Building Trust, Step by Step
Increased trust should, over time, encourage customers to share more PI, as long as they see the demonstrated benefits of doing so. Walters says, “The key thing in building trust is delivering concrete benefits” when a user does share information. “Saying something like ‘improving your service’ is too vague. It has to be something tangible.” For instance, telling customers that by providing their gender and age, they’ll receive customized offers for discounts and promotions is an example of a clear exchange that satisfies GDPR opt-in requirements. (Of course, relevant customized offers better follow in short order.)
Asking for the kitchen sink of personal data up front isn’t the way to go; just like in a personal relationship, a stepwise approach to building trust is more likely to succeed. “A company could start with, ‘May I have your email to send you the weekly newsletter?’” says Walters. “If I respond to the newsletter, then ask for the next thing, like details about demographic information in order to share appropriate offers.” A response to one of those offers could trigger a request for the next piece of information that relates to a tangible benefit—perhaps sharing a geographic location might lead to an invitation to a nearby event or an in-store-only special.
Bailie agrees that the messaging around the GDPR is critical and that content creators will play a key role in making it transparent and palatable to consumers. “It’s a challenge to companies to think about what content actually means. It’s not just about the content we serve up to customers, but also includes the language in disclaimers, compliance statements, and even internal communications.”
Working within a GDPR-compliant system can build trust internally, as well, by mitigating risk for content teams. “As a content creator, you want to know that your workflow and governance are GDPR-compliant, because it protects you,” says Bailie. She cites the example of a government agency whose pre-GDPR CMS often led to drafts rather than final versions being published on a public-facing website, resulting in repeated retractions. Good GDPR design takes workflow and governance into account.
Audience Shrinking? Try Refinement.
Of course, the elephant in the room with the GDPR is this: Its implementation means that businesses will probably lose online customers. While some companies may make the dramatic choice to stop competing in European markets altogether rather than expend the resources to comply with the GDPR, it’s more likely the reduction will follow when opt-out data-sharing changes to opt-in, requiring a deliberate decision on the part of customers to stay engaged.
Does it matter? Bailie says no. “If you shrink your audience to those who actually read what you send out, I would call that refinement more than shrinkage.” If you think of the newsletters to which you subscribe but never read and how your only engagement with them is to delete them, unread, from your email inbox—it’s a fair point. But as the GDPR impacts roll out across the digital content landscape, metrics should change as well. If audience numbers drop, perhaps focus needs to shift to levels of audience engagement as a better measure of their value.
There’s an argument to be made that global companies should design systems that honor the GDPR requirements for the consumers that it covers, but continue their broader data collection and usage activities for the rest of the world. Think of it as a Balkanization of privacy. “Regulation benefits the bigs,” says Calic, noting that companies with sufficient resources can customize their approach to data collection by market. “Companies with more limited resources will probably go by the strictest rules.”
Walters refers to it as the “Californication of data governance,” alluding to the transitional period in American car manufacturing in which automakers created one car that would pass California’s stricter pollution standards, and a “49 state car” for the rest of the country. “Now they all just sell the California car everywhere,” he points out, “and that’s my advice. It’s costly and inefficient to maintain two separate systems. And putting people in control of their data is the right thing to do.”
The GDPR is just one regulation for global content creators to keep in mind. From the Hong Kong Personal Data Ordinance, to HIPAA, to FERPA, and beyond, the trend toward increased regulation to prevent misuse of personal data—and outspoken consumer demand for it in places where regulations lag—is a worldwide wave.
And in the end, the GDPR’s tenets of data privacy and data minimization are sound content design and delivery philosophies. “GDPR is a benefit because it forces content creators and advertisers to behave in a manner that benefits the consumers,” says Calic. “You’ll work harder, but you’ll have more loyal, engaged customers as a result.”