Wednesday, June 27, 2018
Your Customers Own Your Database - Effective Immediately!
8:35 am edt
This past May 25th, was a historic day for customer databasing.
It marked the implementation of the European Union’s new policy on digital privacy protection, the GDPR (General Data
Protection Regulation). Crafted over the last two years it covers how data collected on individuals within the European
Union and the European Economic Area is stored and treated. It’s a monumental step for government’s involvement
in data processing – an initiative the United States can’t quite seem to rally behind.
of this new initiative is being felt worldwide; you don't have to be in the EU or even do business with EU-based companies
- you will be effected!
Background on the GDPR
the Union’s previous, Data Protection Directive, the GDPR’s aim is to give control of collected data to the individuals
described in the data. Its additional goal is to simplify the regulatory environment by adopting a single regulation
across all of the countries comprising the EU.
Primary focus of the Regulation is that
all businesses handling personal data must utilize systems built with data protection “by design and default”.
This means that any attempt to store personal data must be stored using pseudonymization or full anonymization and use the
highest possible privacy settings by default so that the data is not available publicly and cannot be used to identify a subject
without additional information (which should be stored separately).
the Regulation stipulates:
- Consent – Processors of personal data must clearly and simply disclose their activities to collect personal
data preventing confusing customers into giving their consent. It also must be easy for customers to withdraw
Notification - Data
breaches and the consequent risks must be reported to customers within 72 hours.
- Right to Access – Customers have the right to know if their personal data is being processed,
and how. They also have a right to receive an electronic copy for free.
- Right to be Forgotten - Customers have the right to request their data be erased.
- Data Protection Officer - Businesses whose core activities include processing/use
of personal data are required to employ a Data Protection Officer.
- Privacy by Design – The philosophy of data protection must be present throughout the design
and use of software, websites, operating systems, etc..
- Full Disclosure - A processor of personal data must clearly disclose any data collection, declare the lawful
basis and purpose for data processing, how long the data will be retained, and if it will be shared with any third
parties or parties outside the EU.
Notifying Your Customers
As a result of the adoption of the GDPR - and its influence globally - we’re all receiving daily emails
announcing the updating of vendors' privacy policies.
with Current US Perspectives on Customer Data
For those of us who oversee customerbases using current United
States's standards, if we wish to also be compliant with the GDPR, we'll need to:
- Stop thinking about personally identifiable information and expand our concept to personal
data. Personal data applies to anything that can be used to identify a person including
things that wouldn’t have been included under the concept of personally identifiable information. These include:
email addresses, IP addresses (associated with mobile devices), etc..
our concept of ownership of the data we collect. According to the GDPR, we don’t own it! The individual
customers described in each record own the record(s) describing themselves! The GDPR explicitly proclaims,
“Natural persons should have control over their own personal data.” This gives control of the data
to our customers.
- Understand the 'revocable license' our customers enjoy.
Each of our customers must be seen as giving us permission to use their personal data. This ownership establishes
several key considerations: customers may ask to see their data at any time. Customers may correct mistakes in
our records. Customers may tell us to stop using the data. And, they may ask us to erase it at any time,
revoking our license.
- Recognize that data retention should not be eternal.
We’ve often been critical of organizations’ apparent disregard for the value of customer information
when they wipe it from their computers to save space or to make operations more efficient. The GDPR mandates that
personal data has a ‘shelf life’ and shouldn’t be retained ‘forever’. In short, data
should be kept only as long as is necessary.
U.S. consumer privacy law has been based
on a notice and consent principle, enforced by the principles of fairness and non-deception reflected in the Federal Trade
Commission Act and state consumer protection laws. But the EU’s GDPR reflects more extensive consumer rights and freedoms,
bundles of interests our customers own when they purchase our goods or services. These rights may not be so easily negotiated
away. In general, if we begin to think of ourselves as stewards or guardians of our customers’ data, that will
go a long way to helping us meet their privacy expectations and also to comply with the basic precepts of the GDPR.
Tuesday, June 12, 2018
When You Can't Believe Marketing Research Findings
10:12 pm edt
(A Note: Our background is marketing research, so this issue
may strike you as somewhat hypocritical. But, we've always prided ourselves in fielding thoughtful marketing research
and encouraging our clients to be equally guardful in how they interpret research results. So consider the following
as an example of what can happen if one either naively interprets research findings or actively seeks findings to support
a business proposition.)
If we unquestioningly accept marketing research findings many of us will be pretty excited
to hear results of a research study cited by the Huffington Post. According to this research,
“70% of millennials are willing to pay more for a product that makes an impact on issues they care about.”1 Since
there are over 53 million millennials now working in the US, spending as much as $2.45 trillion annually, their
willingness to support social cause marketing sounds like a 'fact' that’s too good to be ignored when contemplating
marketing strategies for the future.
But, Proceed with Care!
However, things often aren’t always what they seem. Just a few months ago, in a story about social
cause marketing for this column (March 14, 2018), we cited Tom’s Shoes as a preeminent proponent. Virtually every discussion of social cause marketing includes
Tom’s. We, too, cited the company known and widely praised for its policy of giving away one pair of shoes to
children who can’t afford shoes for every pair of Tom’s it sells. Tom’s is widely praised for this
policy and its contribution to the company’s apparent success. A societally positive ‘slam dunk’;
a huge strategic success. But a May 3, 2018 headline from Bloomberg (“Even
Wall Street Couldn’t Protect Toms Shoes from Retail’s Storm”) describes a markedly different reality.
While Tom’s did generate revenue of $91 million in the fourth quarter of 2017, it reported only $8 million in profit
and is currently carrying about $350 M in total debt .
So, What's the Problem?
It seems the bulk of Tom's’ business is based on its $54 a pair trademarked
Alpargata slip-ons. That’s the shoe that for every pair Tom’s sells, they give a pair away. But unfortunately
(for Tom’s) competition has entered the market, and no matter how sincere potential customers were when they told researchers
they’d pay more for a product that “makes an impact on issues they care about”, in reality more and more
are buying bargain alternatives. Tom’s and its touted social cause marketing is in trouble!
Skechers has created a shoe it calls “Bobs,” which mirrors Tom’s design, mimics Tom’s charitable business
model and sells for half the price of Tom’s shoes. Then, discount stores like Target and Payless joined the frenzy
by selling their own knock-offs of Tom’s that can be found for $20 or even less. At the end of the day, consumers’
cash register behavior has proved far different from their ‘lofty’ answers to marketing research questions.
This ‘disconnect’ really shouldn’t come as a surprise. For years marketing researchers have
wrestled with the challenge getting honest answers from respondents. Instead, many survey/study participants answer
by positioning themselves as the person they think they should be, or the person others expect them
to be, rather than the person they actually are! We are all familiar with surveys
that would suggest the public loves to attend the opera or reads the classics over pulp literature. (These are all the
result of social desirability bias.) And, research which allows such departures from reality suffer the consequences.)
A Better Predictor
When it comes to money and the support of noble causes it might be more reliable for researchers to think
like the traditional direct marketer. As Ed Nash (a direct marketing legend) is reported to have frequently observed,
“the only research I care about happens when a prospective customer looks at my product and decides to open her/his
wallet and hand over the cash to make the purchase”.
Attitudinal research has its place, and sometimes
it’s the best information one can get (or for product concepts, the only customer input you can get),
but it’s hard to find anything more reliable than measuring actual consumer behavior. Thanks
to today’s online sales and our ability to make various offers, using various promotions, at varied prices to potential
customers, we can come closer to Ed Nash’s classic skepticism, than would ever have imagined! Given multiple options
and our ability to track, not attitudes but actual purchases made with consumers’ own very real money, we can observe
which choice(s) they actually make. Such results will better support generalization to which product mix(es) should
work in the broader market.