For marketers, the protection of personal information is more about the dos and less about the don’ts

11 November 2020

Convenient access to information makes for a great customer experience. But it does come at a price. Marketers acting as responsible parties for the processing and storing of personal information realised quickly that they’re able to capitalise on the give-and-take transaction involving information in a digital age.

What customers might be unaware of is that governments and regulatory bodies worldwide have focused on the need for legislation that governs the use of personal data and associated protection. These regulatory frameworks will significantly affect the way marketers and customers consume information.

In 2018, the European Union introduced the General Data Protection Regulation (GDPR) to regulate data protection and privacy primarily of European citizens. In South Africa, the Protection of Personal Information Act (POPIA), will be of full force and effect from 1 July 2021 following a one-year grace period for organisations to get their ‘house in order’.

Although the POPIA does not provide marketers with a tick-list of dos and don’ts, its various provisions create opportunities to improve the customer experience and foster brand loyalty, rather than enforcing restrictive measures as is the perception from some marketers. We explore a few of these measures in today’s post:

1. Prioritize consent

Consent may no longer be implied in the form of, for example, a pre-ticked box on a public-facing website form to add a new customer to the brand’s database. Gone are the days of distributing mass email campaigns to large databases – modern database marketing and CRM systems can automatically cap the sending of email marketing campaigns with a high bounce rate which may even negatively impact your brand’s domain.

With good reason, for a customer, it is very important to maintain a sense of both transparency and control in how personal information is processed, stored and used. Without control, customers feel vulnerable and less likely to interact with brands whose actions affirm that feeling.

However, rather than considering POPIA compliance a hurdle, marketers should consider this to be an opportunity to create more meaningful engagement with your target audience and deliver content they actually want to receive using a more modern ‘pull’ approach. Use the data you process to personalize marketing communication as is the expectation in 2020.

Marketing communications can only be sent to existing customers under certain conditions or with the customer’s consent. At the time of signing up a customer or when an enquiry is made, savvy marketers use that opportunity to motivate and incentivise potential customers to consent to receive marketing. Ask the customer upfront what content they want to receive and how often. Make your Privacy Policy easy to understand and highlight key aspects thereof that offers the customer transparency and control that will mitigate customer data vulnerability and in turn will see your brand grow a quality database.

2. Targeting

While organisations are still allowed to collect big data, while complying with POPIA, the aim is to give data subjects (customers) control by consenting to what they want to receive from brands and in effect spare them from overtly invasive advertising.

Still, the opportunity for smart marketers lies in realising that more data equals to more opportunities to gain insights by applying an analytical mindset which delivers a level of personalisation that can ultimately allow organisations to add value to benefit their customers instead of risk scaring customers away. Any unused data is simply an overhead cost.

Set up personal data in a compliant customer relationship management application (CRM) or linked database marketing system which integrates well with the rest of your organisation’s systems and processes. The approach will assist organisations in better utilising touchpoints with existing and potential customers and for marketing messages to reach the target audience at the right point during the decision-making process.

Be wary of features available on advertising platforms such as the ability to create lookalike audiences and the like that are not entirely legal, or ethical, in terms of POPIA provisions. It might take some effort to strike the delicate targeting balance that your organisation needs.

3. Successful data retention requires change

It goes without saying that organisations effectively need to safeguard the information retained in their database and need to be able to justify the depth of personal information retained. The POPIA also expects personal information to be safeguarded in line with industry-specific Cyber Security requirements.

Although not directly a marketing-related aspect, it is important to note that there are two factors that come into play when safeguarding personal information:

  1. Behavioural change: cyber policies and the like need to be in place to regulate devices or the behaviour of individuals with access to personal information. This includes, but is not limited to, password policies and ‘Bring Your Own Device’ provisions. It is here where change management is particularly valuable in helping an organisation and its employees enforce policies and adopt the shift in behaviour – simply creating a policy and emailing it to all is just not enough to affect real change required by the POPIA.
  2. System change: on the technical side of things a CRM system that integrates well with the rest of the organisation’s existing workflow systems will add value to the organisation’s overall efficiency in centralizing all personal information (we remind you that MS Excel is not a compliant system for storing personal information), the safeguarding and retention of data as well as integration with database or email marketing. Investing into a central system with only one view of the customer’s personal data is the benchmark which will eliminate duplicates floating around the organisation in silos.

4. Follow the leads, compliantly

The POPIA has brought with it an opportunity to design organisations’ digital marketing properties, lead generation efforts and websites in a way that allows them to acquire or reconfirm consent upfront and at the point where target audiences have expressed their intent to engage with the brand. By involving easy-to-use transparent systems, lead generation and obtaining consent can be part of a positive customer experience.


*Article written in consultation with ENSafrica