GDPR: The impact on Marketing and the Financial Services Industry

28th March 2018 - 10 minutes read  Legislation
Libby Mayo - Group Commercial Director

One of the biggest changes to hit the financial and professional services industry is the introduction of the much anticipated GDPR. Although GDPR will have an effect on the entire industry, it’s particularly important from a financial services marketing standpoint. But while GDPR may require an overhaul of your marketing strategy and data storage, it also provides an opportunity to synthesise and understand your customer information. Ultimately, it can help you create a stronger, more focused customer relationship.

What is GDPR?

GDPR is the European Union’s General Data Protection Regulation. It will come into effect on 25 May 2018 and, in short, it means big changes for the financial services industry. In fact, it’s the biggest shift in security and privacy regulation in over 20 years. In some ways, it’s actually long overdue.

Technology and data have been constantly evolving over the past two decades, so regulations are finally catching up. It’s designed to give individuals more control over their data, enshrining rights to access and the right to be forgotten, among others. For financial services, this presents new challenges, but also some great opportunities.

Does It Apply To You?

GDPR will apply to anyone handling EU citizen data or “personal data”, whether employees or customers. If you access or hold any personal data, you will almost certainly be affected.

What Does It Mean For Marketers?

For financial services marketing, GDPR means an overhaul in data collection and storage. Though previously some companies thought that the vagueness around GDPR enforcement meant that they could pass on liability, the recent Facebook and Cambridge Analytica scandal shows that data issues will not be taken lightly. And under GDPR the potential repercussions are huge — fines can be levied up to £20 million or 4 percent of global revenue, whichever is higher. Financial and professional series marketers are on the front line, so they need to be vigilant.

But though it may sound overwhelming, there are clear steps that you can take to ensure that you’re GDPR compliant. You should familiarize yourself with the regulation itself, but these are the key areas financial services marketers need to be aware of.

Data Permissions Changes

One big change for your financial services marketing will be to your opt-ins for resources like email lists. For a person to be contacted by you with promotional materials, they will have to expressed this in a way that is “freely given, specific, informed, and unambiguous” and paired with a “clear affirmative action”. What does that mean? Your customer needs to take a clear step to receive information from you.

This obviously means no more buying and scrapping lists of leads and, from a financial services marketing perspective, it’s more straightforward than it sounds. Rather than a pre-checked box or automatic enrollment in a program that individuals can opt-out of, it needs to be something they’re choosing to opt-in to. It’s a slight difference to design, but an important one. Also, if you have an automated marketing system, make sure to go through and make sure that all mechanisms used are GDPR compliant.

If you start auditing your mail lists and databases now to weed out any data that isn’t GDPR compliant, you’ll be ahead of the curve.

The Nature Of Data

Previously, your financial services marketing might have done its best to collect as much data as possible — information that you didn’t strictly need, but was nice to have on file. Under GDPR, you must be able to justify the data you collect. That means going through your data gathering mechanisms and make sure that they’re all directly related to or necessary for your product or services.

Joined Up Compliance

In order to be truly compliant, your company is going to need joined-up thinking between departments. A full audit of how you gather information, how you store it, and how easy it is to access and delete will ensure that all moving parts of your company are compliant. Tools like a more centralized approach, anonymization of data, and starting before the compliance deadline can ensure a smoother transition.

Your Favourite Platforms

There are platforms that you probably use everyday that, in theory, should be taking their own steps to be GDPR complaint. But, with the stakes so high, it’s crucial that you perform your own checks on platforms like Facebook, LInkedIn, and Google Analytics. For example, in the Google Analytics Terms of Use Google requires that you do not store any personal information, with sounds like it’s automatically compliant. But, in a full audit of your financial services marketing, you should take further steps to ensure that there are no problems, using an analytics audit tool or checking who has access to your GA account.

Similarly, Google Adwords is already compliant (according to Google) but it’s always important that you do your own audit. And with Facebook coming under fire in the recent Cambridge Analytica scandal, doing your own due diligence for any information connected to that platform may be crucial to winning your customers’ trust.

The Right To Be Forgotten

Under GDPR, individuals have should be able to request that their account is closed and/or data is removed. From a data storage standpoint, it means that individual channels must be drawn together and centralized, ensuring that they are transparent and accessible. From a financial services marketing standpoint, you need to focus on access. Whether it’s a clear opt-out or account delete option on an email, individuals should be able to access their data in a straightforward way. Go through your marketing materials and make sure that individuals don’t have to jump through unnecessary hoops to delete their accounts or remove their data.

Challenges Reveal Opportunities

It sounds like a lot of work — and it is, but there’s also a lot of opportunity. Centralizing different channels where data is stored will allow you to create a deeper understanding of your consumers — and understanding their needs will ultimately allow you to market more effectively. By clearing out superfluous data  you’ll create a database of more interested customers — and the increased transparency will increase customer trust and, ultimately, loyalty.

What Does It Mean For You?

There’s no denying that GDPR is going to mean a lot of work in financial and professional services marketing. Some may say that it hinders marketing, but in another sense it can make it more powerful. Because it speaks to a need. Regulations haven’t evolved at the same rate as technology and the recent #DeleteFacebook trend shows that individuals are responding to what they view as improper use of data. GDPR gives you an opportunity to reassure and draw in customers with transparency, as well as making your data more powerful as you overhaul and synthesize it.

What does that mean for you going forward? Although GDPR becomes enforceable on May 25th, your job starts now. Auditing your existing data, overhauling your collection systems, and liaising with other departments will ensure that you’re compliant by the time it counts. It will have a huge impact on financial services marketing, but ultimately provide you an opportunity to form stronger bonds with your consumers.

If you have any questions, or are confused about what to do with your marketing strategy when GDPR kicks in, give us a shout and we’ll walk you through it.