Data privacy in marketing: personalized customer experiences despite complex data protection regulations

Surely, you have had to deal with data protection regulations – not only because you have to take into account the requirements for your own marketing strategy. How does data privacy in marketing works? How can you, as a marketing professional, comply with the legal data privacy requirements and still contact your customers in a personalized manner? In this article, learn what to look for with regard to the implementation of the data protection regulations, how data privacy, hyper-personalization, and marketing automation can be reconciled, and what that has to do with selecting the right software.

What is GDPR?

On May 25, 2018, the EU-adopted General Data Protection Regulation – GDPR for short – went into effect. It was implemented across the entire EU region and applies to all companies that collect, store, and process personal data from European citizens. This alone leads to some initial questions, including what exactly is “personal data”? The definition of personal data is “individual information about personal or factual circumstances relating to an identified or identifiable natural person (person affected)." This includes, among other things, the name, place of residence, employer, a photo, or even an IP address of the person affected.

Data privacy in marketing – what do I have to pay attention to?

Within the context of GDPR, your customers are now afforded legal rights to various actions in connection with their data:

  • Access: They may request their personal data that are in your possession at any time. Upon request, your company must give your customers access to their personal data by providing them with an electronic copy at no charge.
  • Update: Is your customer moving? Or obtaining a second citizenship? Or would like to use a new contact e-mail address? In all such cases, you must ensure that the customer’s data can be corrected or updated at any time.
  • Inform: Your customer has given you the approval to use his/her data for a particular purpose. If the circumstances associated with that purpose change, it is mandatory that you inform the customer of this and request a new consent.
  • Contradiction: One of your customers signed up for your newsletter but wants to unsubscribe now. You must comply with this request immediately. In addition, every newsletter has to contain a reference to this right of appeal.
  • Forgotten: Your customer wants you to erase his/her data completely. Can a customer require you to do so? Unless the data is subject to any statutory requirements, such as the 10-year invoice retention requirement following the conclusion of a business transaction, any personal customer data must be deleted at the customer’s request.

Privacy by design vs. privacy by default

There are two keywords that were previously used as technical keywords, but have become core concepts under the new legal situation: They are “privacy by design” and “privacy by default.” They have a new meaning now and are even part of the legal framework in Article 25 of the GDPR.

Data privacy in software DNA

With privacy by design, you can comply with data privacy requirements preemptively. After all, they are incorporated and taken into account in the programming and design of data processing steps early on during the software development. Two examples are data minimization – the collection of only the personal data that is required for a specific processing purpose – and anonymization – the separation of the data that identify a person and the individual personal data.

Minding data privacy

The term privacy by default is defined as data privacy-friendly default settings. They must be implemented in a way that makes all users, regardless of their technical understanding, intentionally agree to the use of their personal data. This is mostly done with an opt-in option. Additionally, any changes to how the data is used, such as for advertising purposes, must be actively communicated. A suitable actual example is a company’s General Terms and Conditions the user must explicitly agree to. In this case, the default for the approval check box should be empty instead of already checked.

How can the right software help with data privacy in marketing?

When it comes to the automation and segmentation of customer communication, you might also be in a GDPR-sensitive area. If your company uses data analyses to segment customers by customer value, this alone is not a problem in regard to GDPR. However, if you develop and apply an algorithm to automatically contact customers from these segments and reach out specifically to those customers who are most likely to purchase a particular product, you have to check the GDPR guidelines very carefully and might have to implement additional steps.

"The transition to data-based marketing comes with several challenges: First and foremost, there is the critical requirement of implementing the GDPR guidelines, meaning the move to uniform standards when dealing with sensitive data."

Stephan SigristW.I.R.E., “Decoding Digital Marketing” 2018

It might be necessary, for example, to obtain the appropriate consent from your customers. Your customers may also request the disclosure of processes that the automated decision-making is based on. Companies and organizations that violate GDPR requirements face steep fines. That is why the selection of a software partner to design your intelligent customer journeys is of such central importance.

The premium class, but possible with the right software: You can be GDPR-compliant in your customer interactions while still evoking “wow” moments.

Designing GDPR-compliant customer journeys

There are so many regulations and uncertainties that can easily lead to confusion among marketing professionals and other data jugglers. Naturally, you, as a data-responsible entity want to avoid fines and negative customer responses. There is no reason to give up though! Once you understand the basics of the GDPR, have implemented it correctly and completely, and treat your customers with honesty, transparency, and respect at the same time, then all you need is a software solution that facilitates your work of automating your customer journeys.

BSI Studio – the epitome of privacy by design

With BSI Studio, you can design automated customer journeys that are quite easily adaptable to your data privacy strategy and the GDPR requirements. If you were GDPR-compliant in the way you procured the data, you don’t have to worry when it comes to your marketing campaigns – because BSI Studio was developed in accordance with the privacy by design principle. This means that the foundation for compliance with privacy policies is already in place.

"CRM and data privacy do not contradict each other; to the contrary: To manage customer relationships professionally and within the law, you need a CRM solution. For us, privacy by design is not just a buzz word, but a stated goal and a genuine concern.”

Chris RuscheBSI

For example, customer data is closely connected with a campaign in BSI Studio, a so-called customer story: The data is specifically selected and loaded for the story based on a defined target group. Once a campaign in BSI Studio ends or expires, the data obtained in the course of the story is archived unless steps are used that were specifically developed for data storage. If at a later point in time, a different story is generated, the data will be fed in again from the back-end systems based on the target group you defined. BSI Studio does not store data in the long run.

The challenge: Strict data privacy on the one hand, and the trend toward individualization on the other hand.

Proactively dealing with data privacy in marketing

When sending newsletters, SMS messages, WhatsApp messages, etc. from BSI Studio, you can use BSI Studio’s content management system. This allows you to easily incorporate the approval and management of data privacy settings. You can add a step in your customer journey to secure your customer’s permission. The customer journey in BSI Studio will not continue until your customer has given his/her consent. Using Mission Control in BSI Studio, you can view in detail and in real time how many customers have not yet been asked explicitly for their permission. Use this opportunity to continuously optimize your data privacy strategy.

Data privacy steps

BSI Studio also offers a variety of practical steps that deal specifically with the topic of data privacy and can, therefore, be used when designing customer journeys:

  • The “Advertising block” step allows you to send communication only if there is no advertising block for the customer. If your customer requests as part of a campaign that you no longer contact him/her on a specific channel or regarding specific topics, you can simply use the “Set advertising block” step thus automating this process. As a result, an advertising block is in place for the customer, and he/she either will no longer be contacted or will only be contacted selectively based on his/her preferences.
  • Thanks to a double opt-in function, the consent to marketing communication is a two-stage process: In the first step, the prospect provides his/her contact information, usually on a form where the e-mail address is entered. Then, an automatic e-mail message is sent out to have the registration confirmed. You can integrate this functionality in a story with the “Opt-in/out” step.
  • The GDPR grants EU citizens the right to access their personal data. If you receive such a request, you must provide your customers with a free copy of their data. In BSI Studio, the “Reference” step conveniently handles this task for you, while the “Transfer” step sends the electronic copy to the customer. You can very easily incorporate both steps into your campaign.
  • Customers can also revoke their earlier consent during a campaign. In this situation, the “Forget” step will help you erase the appropriate contact from BSI Studio. This action is then automatically applied to all campaigns the customer participates in. If BSI Studio is linked to BSI CRM, the data is removed from both systems through the associated deletion concept.

CRM for marketing: BSI CRM minds data privacy

It’s easy to manage opt-ins and opt-outs in BSI CRM. In addition to a complete advertising block, you can set contact blocks at different levels: Not only can contact blocks be set up on the channel level but also the address level. These can conveniently be linked directly to the relevant communication and can thus be used as clean, historized evidence of your customer’s request. Individual interests and entire interest groups, such as events, surveys, and newsletters – so-called themes – can serve as a basis for opt-ins/outs and can also be linked to communication pieces as evidence.

BSI Studio and BSI CRM – a powerful team when it comes to data privacy in marketing

This data privacy-specific functionality in BSI Studio works smoothly in combination with BSI CRM. However, BSI Studio does not necessarily have to be linked to BSI CRM. It also works as a stand-alone solution – and does so rather well. When linking the two solutions, both benefit nonetheless in terms of the quality of the data and the central management of customer relationships, which allows the seamless integration of customer data. If the deletion of data in BSI CRM is requested, this request is automatically taken into account in BSI Studio – and vice versa. This reciprocity ensures the synchronization of customer data processing by all teams, departments, and functions – from marketing to customer service.

more about data privacy and CRM

Date