1 February 2018

Common Consents - how to explain marketing terms simply to consumers

Thomas Ridley Siegert

By Thomas Ridley Siegert LinkedIn

The General Data Protection Regulation is coming and too many companies still aren't asking for consent in a way consumers can understand. So we thought we'd give some examples of how it can be done.

It’s 2018. This means one thing: for the next four months we’re going to hear a whole lot about GDPR.

Already my LinkedIn is a stream of people publishing research showing how few companies are prepared, telling organisations not to panic, or advertising jobs for Data Privacy Officers. Although Bitcoin is giving the feed some respite, it’s been fairly relentless and it’s only going to get worse.

The big problem

Whilst talk about GDPR is great, there is a distinct absence of good guidance – and most organisations are looking for guidance. They know they need to explain a number of complicated concepts – such as data modelling - but many simply don’t know how or feel it’s too complicated to even try. A number of organisations we’ve spoken to about GDPR have said that they would love to rewrite how they ask for consent but are lost.

The ICO has published some useful info and, I imagine, will publish lots more as the deadline of 25 May draws near. However, there are limits to what the ICO can recommend companies to do. This is where I’ll step in.

The solution

We’re currently working with a major bank rewriting its data privacy policy in a language any customer could understand. A similar treatment is needed for the language that companies use to get customers’ consent to use their data.

I’ve picked three concepts, which appear in a number of questions asking for consent, and rewritten them. These may not necessarily be perfect and should be amended to fit your brand, but it gives you an indication to what can be done.

1. Marketing – “We’d like to use your home address and email address to send you information about things we think you might be interested in. For example, this might be a leaflet about a new product we’re launching. We’ll only send you marketing about something we think you’ll find interesting or useful.” 

2. Data modelling – this is a pretty complicated concept generally. In a lot of organisations most people outside the analysts don’t have a clue what actually goes on in regards to data modelling and statistics. But explaining it doesn’t have to be complicated:

“We’d like to use information that we hold about you to help us better understand our customers, and improve our business. We would do this by combining information we have about you with data we have about our other customers. By analysing this information, we can make better decisions for our customers and our business.”

Better still would be to add a real life example in here – which brings the concept to life for the customer. For example, if you use customer data to help you set prices, then why not just say that.

3. Third parties – “We work with a number of other carefully selected companies, who have products and services which we think might be of interest to our customers. If you give us your permission, we’ll pass your details onto these businesses so they can send you details of what they offer and any promotions they are running.”

In an ideal world, companies would fully disclose who they are sharing data with – naming each third party – and giving customers the choice to opt in or opt out to each one individually. Personally I would consent for some but not others, and wish I had the option to do that!

These could be written as the key info with clear links taking consumers to where they can find more information. 

Remember you don’t have to ask for consent for everything in one go. Splitting out different aspects of consent could be done providing it’s asked in a clear and understandable way.

Next steps

Company should take GDPR as an opportunity to rewrite their data privacy policy statement. A lot of them have a reading age of a PhD student and, which means they don’t meet the bar set by GDPR, which calls for transparency and intelligible documents for all consumers. Use GDPR as an excuse to revamp your communications.

But there’s no need to tell everyone on LinkedIn after you’ve done it. Communicating with potential customers in a simply and clear way should be a minimum, not something to brag about.