It would be a mistake to see GDPR as a hindrance
Despite the rapidly approaching implementation date of the EU’s GDPR legislation, only 29 per cent of companies (including third sector organisations) claim they are ready for GDPR. Across the UK, exasperated management teams see GDPR as a hurdle to overcome and a drain on company resources. For small businesses and the third sector in particular, GDPR can seem an insurmountable challenge.
It’s true that GDPR demands a thorough introspection and will – unless you’re miles ahead of the curve – require a change of company data protection policy.
However, seeing this legislation as a hindrance is an error.
As is inevitably the case, there are a number of falsifications about GDPR which have prevailed above the messages of truth. Indeed, the facts of the matter paint a much more reasonable picture than the twisted scare-stories which have instilled the EU-wide apathy.
First, many people claim the end is nigh and that GDPR will prevent them from making contact with people who may be interested in their products or services.
Ultimately, GDPR does place limitations on who and by what method people can be contacted. However, the kind of shotgun targeting that this legislation now prevents is old hat and largely ineffective. Research about effective customer conversion tells us that contacting those who have had a meaningful interaction with a brand is a much more successful method.
In actuality, the legislation provides means by which business entities may contact potential customers in an effective way, thanks to the “legitimate interest” clause.
Perhaps most importantly, GDPR establishes and protects the most crucial aspect of any company-customer relationship: trust.
Some organisations, especially charities, decided that rather than look to legitimate interest to justify their marketing, they would seek consent instead. What works for each organisation will be different but crucially consent and legitimate interest are both equally valid legal grounds.
In December last year, the RNLI opted to seek consent from their donors. In order to redress the loss of trust in the charity sector, the charity launched an advertising campaign which promised not to email anyone ever again unless they gave the RNLI specific consent to do so.
The campaign spoke to the heart of the issue: donations to the RNLI are necessary for responding to the hundreds of calls that the RNLI receives every day. In short, donations save lives.
Research suggested that only six per cent of people would respond to the email and sign up. The RNLI required at least 22 per cent, or, 255,000 people. In actuality, the charity managed to get 450,000 people signed up to their mailing list. What’s more, the RNLI now had a mailing list of engaged customers, as opposed to a hotchpotch of people who had given a one-off donation several years ago. Their summer appeal for donations received triple the amount they received the year before.
Ultimately, this is a story of a brand issuing a call to arms, which got right to the crux of the issue. It explained why a relationship with the charity was worthwhile and in return, they received a following of engaged and committed subscribers who responded to subsequent appeals.
All this is to say GDPR presents a huge opportunity to focus on what businesses and charities invest most of their time and money into anyway, which is building trust and engaging effectively with consumers. This is, after all, what makes a company or charity successful.
Michael Sturrock is External Affairs Executive at the Direct Marketing Association
Cyber Resilience and Data Protection in the Third Sector will examine how third sector organisations can strengthen cyber security, prepare for profound changes to data protection law and improve information management. For more information or to book a place click here