Creating a GDPR strategy is an inescapable reality for organisations. A Google search brings a vast variety of responses – from what it is and its implications to how organisations can prepare for it. The latter has become of primary importance to brands in the last couple of years (and in the last few months for the less prepared). Companies have realised that a rigorous and comprehensive GDPR strategy is needed for both successful marketing campaigns and to keep the ICO off of their backs.
A key issue is that with control being put back into the hands of the consumer, obtaining and retaining your database’s information requires people to want to be included. This means persuading people that your content warrants them being on your mailing list. However, this becomes problematic when you realise that people are becoming increasingly hostile and untrusting to receiving marketing. High profile cases such as the recent Cambridge Analytica scandal only exacerbates this and reinforces the idea that companies should not be trusted with data.
The Rise of the Data Fundamentalist
Figure 1 demonstrates a piece of longitudinal research that fastmap conducted between February 2017 and December 2017, consisting of over 8000 respondents. The results show a rise in something termed ‘data fundamentalism’ (Westin, Ruebhausen, 2015; Kumaraguru, Cranor, 2005). These are people who agree that consumers have lost control over their data, disagree that businesses handle data properly and that the law provides reasonable protection over their data.
‘Data Fundamentalists’ are defined as:
|Agree||that consumers have lost control over their data|
|Disagree||that businesses handle data properly|
|Disagree||that the law provides reasonable protection|
The graph above shows that between February and December last year alone, data fundamentalism has increased by 8%. This becomes even more alarming when you consider the impact that this has on consent.
Figure 2 shows the difference in consent levels between those who are unconcerned about data handling against those who we consider ‘fundamentalists’. With ‘data fundamentalism’ on the rise, you can expect that the proportion of people who are unwilling to consent to increase accordingly.
In another piece of research, we asked people what would stop them signing up to a specific brand. Figure 3 shows that over 60% of people would not sign up for communications due to a number of data handling issues. The factors illustrated below are taken from our previous research which identified the fears people have over data handling which impact consent. You can find more insight to inform post-GDPR strategy for consent in our guide on The Complexity of Consent.
Data Fundamentalists and Legitimate Interest
The rise in hostility towards marketing content will also have an impact on your Legitimate Interest/GDPR strategy. Those who are apprehensive over data protection will likely find a number of data processing and contact inappropriate. For brands considering sending direct mail to everyone on everything, this is problematic. Figure 3 shows that the largest barrier for signing up to communications is being inundated with marketing content; pair this with the rise in data fundamentalists and you are setting the conditions for complaints about your marketing.
To combat this, organisations should be ensuring transparency while also carefully considering how open their database is to these factors. A recent article on some of our research, written by Lee Witherell from Wise Owl Marketing, highlights how reasonable expectations of data processing varies not only as a function of age, but also between brands. Thus, it is vital that you undertake an evaluation of your own database, to understand who it is reasonable to contact and on what topic.
In a recent quote from the ICO at a lecture at the Institute of Chartered Accountants:
“The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.”
Such a framework can be only be built by understanding your database and by researching and understanding the varying opinions within it. In doing so, you will create healthier and more sustainable relationships with your database, while also ensuring that you have demonstrated your due diligence to the ICO.
This article was written by Tom Burke, Insight Executive at fastmap.
We have recently released a new Legitimate Interest Industry Report that includes forwards by the Institute of Fundraising and international law firm DWF. For more information about fastmap’s research into GDPR and data protection, Legitimate Interest, consent and more visit www.fastmap.co.uk or get in touch with David Cole, Managing Director, fastmap on
+44 (0) 20 7242 0702 firstname.lastname@example.org.
Westin, A. F., & Ruebhausen, O. M. (2015). Privacy and freedom. Ig Publishing.
Kumaraguru, P., & Cranor, L. F. (2005). Privacy indexes: a survey of Westin’s studies.