Ascend London 2018 - don’t fear GDPR compliance, embrace it says a lawyer

Profile picture for user gonzodaddy By Den Howlett May 15, 2018
Summary:
Episerver's Peter Yeung provided a refreshing and uplifting view of GDPR. Not too shabby for a lawyer.

peter Yeung - Legal Counsel Episerver
Peter Yeung - Legal Counsel Episerver

Among colleagues, we've joked that getting much attention around GDPR issues is about as likely as finding a common definnition of digital transformation.

So how welcome do you think a legal counsel would be taking the stage at an industry event to talk about GDPR? Very welcome as it turns out. The Ascend London 2018 house wasn't full for the session but it was very well attended.

Peter Yeung, VP and General Counsel Episerver took to the main business stage at Ascend London 2018 to contrast much of the media generated fear around data privacy, especially in light of the Facebook/Cambridge Analytica debacle with a report from Accenture that talks about value to be released from the adoption of best practices.

Yeung described how Episerver had its share of angst in remediating data privacy policies. At one stage he showed the 'before' and 'after' work needed to be done in order for the company to feel comfortable it has got its GDPR compliance methods aligned with the legislation.

On the left you see what our old privacy policy looked like which much to my embarrassment I wrote. When you look at it, it looks much like a legal contract because most privacy policies are written by lawyers who don't know how to talk to individuals. Like myself from time to time. You can see that the contract we're now using uses conversational language not contract language.

A couple of points from his presentation stood out to me. In common with a growing number of voices, Yeung made the case for improved list quality.

You're going to have to get rid of some people on your list but that's OK. Because what you'll almost immediately see is a dramatic improvement in open and clickthrough rates. It's simple math. But ultimately, it's going to make your marketing so much better than it is today.

That in itself explodes the myth that it is the size of the list that matters.

I have long argued that marketers have a reliance on these metrics wrong and that what really matters is the extent to which we see engagement. GDPR adds some spice to that argument but many of us will be faced with the fact that marketers will not necessarily understand the implications. At least not at first.

He did, however, caution that when people unsubscribe, that's not necessarily an indication that they want to leave completely or that they are withdrawing consent. Initially, I was taken aback by that idea for reasons I have discussed elsewhere. But in a conversation we had in the halls afterward, Yeung explained the logic.

People might appear on different databases for different reasons. The fact they don't want your newsletter doesn't mean they don't want to be told about webinars (for which their details might appear in another system) or that they don't want to continue receiving special offers (which in turn might include personal data held in a joint marketing and commerce system.) The important point is that each of those sets of records must be GDPR compliant.

Episerver would, of course, prefer that you use their advanced CMS as the jump-off point for a variety of campaign types such that you only need their database but that wasn't pushed as a major selling point.

I also asked about the impact the changes would have on Episerver's list. Right now the company is not sure although such changes as they have seen point towards a much more focused way of looking at customer behaviors.

Episerver has made significant strides in the development of personalization - or, as James Norwood, CMO at Episerver prefers to say - individualization. Yeung used this as a plank to argue for the better quality of data that will occur as organizations work with GDPR.

Marketers have long moaned about the quality of their databases but what happens when you're simply adding gazillions of people and then bombarding them with messages like everyone else? GDPR provides that opportunity to really go after quality so that you can truly personalize the customer experience so that people become actually interested in what you're pitching them and that's fundamentally important to your business. You will not hold onto data forever because you can't take action on that.

Finally, Yeung dropped some tips about consent. Among those, he pointed out that marketers will need to get consent early in any potential lead engagement and that they will need to be upfront asking for that consent.

You will only get a couple of shots at this and if the person won't give consent then they go into the 'do not contact' list. If you do more then you could be deemed to be harassing them. You don't want that.

My take

It was good to hear a lawyer not talking legalese but providing solid information about practices all companies will have to follow. I'm sure this will be the first of many such presentations.

Of course, all vendors will want to appear good actors but Episerver has a heritage that was born on the fringes of Europe, Yeung is based in the UK and Norwood is a Brit. These folk will have given this full attention and in listening to Yeung, I came away confident that Episerver has done the best it can to not only do the right thing but also ensure that its customers are well placed to be comfortable in their dealings with those to whom they market.