Data Security

GDPR Two Years On: 6 Lessons Learned.

By Clive Hannon 26 May 2020

25th May 2018 seems like a long time ago, a day that etched in our brains – GDPR Day. Two years have now passed, and there have been some surprising effects on how companies approach marketing, service and overall customer experience.

Here are six GDPR-related lessons we at Engage Hub have learned over the past two years.

1. Consumers are actively championing their rights under GDPR

Initially, GDPR was a bit annoying for consumers – their inboxes were inundated with opt-in requests. But thanks to the legislation, consumers are now more aware of their rights, and have been exercising them. Just in the five weeks after 25th May 2018, the Information Commissioner’s Office recorded 6,281 complaints, more than twice as many as were reported over the same period last two years. To date, nearly €500million worth of fines have been inflicted across the EU and UK, against almost 240 separate enforcements.

Under GDPR, individuals have a right to access personal data an organisation holds, and the take-up is a clear sign of wider consciousness about how personal data is being used. One of the most notable fines, issued by The Information Commissioner’s Office (ICO) in the summer of 2019, was given to British Airways, a staggering £183 million following an investigation of a data breach in September 2018. Just a day later, Marriott Hotel International was fined £99 million for similar shortcomings.

2. Transparency has been a big benefit

Under GDPR, companies have to report data breaches within 72 hours. The ICO estimates that there were 36,000 reported data breaches in 2019 (pre-GDPR levels ranged from 18,000 to 20,000 per year).

Breach information is valuable for consumers because they’re better able to make informed choices and protect themselves. The flip side is that when customers do give their consent, it’s a greater sign of trust, which means they’re actually more engaged with your brand.

The transparency is also valuable for companies and product developers, who can learn from aggregated information and refine their approach accordingly.

3. Companies are being more thoughtful in their marketing

GDPR-driven clarity around consent, opt-ins and opt-outs have forced companies to market more intelligently.

According to email distribution platform Campaign Monitor, three in five organisations saw less than a 10% change in their list size, and nearly 20% saw no change. In other words, GDPR hasn’t been the email marketing Armageddon the doomsayers predicted.

Instead, it’s become an opportunity to purge lists of unengaged addresses, which were affecting campaign effectiveness. As a result, overall list quality has improved, which has had a positive effect on both open and click-through rates. Companies are now better able to use analytics to continuously improve.

4. Technology is simplifying ongoing GDPR compliance

Yes, getting compliant for GDPR Day took time and effort. But companies that implemented the right technology and processes are finding that compliance generally takes care of itself.

The mechanisms for obtaining consent are built into campaigns, and strategies have adapted based on new types of customer segmentation. The software ensures data is stored appropriately and people are only contacted in accordance with their preferences.

GDPR has therefore created a new awareness within companies, but it’s not generally creating big process headaches day to day.

5. GDPR is driving the transition to a more customer-centric organisation – while boosting operational efficiency.

The lessons above point to the fact that companies are generally becoming more customer-centric. In marketing, service, operations, product development – there’s a greater focus on designing around what consumers want, with enhanced security features in mind.

As a result, 51% of organisations are now ranking customer experience as a top objective, above net profit and revenue growth. The trends were there before GDPR, but the legislation has helped cement them.

6. GDPR gives you the opportunity to enhance the customer experience

There is still a common misconception that GDPR is bad for business. However, the changes it requires empower you to build trust and enhance your business’ reputation. In fact, transforming the way you handle data gives you the chance to set yourself apart from the competition.

When you handle your customers’ data efficiently and effectively, you’re demonstrating you take their privacy seriously. What’s more, stricter rules on consent help you be targeted in the way you communicate.

Think about it in terms of the age-old quality-versus-quantity debate. While it’s certainly true that you might be communicating with fewer individuals, you’ll be doing so in the knowledge that those who have opted in are genuinely interested in hearing about your product or service. And that can only be good for your customer engagement and conversion levels.

Get in touch to find out how leading organisations are transforming their customer experience post-GDPR.

See other posts by Clive Hannon


Clive has a fascinating background in industrial engineering and over the years has become a specialist in scaling IT and software companies. His experience comprises high profile roles, such as Head of Continuous Delivery at Oneview Healthcare, and a founder and COO of Ammeon, a telecoms consultancy firm based in Dublin. Uniquely, Clive combines a wealth of technical knowledge with commercial acumen to continuously improve operations at Engage Hub.

Generated with Avocode.FontAwsome (linkedin-in)