Personalisation in a GDPR world: managing the risks to realise the opportunities
Apr 23, 2018
Today, success in Retail & Consumer (R&C) is all about delivering “personalised” products and experiences to consumers. But what does this really mean? How can companies achieve it? And will it still be possible in a General Data Protection Regulation (GDPR) world?
Tackling the last of these questions first, the simple answer is “yes” – so long as you understand the implications of the new rules. But the first two questions demand more complex responses - with some context about the changing consumer landscape.
So, what’s happening? Think back to your childhood. Your family might have had a local baker who knew what you liked, and provided it in a personalised way. But as you grew up, one-size-fits-all mass-marketing became the norm. Rather than products fitting around you, you had to fit around the products.
Now the pendulum’s swinging back again. Today, R&C companies can replicate the personalisation offered by small local providers, but do it at scale. How? By using profiling based on personal data and adopting new supply chain and manufacturing technologies around data transfer and automation. The result can mean enhanced loyalty and higher margins.
To maximise these uplifts, R&C companies need to get ahead of consumers’ ever-rising expectations. And the way they do this can vary between different sizes of business. For start-ups, the answer lies in disrupting the status quo by offering consumers something new and different. For established players, it’s about collapsing product development cycles from years to days, and putting the consumer at the heart of the end-to-end production process and supply chain.
For businesses looking to achieve this customer-centricity, social media listening is an increasingly valuable tool. For example, it enabled a leading ice cream manufacturer to discover that the Thursday before a rainy weekend is a great time to offer tailored promotions.
But to maximise share of wallet, even the most personalised offer needs another magic ingredient: a brand that consumers find compelling. In the online world, choice is infinite – and if people aren’t actively looking for you, they may never find you. So aligning your brand with the values of your consumers is vital.
This boils down to forging a new consumer relationship – one based on data that they’re happy to share with you. Which brings us to the EU’s GDPR, a new set of rules around protecting consumers’ personal data that comes into force on 25 May. While some fear that GDPR will make personalisation more difficult, it actually opens up opportunities, as well as risks – and companies that are careful and transparent have nothing to fear from it.
That said, there are some fundamental principles to follow. If someone has given consent for you to use their data to give them personalised products, then you should be fine doing so. But use it to target them in other ways and you could have a problem. GDPR means you must be able to explain the logic you’re applying, and make sure you keep the data you are using really secure.
Overall, the most important thing in approaching GDPR is to be aware of the thin line between personalisation and intrusion – and be careful not to cross it. If a retailer offers WiFi in-store and then uses it to monitor individual customers’ movements, it could well face a complaint. And while harvesting people’s social media “likes” to offer them your products may be acceptable, scouring it for information about their health and using that to target them is not.
Across R&C, digital opens up great opportunities for personalisation. But with GDPR, it’s more vital than ever to ensure that personalisation doesn’t overstep the mark and interfere with someone’s privacy.