Tiffany: Personalization in a post-GDPR world


Marketers are reeling in a post-GDPR world. Use of our most vital tool – data – has been restricted. At the same time, 62% of consumers are demanding personalised experiences as standard. Something that’s impossible to produce without customer data. These two opposing pressures are making some marketers very worried. This doesn’t only affect the UK either, it affects every business. If you only have a single customer that is based in Europe, GDPR rules apply.

But GDPR doesn’t make personalisation impossible.

The GDPR presents an amazing opportunity to get to know our customers better. Right now, the trust between brands and consumers is at an all-time low. 37% of the general public surveyed don’t trust marketers to use their data responsibly and 73% don’t trust social media platforms such as Twitter & Facebook. But, if we can rebuild that trust, the GDPR’s insistence on explicit consent could help us to get to know our customers better than ever before.

GDPR forces brands into building two-way, honest, transparent relationships with their customers. This can only benefit personalisation in the long run. Asking consumers honestly and outright what it is that they want to see in their marketing is likely to yield way more useful data than analysis of harvested data ever did.

Yet, we need to make sure that we can get customer data in the first place.

With power shifting into the hands of the consumer, marketers need to work on trust and value exchange. From the ground up. And the best way to do that is to absolutely, fully, and totally commit to the GDPR. And let’s not forget that our marketing duty hasn’t changed it is to listen to the needs of the customer and to satisfy them. The companies that do this will be the ones to survive. Transparency on how we collet, store and process data is now a customers need, we need to fulfil this need. Customers will be open to sharing their data, if they believe that it will be safe, and that it is worth their while to do so.

Lawful Data Processing

There are six lawful grounds for processing personal data under the GDPR:

  1. Consent
  2. Contractual necessity – i.e. when data processing is required for a contract
  3. Legal obligation
  4. The protection of the data subject’s vital interests
  5. The protection of the public interest (for example, the police may process data in the pursuance of criminal investigations)
  6. Legitimate interest

The grounds of Consent and of Legitimate Interest are of the most relevance for marketing purposes.

Legitimate Interest

According to the GDPR, “The processing of personal data for direct marketing purposes may be regarded as carried out for legitimate interest”. To have a ‘legitimate interest’, a company would have to demonstrate that this data processing is essential to their operation.

It sounds like a fantastic data loophole – but don’t get too excited just yet! The GDPR stipulates that a legitimate interest must be ‘real and not too vague’. To cite legitimate interest in data processing, the company also must prove that doing so is in the interests of both parties. So it’s not exactly a get out of jail free card.

Some examples of legitimate interest include:

  • Fraud prevention. To keep fraudsters out of customer accounts, for example, some customer data must be processed. This is both essential for preventing fraud, and is in the best interests of the customer.
  • Suppression. If a consumer requests that certain content is not sent to them, some data (their email address, for example) may need to be kept on file. This will ensure that this address is no longer targeted.

To count as a legitimate interest, there has to be a balance of interests between both parties. You must also be able to demonstrate that you’re using only the bare minimum of data, and using it responsibly. If you’re not sure whether or not your marketing activity could fall under ‘legitimate interest’, you can undertake a Legitimate Interest Assessment (LIA).

However, it’s always worth remembering that consumers are not keen on having their data used without their permission – legitimate interest or not. The Cambridge Analytica scandal tapped into a deep well of resentment at invasive marketing tactics, and consumers are kicking back with a vengeance. The first GDPR-related complaint came in mere hours after the GDPR went live. So, whether you have a legitimate interest or not, if you don’t want to get a reputation as a creepy data-harvester, it’s always best to ask for consent.


Consent is pretty straightforward. If someone gives you their express permission to use their data and you use it in the way the customer has consent then you are GDPR compliant.

However, since Cambridge Analytica, customers aren’t wild about giving out their personal info. Trust between consumers and brands has broken down, and nobody wants to offer up their data until that trust is rebuilt.

tiffany personalisation

Consumers felt violated, betrayed, and lied to. So, how can we persuade customers that we’re trustworthy? How can we convince them to hand over their precious data?

  • Be transparent. You can’t trust someone who’s not honest with you. And you can’t trust someone when you don’t know their intentions. If you want your customers to be less wary, make it clear and obvious what you want their data for, how you’ll store it, how you’ll use it. And then do exactly what you’ve promised.
  • Demonstrate value. There’s a prevailing idea right now that anyone who’s after your data wants to invade your privacy and sell your details to the highest bidder. People often don’t realise that, most of the time, data is actually used to improve their customer experience. So, if you want people to hand over their data, you need to make it clear that it’s worth their while. Offer incentives, explain that personalisation will benefit them. Then do exactly what you’ve promised, and use that data to benefit the customer.

If customers explicitly provide their data, the potential for personalisation is enormous. The GDPR’s insistence on consent actually presents a huge opportunity for marketers. It gives us the chance to build bridges with our customers, to open up dialogues and to learn more about one another.

If we can prove to our customers that we’re trustworthy, they’ll be willing to build stronger and deeper relationships with brands than has ever been the case before. We can get to know them on honest terms, learning in detail about their personalities, preferences, likes and dislikes. And that doesn’t mean you only have to collect this data with a survey form, you could utilise interactive marketing to make it fun!

We can then use that information to benefit everyone involved. We can hyper-personalise the customer experience, and we’ll know that we’re giving the customer exactly what they want.

Title: Personalization in a post-GDPR world
About: GDPR Personalization
Audience: Email Marketers
Copyright 2018, Only Influencers, LLC