don’t use word modifiers, be easy to find.”
(A “word modifier” is called a “weasel” in the sales copywriting trade – they are to be avoided because they are used to deliberately introduce uncertainty.)
Do as the GDPR suggests and you have a method of earning the trust of your sales prospects right there. Once you have earned basic trust, you can develop it all the way through to making a sale.
That’s right. Properly implemented GDPR can help you sell more stuff. Being frank and open about how you go about data privacy can help you to stand out in your marketplace.
Which is to INFORM your prospective customer.
(For the sake of clarity, a privacy statement is the same as a privacy notice, in that their intended reader is a data subject, usually a customer, sometimes an employee.)
Being informed is the first right your data subjects are given by the GDPR. Yet it is often missing from privacy policies, statements or notices.
If your business is to genuinely “uphold the rights and freedoms” of your data subjects, you need to tell them what you plan to do with their personal data when you collect it. Only then can they make an informed choice about whether or not they want to let you borrow it.
Your Privacy Statement or Notice helps to inform this choice – if you turn it into a window on your processing of personal data. People can see you are serious about how their personal data is used if you are transparent and open about what you do with it. If they approve of what you say, they will trust you enough to allow you to move on to the next stage. Your first trust step is taken, the foundation of your relationship with your customer is established.
You see your sales prospect has a default position when it comes to buying things and that is to keep their cash in their pocket.
Think of them as having a big switch controlling their buying behaviour. There are only two settings,
If you don’t take advantage of the opportunity to inform your sales prospect, the switch will stay firmly in the “off” position. “Not for me.”
Obviously, there’s more you need to inform them about than simply how good you are at protecting their personal data. You’ll want to inform them about what your product can do for them and the results they can expect to experience if they decide to buy from you.
However without trust being in place first, they probably won’t be listening. The switch is off.
Unless you choose to try to overcome the absence of trust by making use of a kamikaze discount: 50% off!
Kamikaze discounts are all the rage amongst people who don’t understand how profit margins work. They may well attract new customers to your business in lieu of trust. Yet because your new customer relationship is based on “cheap” and not on “trust”, the sad truth is they’ll leave you for the next cheap offer. Unless of course you want to keep crippling your profit margins with endless cut price offers. How long can you keep that going for?
Remember the default position for that big switch is “off” – “Not for me”. Or in the case of a price cutting war, “Not buying from you.” as the customer slides from one cheap supplier to the next.
You might already be able to see now how a properly prepared privacy management programme can help you to take advantage of the “instant trust” made available to you by the GDPR.
It is a small step, of course it is, but a critical one. This is the step which can overcome the inertia keeping that customer buying switch at “Off”.
Once the switch is moved to the “On” position, your customer is thinking about the next step of making a purchase. You will probably have several additional steps to take before you actually make your sale. Without that important first step, the switch will stay resolutely in the “off” position.
It is also worth pointing out this switch can flop back to its default “off” position at any time. You need to make sure the rest of your sales messages are designed to keep your sales prospect interested, which is much harder than it sounds. But it is made that little bit easier if your sales prospect actually trusts you. This trust being based on how you intend to behave towards the use of their personal data. In other words by offering them:
So why do you make your privacy statement or notice so hard to find?
But if you’re trying to persuade someone to buy something from you, especially in this modern data economy, you need to encourage their trust.
Naturally, you can only build trust in your use of their personal data if you tell them what your plans are. If you take the time to notify them in a way which they find relevant and easy to use.
Place the links to your Privacy Statement where it’s easy to find them. Top level navigation would be good. This needs you to go beyond “compliance”. You need to turn this into a sales conversion argument.
“We take your data privacy very seriously”
say most data controllers who actually don't...
If your prospective customer has just had to spend five minutes scrolling around trying to find the page containing this line, you might forgive them for being just a tiny bit sceptical.
If they can’t read or understand your privacy notice, they are not informed. Which isn’t a solid foundation for your marketing objectives, which should include, “keeping them for longer” and “selling them more”.
These last two factors are what makes customer personal data of value to your business. You only get to borrow personal data for as long as the data subjects (your customers in this case) will let you. It makes sense to use it to attract as much value as you can.
The Information Commissioners’ Office (ICO) in the UK provides guidance about what should be in your Privacy Notice. You can read about it here: Click here for ICO advice.
The wording of the GDPR itself is crystal clear. You’ll find it in Article 13, which deals with the information you need to provide, “where personal data are collected from the data subject”.
It states that at the time when personal data are obtained you should provide the data subject with all of the following information:
The GDPR continues, “In addition to the information referred to (above), the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:”
This all seems like a lot of effort and you probably reckon nobody will read this sort of information anyway. Which is why you need to think about how you can present all this in a usable format.
The ICO suggests using a “layered” presentation and I think this is a good option for you in terms of your sales presentation. There are now some really good template documents you can build yourself online. What you need to be wary of is how you present your privacy information.
The last thing you want to do is go to all the trouble of getting someone interested in buying from you, only to be directed to a “privacy” page before they click on the buy now button. If you haven’t got the information arranged in an accessible and engaging way, some of them might not come back.
So it makes sense to answer the key questions on your prospects mind and do it “in line” as part of your ordering process. Don’t leave unanswered questions lying around.
Answer their important questions first, which will usually be:
On a website, it is easy enough to make use of a tabbed, accordion or FAQ-style layout to present these questions and answers as succinctly as possible.
We are On Data Privacy Ltd, the data controller. For contact information please see our Privacy Centre.
We’re collecting your name and email address
We will use your data to send you monthly newsletters by email, we can only do this if you provide consent for us to do so (by ticking the box below)
Your data will be shared with our Email communication system based within the EU who act as a data processor in accordance with our instructions. Your personal data will not leave the EEA.
We will keep your personal data for as long as we have valid consent from you. It will be deleted when you withdraw consent.
For more information regarding your rights or making a complaint, please see our Privacy Centre.
You might find this inappropriate or ungainly but all it’s doing is dealing with unanswered data privacy questions in the minds of your sales prospects. You are being transparent.
If you don’t answer these questions, you might not make the sale. Unlike many of your competitors who seem to want to put a guard up when it comes to transparency, which risks pushing sales away, you are going to use this to draw them closer. It’s all part of learning to take advantage of the modern data economy.
Answer the easy questions first and keep control of the sales conversation. When you need to refer to more detailed or standardised information, you can include links to your full Privacy Notice or Statement, where all the information about rights, complaints and full contact information can be found.
So now you have collected personal from data subjects and they are either a customer of some sort or a “qualified lead” in terms of their membership of a marketing list. What happens next?
You can only make use of personal data on the basis of the data subject allowing you to do so. They have only loaned it to you. If you are to make use of it and extract some value from it, you need to uphold their rights over the use of their personal data.
What will happen when your customers start to invoke those rights?
You need to attach much more importance to this than simply plonking an email address into a web page for people to use to raise their subject access request. It may well be “compliant” in its most basic sense but you’re just asking for trouble in terms of managing your response. You also risk letting that “buy?” switch return to its default position of, “not for me” if you don’t handle this properly. Which could result in you losing the permission to process the personal data. Which means lost sales.
If you are to keep the “buy?” switch in the “for me” position, you need to make Subject Access Requests easy for customers to use. Make it difficult for them and the hard-won transparency becomes opaque, trust can be lost and the switch is closed again. Once closed, you have to start the process of building trust all over again.
The Subject Access Request is part of your ongoing relationship with your prospects and customers. Get this right and you can reduce losses of “permission” to communicate with them and the consequent loss of sales. Ignore this and you’re telling your potential and existing customers all they need to know about whether or not they should still trust you.
So if you’re upholding people’s rights, you need to make it easy for them to raise a subject access request with you. If you look at GDPR and data privacy positively, you’ll see all this as an opportunity to answer a question, to take ownership of the relationship with your customers. If you stopped paying attention as soon as you thought you had achieved basic “compliance” with the GDPR, it could be you have a less customer-centric approach.
Either way, the SAR – and your response to each one – is a potential minefield for small, independently owned businesses. It is also your opportunity to quickly establish control of the conversation with your data subjects. If you have a manual process for handling this, all credit to you. You’re doing better than many. However I think we can improve on it for you.
Enter Tap My Data. It’s an app which gives you the means to handle Subject Access Requests made to your business. Your data subjects can access it easily using their smartphone. It handles the tricky subject of data subject authentication and gives you the means to “triage” your access requests so you are in control. Enabling you to identify the requests made about real data subject rights problems and focus on those. It’s the solution to the problem you didn’t know you had.
You have one month to respond to each subject access request. Tap My Data keeps you well within that deadline.
Which means your customer facing staff can focus on what your customers need. If they have questions about personal data and invoking their rights, with Tap My Data you have an effective means of dealing with them efficiently. If you are able to respond positively to subject access requests, you can keep that “buy?” switch in the open position and move on to keeping those customers satisfied for longer. Building that trusting relationship, selling them more and increasing the value of the personal data your customers have let you borrow.
Yes I know there are lots of caveats and conditions regarding whether you really need to respond to a particular SAR in a particular way. However instead of arguing the toss with every single request, wouldn’t it be refreshing to just answer the question and get on with it?
Let’s face it, getting into an argument with every single access request isn’t going to win you many friends.
Being customer focused, accountable and professional all at the same time won’t do the public perception of your business any harm at all. Obviously, data subjects can use apps like this to hold data controllers to account. If this is the kind of tool a private individual can easily deploy to test your accountability, you probably want to be matching them with capabilities of your own.
Use privacy notices as a sales letter, transparency as the attitude towards your customers, accountability as your standard business approach to data privacy. Prove you are upholding those rights every day as part of the natural rhythm of your business and you’ll be rewarded with trust.
And as an old direct marketing copywriter told me many times, “trust means sales”.