This time last year we were at the end of a flood of emails asking for our consent for a variety of organisations for them to continue to communicate with us. The reason behind this rush was the full implementation of the GDPR and Data Protection Act 2018 and these organisations were running scared that they would fall foul of these laws. However many organisations need not have sent the emails in the first place; they did it because they didn’t properly understand the lawful basis for processing our personal data. The net effect of this was to destroy many mailing lists, now hampering future marketing initiatives and therefore potential sales revenue. Unfortunately there is not much we can do about this because once you’ve decided to go for consent as your lawful basis for processing, then you can’t reverse it retrospectively.
Luckily there were many organisations who didn’t send what I termed as ‘Zombie emails’, but they now have a bunch of past customers who they are not sure what they can do with. In effect you have customers with 3 types of permission:
NB. The size of the circles above is not based on any survey, it is purely to demonstrate the point.
Of all the customer data an organisation holds, in terms of marketing permissions, it is probable that the smallest group are in the Yes camp, and the largest in the No camp and it is clear what to do with those in the Yes and No camps. The Don’t Knows are probably somewhere in the middle in terms of size, but this will still represent a sizeable number of consumers that have interacted with your organisation before, but for whom it is not clear if you can market to them in future.
Because of the fear of fines and sanctions from the ICO, many organisations have either deleted these people’s data, a real waste(!!), or are holding the data in the hope that the customer will come back to them one day (this will probably breach any sensible retention schedules). What is evident is that they are doing nothing proactive to re-establish contact with these customers.
Naturally what you can do in the future depends on what you have done in the past. The lawful basis for processing and the marketing permissions that were presented to these consumers, if any, will determine what can be done going forward. What we cannot do is magically turn a ‘No’ into a ‘Yes’. However there may be scope for turning a ‘Don’t Know’ into a ‘Yes’ if the data was collected under certain circumstances.
To do nothing is a waste. Either the company needs to stop wasting storage space with these people and delete them, or find a way of contacting them to establish if they would like to remain on the database.
A caveat here though – BEWARE OF UNINTENDED CONSEQUENCES!! By contacting these Don’t Knows there could be some bad outcomes:
- It may lead to a flood of erasure requests – well you were probably going to delete them anyway.
- It may lead to a flood of subject access requests. Do you have the operational capability of coping with them and responding in the prescribed time limits? It might be better if you make contact in batches.
- It may lead to a flood of complaints to the ICO. Will your senior team, because it will have to be the senior team, have the capacity to deal with an ICO investigation? What if you do get fined, or face some other sanction that prevents you from doing business?
However it is my bet that The Data Guardians will be able to help you to re-connect with these Don’t Knows and I also bet that by doing so, it will drive revenue growth, both in the short and medium terms. For more information contact us at firstname.lastname@example.org or on +44 (0) 7980 815 761.
You can also subscribe to our newsletter for data protection news and insights into how your business can protect your customer and employee data: eepurl.com/c72F7P