How Retailers Can Mitigate the Ripple Effect of a Consumer Consent and Privacy Compliance Request
Rooted in increased regulation such as GDPR and CCPA and general customer backlash, a growing emphasis on collecting consent and ensuring privacy of customer data exists. In this environment, the “cost” of compliance is a top-of-mind factor for retailers, but how “cost” is considered varies from organization to organization. Irrespective of an organization’s approach, the cost and complexity of solving the consent and privacy problem remains high.
Some companies focus on the cost of setting up technology to collect, track, store and report customer consent and privacy across their enterprise systems. They focus on making a solution-based cost benefit decision, seeing the compliance problem simply as a project to complete and an item to check off their to-do list. Others focus on quantifying the cost of potential fines associated with noncompliance. Their focus is risk-reward, and decisions are based on the potential risk and associated cost to the retailer for a complaint.
By defining a consent and compliance project so discretely, organizations overlook an expensive and impactful aspect of addressing the requirement, which starts with a simple request — a customer asks to be removed from a communication.
Without approaching compliance holistically, a request to be removed, be forgotten or for an understanding of what's being collected on a customer becomes a grain of sand in the gears of a company. This grain of sand negatively impacts and slows down the overall organization as it works to address the request.
As the request moves through the retail organization from department to department, the cost to address a compliance inquiry grows exponentially. This expense grows as the number of requests grow.
Cost to Customer Service
In most cases, the information needed to answer common customer requests (e.g., tracking whether their product shipped, their order was placed or learning the status on their account) is relatively easy. That’s because retailers have spent years and lots of money building out their core CRM systems.
This isn't true for consent and privacy data. This data is often stored across many different systems and tools within the enterprise. Additionally, accomplishing a consolidated view requires a proper data map to what information is stored where.
By allowing customers to complete consent and privacy requests via self-service or providing customer service representatives easy access to customer data across the enterprise, customer inquiries can be handled effectively before they become a larger problem.
Without an overall understanding of where data is stored, how to access it and, more importantly, make a change, no request for consent or privacy data can be easily addressed. This results in significant time and effort by the customer service representative and others across the organization as well as multiple communications with the customer regarding the status of their request.
Cost to Marketing
Good marketing presents a well-thought-out brand promise and makes the customer take notice. However, in order to fulfill compliance requirements, many companies deploy tactics that result in less-than-ideal messaging to customers regarding the use of their data. These messages only confuse, frustrate and certainly don’t convert customers.
In other cases, in an attempt to quickly address consent and privacy risks, organizations turn to band-aid fixes such as the implementation of complete opt-out vs. opt down or the decision to not send outbound communications at all.
The loss of customer communication, either because of overly stringent adherence to compliance laws and regulations or due to confusing compliance language impacts the effectiveness of marketing and decreases return on investment on marketing efforts.
Well-thought-out consent collection and data privacy access at key moments in the customer journey is key to converting compliance from a cost to marketing to a marketing advantage.
Cost to Compliance
Without a proper governance approach, the compliance department finds itself stuck in a cycle of one-off responses to complaints and addressing compliance requests that arise. To address the problem “of the moment,” the department tasked with compliance works in a constant triage.
Consent and privacy management isn't a technology, and it's not a project.
To address these correctly, it requires an overarching practice, a general shift in the way the organization views the customer and works internally. Fully addressing consent and privacy requests requires input from all departments to stand up a well-thought-out approach and continually update it as the technology, business and compliance environment changes. The compliance department must be strategic about its approach in order to be successful.
Cost to the Customer Experience
Finally, the most impacted aspect of an organization is the customer experience. This includes how the customer views the organization as a steward of their data, their experience of receiving communications across many channels, as well as their experience when they interact with digital properties.
Collection of consent and responding to data privacy requests must be thought through as strategically as any marketing campaign to drive traffic, shopping cart experience to increase conversion, or supply chain assessment to drive down costs and increase customer satisfaction. It can’t simply be bolted on as an afterthought.
As regulations and requirements increase as a result of increased scrutiny through laws such as GDPR and CCPA, the cost of complying with customer requests eats away at top- and bottom-line profits. Top-line because the customer can exercise the choice to work with companies that honor their consent and privacy wishes strategically and proactively, bottom-line because of the internal impact to ill-prepared organizations as they react to inquiries from customers.
To be successful, organizations must think through the ramifications beyond the implementation of a singular technology or in preparation for potential fines.
Eric V. Holtzclaw is chief strategist of PossibleNOW, a provider of consumer regulatory compliance and consent solutions.
Related story: The ‘Art and Science’ of GDPR Consent for Retailers
Eric V. Holtzclaw is Chief Strategist of PossibleNOW, a provider of consumer regulatory compliance and consent solutions. He’s a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. Check out his book with Wiley Publishing on consumer behavior – Laddering: Unlocking the Potential of Consumer Behavior. Eric helps strategically guide companies with the implementation of enterprise-wide consent and preference management solutions.