Continuing compliance action can boost conversion rates, says Conor Byrne, director of ICE ICT
GDPR is here to stay with the ICO now issuing fines on almost a daily basis, but many companies have avoided fines by showing evidence of attempting to address the regulations.
GDPR can be a bit like a trip to the dentist, it is a bit painful but is necessary to ensure good dental health. This is what GDPR is, an exercise in good data hygiene giving you peace of mind that you are being responsible for data within your guardianship and securing your company against breach and fines. Oh, and you must keep your data hygiene regime all the time to ensure it is effective.
Speed Camera or Safety Camera
It is often understood that the GDPR regulations are there to catch everyone out and issue fines to fund the ICO and similar. This has proven not to be true and the regulations are making all companies that take it seriously much more secure and the feedback has been an eye opener for companies to understand where their vulnerabilities are, what data they have and how they use it. The press reports it as a speed camera with huge headlines about massive fines however in reality the actions people are taking to secure their data are reducing the ICO threat to a safety camera scenario where they don’t execute companies for breaches if they can prove that that have taken reasonable steps to protect their data.
Many companies have taken action on the GDPR regulations and a bit like the Millennium Bug there has not been a massive crash with the ICO closing down many companies per week with huge fines. Some of these companies are now asking why they put the effort and expenditure into getting compliant. Often the Millennium Bug comparison is made with GDPR however, most non IT people will not know that if companies didn’t take action their systems would have failed. The decision to update systems was binary yes / no and it was easily proven in advance which answer should be taken. GDPR is a risk based strategy, there is no guarantee that a company will have a data breach or even how large the effect will be if they did. So there is no binary answer to “Should I do something about GDPR?”.
This situation is now changing as the results of action on GDPR are coming to the fore. One of the best results that has been quoted to us is from a Large Tour operator who took the decision to only have fully consented contract on their CRM. If they got no response to the contact then they removed the contact from their systems. This action removed over 60% of the contacts from their database. This was a major worry for companies attempting to fulfil the GDPR regulations and most thought that their database was so important to the business that the business would fail if 60% of contacts were removed.
Well in this case that’s not what happened, it turned out the conversion rates went up by 60% and the efficiency in making the sale also increased substantially. Why? Well it turns out that the 40% of contacts left on the database where the ones interested in being contacted and in doing business with the company hence the conversion rate increase. The efficiency increase was driven by the fact that sales teams’ time was not wasted in chasing people who weren’t interested.
In conclusion, the observations we have made show that companies who have addressed GDPR;
● Are much happier in that they now know what data they hold and how it is being used
● Can be confident that should there be a breach they will be able to implement emergency measures to reduce or eliminate the effect of the breach
● Understand in real terms the importance of information technology to their business and more importantly, what the effect of an IT failure will be.