Just like PSD2, the new GDPR legislation is either an opportunity or a major headache, depending upon your perspective. The fact is that compliance with GDPR is not optional and it comes into force next year. And no, the UK’s decision to leave the EU will not affect its implementation.
So whether you are a marketing manager, a CMO or fintech marketing agency like us, you’ve got to know about GDPR.
We should have seen GDPR coming; especially fintech marketing professionals. Why? Because it’s a logical extension of the laws that are enabling consumers to wrestle their financial data away from banks. It’s about giving consumers control of their data, who uses it and how. It’s about stopping lazy marketing that irritates consumers, undermines trust and wastes millions of pounds of campaign budgets.
What is GDPR?
GDPR (General Data Protection Regulation) is new European legislation that is enforceable from 25th May 2018 and replaces the DPA (Data Protection Act). The law is also applicable to non EU companies holding data on EU residents. Penalties for non compliance are hefty with either a €20 million or 4% of annual global turnover being charged.
GDPR applies to all methods of storing customer data; digital or otherwise. It dictates that an individual’s data cannot be used for marketing activities unless that individual requests it. The important word is ‘requests’. You need a definite opt in. Just because they borrowed your pen at Money 20/20 or didn’t notice a hidden opt out box on a form, you can’t assume you have permission to add them to your list.
Of special interest to fintechs will be the expansion of what is considered personal data. From next year it will also include genetic and biometric data that can uniquely identify an individual.
For comprehensive detail on GDPR, take a look at the Information Commissioner’s Office web site.
How GDPR will help increase ROI
Just think about this in cold, hard numbers. Most marketing agencies and in-house teams focus on maximising the ROI of each campaign. To achieve that, you need a good conversion rate from prospects to sales. So it’s in your best interest to use a well-defined list because casting your net far and wide isn’t efficient or cost effective. And from next year, it will also be illegal.
On the downside, you will have to put in more work to attract and nurture relationships so those individuals are more inclined to grant you their precious opt-in. On the upside, this means those people are warm to your marketing and more likely to convert. That means higher conversion rate and ROI. And another upside is that you are more likely to retain those customers.
Drop the dead weight from your database
Forward-thinking companies in other sectors are seeing GDPR as an opportunity to take a fresh look at their marketing database and customer relationships.
According to Marketing Week, Wetherspoons has already deleted its entire customer database. Sky’s group head of data protection and privacy, Nina Barakzai, said, “Most of our preferred suppliers have been planning for GDPR since 2013. We have contract clauses in place.” Sherine Yap, head of global CRM at Shell said: “We have to validate a lot of the permissions and a lot of the consent, but I actually think that’s going to be a bonus because for me we don’t have a lot of dead weight in the databases.”
Implications of GDPR for fintech marketing
If GDPR feels like an insurmountable challenge to your fintech marketing activities, then you are doing something very wrong right now. Fintech marketing agencies and in-house teams should know better than most that buying lists and spamming people is just so… un-fintech.
Fintech value propositions are usually based on serving a very specific need for a well-defined customer. This means the marketing approach must be equally targeted.
Think about a transition plan to begin updating and cleansing your database now. It will be lean and more powerful in good time for GDPR. It will also be smaller so get your business used to the idea that it’s about quality, not quantity. Be brave and start explicitly asking for opt-in permission now. The sooner you start, the more you will capture.
Marketing tools and processes
Several of our clients use software such as Lead Forensics to capture the IP address of visitors to their web sites. It doesn’t tell you specifically who has visited your site but it will, if possible, capture their IP address which can give you the company name. While Lead Forensics have told us that their service is compliant with the new GDPR laws, the Information Commissioner’s Office suggests that IP addresses may indeed be considered personal data.
Lead Forensics also enables users to buy email addresses of individuals within companies. Although you don’t know if the person whose contact details is the individual who visited your site, you could take an educated guess based on their role. When we spoke to Lead Forensics, they were unable to confirm long-term compliance of that aspect of their service.
You may also need to talk to your IT team to ensure you can easily comply with GDPR stipulations. You will need to provide access to the information you store and have the ability to deal with deletion requests.
Think long-term relationship
GDPR underlines the validity of the approach taken by many fintech marketers, especially the challenger banks like Monzo and Revolut of nurturing a supportive community of customers, prospects and advocates over time. This is a great principle to steer any start-up. Build a prospect database as a key work stream early with a clear strategy to allow maximum time for development.
Once you have earned their opt-in, be extremely selective about the marketing messages you send. Over-communication or irrelevant offers will have prospects quickly hitting the ‘unsubscribe’ button and undoing your hard work.
While the Information Commissioner’s Office continues to iron out the details of GDPR, the general direction is entirely clear. If you need help adapting your marketing to nurture prospects and retain clients, give us a call. Just don’t wait until May 25th.