For twenty years, new information technologies have increased the ability for businesses to collect, store, read, share and use the personal information of individuals. These activities have had many positive effects on the economy in general and some benefits for consumers, including greater personalization and better targeting of products and services.
However, undesirable effects due to the knowledge of these data have also emerged, the most important being the one related to the invasion of privacy.
Today, many people are bothered by the fact that their information is collected and stored in databases.
So what are the end-users’ perceptions of the violation of their privacy in a Big Data environment?
The challenges of Big Data in customer knowledge
The growing collection of information related to consumer habits, preferences or expectations has given rise to Big Data. This mass of data represents a real competitive advantage today because it can be used by the company to better respond to its customers.
Indeed, Big Data is above all a great opportunity for companies to innovate, develop their sales, their profits, their markets, to address new customers and create new offers.
Thanks to social networks, new applications or connected objects, consumers give access to extremely important personal data for companies: name, sex, contact details. Sometimes even more accurate data is collected, such as geolocation information and frequency of use of this or that application, which allows companies to target their customers and their marketing strategy.
The trend is now to cross-channeling and hyper-customization of offers, and we have entered an era where each customer is offered a product adapted to all its expectations. Indeed, the analysis of online and in-store purchases can segment the customer journey to be able to offer the right offer, at the right time and by the right channel.
This is what Amazon has been doing for two years thanks to its sharp use of Big Data. This e-commerce giant uses a predictive algorithm to fully customize the emailing process. Thus, the customer receives a personalized email with one to eight product proposals, based on the information of his previous purchases and his latest research. These personalized recommendations can increase sales by 5 to 15% according to an HMY study.
What is the concept of “Privacy Paradox”?
Nowadays, people are divided between the desire to take advantage of the benefits offered by new technologies, the desire to respect their privacy and the desire that their personal data not be unduly exploited, stored or disseminated.
In practice, however, the benefits often outweigh the fears, and individuals end up allowing companies to exploit their personal data without taking precautions to protect their privacy. In 2010, an international survey conducted by Consumers & Convergence indicated that 79% of respondents were anxious not to see their personal data used by organizations without their permission.
This survey highlights the “Privacy Paradox” since the majority of individuals today are worried about the exploitation of their personal data but do nothing to protect themselves.
Since 25 May 2018, the new General Data Protection Regulation (GDPR) mutually agreed at European level, updates the rules on personal data. Regulation that greatly impacts marketing.
European data protection rules apply to all personal data collected, processed and stored within the European Union, irrespective of the citizenship or nationality of the individuals concerned.
It simply means that if you do business in Europe, or collect data on European users, you have to protect their data in strict accordance with the GDPR
The essentials of the RGPD
As a reminder, the RGPD strengthens the rights of all European citizens in the use of their personal data. What are these rights:
Ø Consent: no personal data may be collected without the express consent of the data subject (unless the data is necessary for a commercial transaction)
Ø Right of access: everyone must be able to consult at any time the information that a company has about him.
Ø Portability: the personal data must be able to be exported at any time in a structured and machine-readable format.
Ø Right to be forgotten: anyone can request the erasure of their personal data and the data have a lifetime.
Ø Right of opposition: everyone can refuse to be solicited commercially or oppose the processing of his personal data (for profiling or other purposes).
In concrete terms, what is the impact of the RGPD on your digital marketing?
It all depends on your marketing practices of the digital marketing agency! The turn to take will not be the same if you already practiced inbound marketing or if you were still in logic of mass marketing in performance marketing agency.
In the first case, you had probably already set up opt-in and opt-out procedures, in the other case you will have to make more effort to change your habits, communicate more clearly, adapt your practices in the future. Respect for individuals, organize and secure the personal data you process. And, of course, in all cases, you will have to keep a record of processed data (when, for what purpose and how), or even appoint a DPO or RGPD manager. But in the immediate future, to channel the essentials, let us see actions to put in place as soon as possible (if it is not already done):
Your website
Ø Control cookies: add a banner or popup to get the active consent of visitors + specify which cookies are collected, why and for how long.
Ø Practice the active opt-in: remove all pre-checked boxes from your forms.
Ø Clearly inform: complete and update your Privacy Policy, explain why you collect data on your forms.
Ø Secure data: minimize the risk of hacking or data loss
Your emailing
Ø Clean up your database: sort and delete all data that was not obtained via opt-in (or ask people to confirm their interest).
Ø Adopt the double opt-in: even if it is not mandatory, it is a good practice and it allows to keep a record of the consent.
Ø Facilitate access to data: everyone must be able to modify or delete their data at any time.
Ø Provide a retention period: define a retention period for the data collected.
Ø Check the compliance of your service providers: you are responsible for the data you process, even if they are partly processed by a third party.
Your advertising campaigns
Ø Information & explicit consent: contest, loyalty card, retargeting, tag, pixel,…
Ø Keep track of all advertising activities
Ø Profiling: reducing the collected data to the bare necessities
Ø Security: make every effort to avoid losses and violation of personal data
Your outsourcing contracts
The RGPD wants to empower all actors involved in the processing of personal data. Your service providers and suppliers and subcontractors are co-responsible. Plan to fill out specific specifications to ensure the security, confidentiality and durability of the data.
The risks of disclosure of information:
Ø unauthorized communication by employees, former employees, consultants, temporary workers, trainees, or service providers, to third parties (customers, competitors, etc.), whether this communication is malicious or negligent,
Ø discussions or business meetings between colleagues, and telephone interviews, in public spaces (restaurant, train, plane), but also, all diversions of a computer nature, such as:o internet data leaks (unprotected or poorly protected servers), and hacking cyber attacks, or
Ø the fraudulent misuse of data following phishing campaigns.
The various stakeholders of the company must contribute to the definition of the data governance policy: the information systems department (DSI), but also the legal, financial, HR, marketing, sales, where applicable R & D.
Awareness must include rules on the destruction (deletion) of documents, and absolute rules on the prohibition of putting data and information online, on open systems.
Finally, we must be particularly attentive to the management of departures from the company and the end of contracts, in order to minimize data leaks (business secrets, customer lists, contract lists, etc.).
Define the technical data protection rules of the company
The company’s data protection policy must also include technical rules. These overlap widely with the rules to be included in the company’s IT charter.These rules include: o the management of identifiers and passwords,
o the closing of the user accounts from the departure of an employee, consultant, etc.,
o the rules applicable to the use, by the workers in the company (employees, consultants), of their own devices or BYOD (Bring your own device) policy,
but also the rules applicable to employees of the DATA PRIVACY AND SECURITY (DPS):
o an obligation of enhanced confidentiality,
o the rules for implementing new versions of the software used, including firewalls,
o the rules applicable to the use of cloud services and access to these services, o the conditions of access (physical and technical) to the servers, etc.
Junaid Ali Qureshi is a digital marketing specialist who has helped several businesses gain traffic, outperform competition and generate profitable leads. His current ventures include Progostech, Magentodevelopers.online.eLabelz, Smart Leads.ae, Progos Tech and eCig.