Back to Blog

The Future of Data Protection and Personalisation

Marketing Team

Blog: The Future of Data Protection and Personalisation

As if marketing wasn’t hard enough, the compliance elephant in the room can’t be ignored any longer.

There's no denying we're in an age of greater data protection. Brands now have a real and sincere responsibility to show they are communicating with customers in an appropriate way and, in particular, that they are using their data properly.

Now, marketing teams have something else to worry about aside from missing conversion targets. They now have to worry about falling foul of increasingly aggressive regulations.

So how did we get here?

The issue of data misuse and responsible marketing was thrust into the headlines in 2018 by the Facebook–Cambridge Analytica scandal.

Whilst data mining and the use of algorithms to create targeted campaigns is nothing new, controversy surrounded Cambridge Analytica when it was revealed that data of approximately 87 million Facebook users had been acquired through 270,000 of them accessing a Facebook app called ‘This is Your Digital Life.’

By giving this third-party app permission to acquire their data, back in 2015, this also gave the app access to information on the users’ friends network. This resulted in the data of about 87 million users, the majority of whom had not explicitly given Cambridge Analytica permission to access their data, being collected. The app developer breached Facebook's terms of service by giving the data to Cambridge Analytica.

To read more about this issue, take a look at The Compliant Marketer's Ultimate Guide to Personalisation which features leading expert insights.


The nail in the coffin so to speak was that this data was linked to alleged interference in the 2016 US Presidential Election and the UK’s Referendum on leaving the EU.

This sparked worldwide outrage and shined an even bigger spotlight on the importance of data protection. Netflix went as far to release a film known as 'The Great Hack' in late July which covered the entire scandal, exposing the dark side of social media and the power of data.

The future implications are not only huge for marketers, but for all of us. Now more than ever businesses need to evaluate how they're utilising data and constantly question their conduct. Are they being responsible? Are their current practices ethical and are they protecting customers in every way they can? 


The road to GDPR 


Given the events of the past few years it's no surprise that people have started to think about how their data is being used and greater regulatory focus was brought down on this area.

If that wasn’t enough, around the same time four dreaded letters were implemented across all companies: GDPR. Brought in across the EU, the General Data Protection Regulation (GDPR) introduced new rules for how public organisations and businesses handle clients’ data while giving individuals greater control over how their information is used.

The risk of falling foul of data protection rules is severe and regulatory bodies have been very active in this field. In 2018 alone, the Information Commissioner’s Office (ICO) issued the largest amount of civil monetary penalties in its history in relation to data protection.

In total, the ICO issued 26 fines totally £3.28m across companies of all sizes and oversaw 19 criminal prosecutions (resulting in 18 convictions). Suddenly, marketing departments are having to think more proactively about how they use client information while marketing effectively (and, ideally, with personalisation).

There is no silver bullet for regulations such as GDPR, they call for responsible and accountable marketing practices that require businesses to rethink their processes and bring in new systems that help them stay compliant.

To help, here are a few key pointers to ensure you're GDPR compliant:

  • Websites must notify visitors before tracking cookies - first consider the reason behind why you want to track a user's cookies, the best brands do this and simply tell the customer. For example, 'we use cookies to provide you with the best online experience. By using our website you agree to our use of cookies in accordance with our privacy policy.'

  • Opt-ins must be clear - remove any jargon from your consent forms so they're easy to read and understand, ensure your terms of services are accessible and the ability to opt-out is always available.

  • Tell the customer how you'll use their data - You need to identify what you're collecting but also explicitly say what you're doing with it, once again this should be written clearly and easy to understand.

  • Allow customers the right to be forgotten - if an individual exercises their right to be forgotten, respect it.  You will need to build a process around this and ensure adequate steps are taken to have their data erased from your systems, you will also have to consider whether you need to prevent any third-party processing of this data too.

  • Collect only the information you need - The ICO refers to this as 'data minimisation' and it's as simple as it sounds. Think about re-evaluating your website forms and ensure that the fields you provide only collect relevant information. The data you collect should be used to benefit the customer experience across your business, this is what it means to be truly customer first.


The future of data protection

Privacy regulations will continue to mature and therefore the role of both security and risk management leaders will become increasingly important. GDPR regulation has gone on to spark a movement where we'll see other areas of the world looking to implement similar regulation.

By 2020, the backup and archiving of personal data will represent the largest area of privacy risk for 70% of organisations, up from 10% in 2018.

- Gartner 

Forward-thinking business need to plan accordingly. By predicting the challenges that lie ahead, it'll put firms in a better position to manage them. For example, any increased regulation that might impact the use of data will have been predicted with the risk and impact already measured. We know that a data breach will undoubtedly result in negative financial and reputational implications, it's already a reality for some leading brands who have been called out when a data breach has occurred or there's been a misuse of data.

So, what does this mean in context with personalisation marketing?

Marketers will have to switch tactics and eloquently explain the benefits of a data exchange to their customers. Trust should be at the heart of what they're looking to obtain from prospects and customers, this approach will in turn change the marketing strategies they use. Then, based on the customer's individual response they must respect their decision.

To put it simply, Marketers will still able to capture data from both 'could-be' customers and existing customers, it's just they will need to be more transparent and deliver a better experience to obtain it. With GDPR in place we must now take steps to ensure consent is explicitly granted and then maintained, for the next generation of Marketers this will simply be standard best practice and the emphasis will be on how great experiences can be delivered with trust at the heat of them.


Bringing compliance and marketing together

With the threat of non-compliance at an all-time high, it's essential for firms to ensure marketing and compliance are working closely together. With the expansion and development of digital channels, the challenges they face become increasingly complex and difficult to manage.

For example, in relation to MiFID II, Article 16 (3):

'An investment firm which manufactures financial instruments for sale to clients shall maintain, operate and review a process for the approval of each financial instrument and significant adaptations of existing financial instruments before it is marketed or distributed to clients.'

These requirements make it more important than ever for compliance and marketing to build stronger relationships. In our experience, firms have started to adopt an approval process but none of these are operationally efficient whilst also satisfying the demands of the legislation. The solution? By utilising technology like MirrorWeb's, firms have built an approvals process that sits between their web and social media channels, ensuring financial promotions are managed more efficiently.

Want to learn more about personalisation and compliance? Take a look at our latest eGuide: The Compliant Marketer's Ultimate Guide to Personalisation by clicking below... 

Want to find out more about MirrorWeb?

The world's leading financial services firms are using MirrorWeb's Platform to archive their web and social media channels and supervise digital content for compliance requirements. The platform allows you to supervise, archive and evidence your electronic communications, satisfying the demanding requirements of MiFID II, SEC, GDPR and FINRA. 


More from the Blog

2024 So Far: Recordkeeping Revamps and Regulatory Rigor

An analysis of the intense regulatory activity we have seen so far from the SEC, FINRA and the FCA.

Read Story

Whatsapp Compliance, Self-Reporting, and Ripping off the Band-Aid

The SEC has incentivized firms to self-report on off-channel violations. We look into the process and its benefits.

Read Story

FINRA Report 2024: Recordkeeping Takeaways

Key recordkeeping teakeaways from the 2024 FINRA Annual Regulatory Oversight Report.

Read Story

See what we can do for you.

Let us show you why MirrorWeb is trusted by organizations across the globe for their compliance and digital preservation needs.