Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

GDPR Arrived. You Lost Access to the EU Market. Now What?

“The darkest hour is just before dawn.”
– English theologian and historian Thomas Fuller

It’s a dark hour for many businesses around the globe — they’ve lost access to the European Union market. After countless last-ditch attempts to get EU consumers to opt in to marketing communications (see the deluge in our inboxes over the past few weeks) email subscription lists have been purged. Attributes in customer relationship management systems, content management systems and data management platforms have been deleted. In many instances, businesses have simply stopped serving EU consumers altogether through websites and mobile apps.

Why is this happening? Enforcement of the EU General Data Protection Regulation (GDPR) began on May 25th, forcing many businesses to ask tough questions about their digital marketing and services programs and practices, such as:

  • Do our web forms, registration screens, advertising programs, terms of service and privacy policies meet GDPR requirements?
  • Can we prove that consumers have given consent for all the personal data we collect, store and process?
  • Are the third-party consumer engagement applications and services we employ compliant with the regulation?

Any customer data not mapped to a consent agreement had to be purged. Any digital property with forms and policies that did not meet GDPR requirements had to restrict access for EU users. If businesses didn’t take these actions, they’d be at risk of punitive damage from EU data protection authorities, legal action from consumers and watchdog groups, and brand degradation for being called out as a privacy violator.

For example, the Los Angeles Times was one of several prominent media outlets in the United States who started blocking European users as of May 25th.

“Unfortunately, our website is currently unavailable in most European countries,” they said. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.”

If your business has run into similar difficulties, your dawn will only come by putting your customers first. Before GDPR enforcement, many businesses relied too heavily on inferred, opt-out consent strategies and third-party audience segments from data brokers. As a result, companies risked losing consumers’ trust through irrelevant and even creepy experiences visitors  never signed up for. The GDPR, however, aims to set things right by strongly incentivizing businesses to establish direct, permission-based relationships with customers.

By reorganizing your operations to do this, you’ll not only address many of the toughest GDPR requirements, but also improve the experience your company offers to customers. But, where is the best place to start? Here’s action you can take now to put you on the path to a new dawn of success in the EU marketplace.

Standardize Your Digital Forms and Policies

Standardize the opt-in forms used on your digital properties to meet GDPR requirements, so that they state the specific purpose of the product or service the data will be used for and – in the case of marketing communications – the frequency at which they will be delivered.

Standardize your terms of service and privacy policies so they consistently use clear, intelligible language.  Make sure requests for consent to process data are unambiguous. In addition, the GDPR requires consent to be freely and explicitly given, so never include pre-selected opt-in checkboxes.

Exchange Value for Information

You wouldn’t ask a stranger for their home address or income when you first meet them, would you? Yet, that is exactly how many brands still approach consumers online today. If your registration process is too daunting, consumers won’t bother signing up.

To solve this challenge, ensure your digital properties offer fast, seamless sign-up opportunities that deliver value to consumers and reflect their preferences. For example, try providing  a simple sign-up process that only requires a name, email address and permission to be communicated with.

It will take time and patience, but by delivering value and respecting your customer’s wishes, your EU prospect list will once again begin growing.

Centralize Consent and Preference Data in One Repository

Collect and manage your customers’  data in a central repository to more easily and accurately track their preference and consent choices throughout their relationship with your business. This also makes it easier to re-trigger consent requests when policies change, as opposed to manually sending renewals from multiple siloed systems.

Orchestrate a Unified Customer Profile Across the Enterprise

The GDPR clearly stipulates that using consumers’ personal data in ways they don’t specifically consent to may incur severe penalties. It can also make your business look bad and cost you market share as competitors who better honor their customers’ wishes pull ahead.

To solve this problem, consolidate customer profile, preference and consent data into unified profiles that can be both centrally governed and broadly orchestrated across the entire organization. With all systems aligned around these unified profiles, each customer’s preferences can be consistently honored across every device, channel, and region throughout their entire lifecycle. For the global enterprise, this is the key to building truly trusted and personalized relationships and long-term brand loyalty.

Summary: A Holistic Solution for a High-stakes Environment

The GDPR seeks to put consumers in control of their personal data. In this new era, your efforts to rebuild EU marketing and service operations should build your customers’ trust, not break it, by respecting their wishes at every touchpoint.

The actions we’ve described in this post are big pieces of the puzzle, but there’s more actions to take, options to consider and requirements to meet. If you want the full strategy for providing digital excellence and addressing GDPR compliance across the organization, sign up for our recent webinar with Martin Kuppinger from the independent analyst firm, KuppingerCole.   

By Natalie Monetta

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.