GDPR and Data Processing: One size does NOT fit all

GDPR data processing should be used in a bespoke to different audience segments

GDPR and Data Processing: One size does NOT fit all

As GDPR approaches, organisations are focusing on obtaining permission from their customers to continue communicating via specific channels. However, many of these brand owners are neglecting to ensure that those customers are also happy with post-GDPR data processingthe ways their data will be used.

fastmap has previously written about the potential for using Legitimate Interest as a lawful basis for data processing (and as an alternative to Consent), for those customer segments where it is most relevant. Such an approach requires an understanding of how attitudes towards data processing vary across those segments.

Recent research by fastmap highlights how consumer attitudes towards the way their data is processed can vary greatly. fastmap have researched numerous customer databases and developed an approach that assesses risk based on the proportion of different audience segments that consider an activity ‘reasonable’. The lower the proportion considering it reasonable, the higher the risk, and vice-versa.

Table 1 shows that people are generally open to receiving emails from brands, although there are differences in reaction to other channels with younger age groups much happier to receive communications via Text/SMS and Social Media. A recent conversation with my teenage daughter and her friends about the Facebook/Cambridge Analytica debacle, and their relative lack of concern over the “misuse” of personal data, confirmed the ease with which young people share their data.

Legitimate Interest/Reasonable expectation of contact by age and channel

However, Table 2 shows how opinion varies significantly across different age groups, when considering what post-GDPR data processes are deemed acceptable. Whereas some consumers will be happy with an organisation using their data for targeting and marketing communications, others may be unwilling for more sensitive techniques (such as wealth profiling) to take place.

Legitimate Interest/Reasonable expectation of contact by age and GDPR data processing

We have anonymized the data processes in Table 2, but I can tell you that typically fastmap’s research found that customers/supporters are happy for organisations to use their cookie data and/or transaction history (e.g. to improve customer service), but are less willing for their credit and personal financial data to be used.

Attitudes also vary according to which brand or organization is undertaking the post-GDPR data processing – see Table 3.

GDPR data processing differences in opinion by brand

Brand reputation appears to determine what processes a consumer is happy with: a high profile issue with data privacy (e.g. Cambridge Analytica) can quickly cause a hardening of consumer attitudes, and a withdrawal of their consent to undertake certain processes.

And finally, Table 4 shows that attitudes vary even further when we combine age group and brand to create granular segmentation of consumer opinion.

GDPR data processsing differences in opinion

fastmap’s research shows that by understanding your brand’s customer base, you can construct a lawful basis for post-GDPR data processing based on Legitimate Interest whilst continuing to communicate with your customers and use their data in ways that they are happy with.

In this way GDPR compliance becomes a route to competitive advantage: if customers are happy with the way your organisation handles their data, they will engage more willingly with your brand.

fastmap have recently released a new Legitimate Interest report that includes forwards by the Institute of Fundraising and international law firm DWF. If you want more insight on GDPR and Legitimate Interest, download the Legitimate Interest Industry Report.

This is a guest post written by Lee Witherell, fastmap Associate and Founder of independent, data-driven marketing consultancy Wise Owl Marketing.

For more information about fastmap’s research into GDPR and data protection, Legitimate Interest, Consent and more, visit or get in touch with David Cole, Managing Director, fastmap on +44 (0) 20 7242 702 or

Contact Us