Sign up for our newsletter

That felt right. We’ll be in touch soon about our new secret handshake.

Sorry, something went wrong!

Let’s keep this relationship going.

Please also send me occasional emails about Zendesk products and services. (You can unsubscribe at any time.)
Please select an option


Did GDPR kill the personalization movement?

I am not a girly woman. Once a man I was dating gave me a coffee mug with a cartoon bird and flowers on it that said, "I thought you'd like this mug cause it's got a lot of flowery shit all over it." I laughed so hard. I loved that mug. It was a me present; not a present you get a girl. That's the beauty of personalization. Personalization is key to building relationships. When it comes to business, customers love it when companies really know them and deliver a "me" experience. But when a company doesn't yet know the customer, and tries to simulate familiarity by stalking their data, it winds up feeling kinda creepy. Businesses have gotten increasingly clever about collecting customer information surreptitiously, which worked marginally well. And then along came General Data Protection Regulation (GDPR).

GDPR is a European Union regulation designed to give consumers a meaningful say in whether companies can collect their data and how that data is used. As one Harvard Business Review writer pointed out, having users click a button promising that they read pages of an arcane user agreement does not count as offering consumers a meaningful choice.

"Does it indicate that the user is willing to have her personal data harvested across the digital and physical worlds, on- and off-platform, and have that data used to create a behavioral profile for digital marketing purposes? Almost certifiably not," the author writes.

GDPR doesn't just apply to Europeans. If a company has European customers, or even if Europeans might stumble onto its website, it needs to be GDPR compliant. This puts a lot of restrictions on a company.

Under GDPR, businesses:

  • can't use cookies without telling visitors;
  • can't use a blanket opt-in, rather they must ask customers to opt-in to every single offer;
  • must keep track of every bit of data and every opt-in—who consented, when they consented, how they consented, and what they consented to, exactly;
  • must explain how they'll use a customer's information before the customer gives consent;
  • must erase all of a customer's data, if asked;
  • must make the data portable, making it easy for customers to get all data collected in a format that they can send or provide to a different company—such as a competitor.

And, very important, any consent a business got before GDPR went into effect probably doesn't count.

The point is to restore control of data to the people it really belongs to. But companies just getting the hang of using information from internet searches, cross-device interactions, cookies, and opt-out programs to create the kind of stellar, personal interactions customers seem to crave, may be asking… Now what?

Let's face it, shadowing people for data was never a silver bullet. There's something disturbing about looking up a pair of boots online and having an ad for them show up everywhere else you go. In fact, some pundits are calling GDPR a positive development for marketing personalization. That may be taking it a little far, but they make some good points.

Let's face it, shadowing people for data was never a silver bullet. There's something disturbing about looking up a pair of boots online and having an ad for them show up everywhere else you go.

The age of consent

This is a period in history when people are beginning to demand the right to give consent—whether to romantic overtures or data use. Up to now, businesses collecting information on people comforted themselves with the tradeoff fallacy: the idea that people were willing to trade their privacy for economic benefits such as a discount on an item's price. Researchers discovered, though, consumers were far more resigned than accepting about the fact that marketers plundered their personal data.

This is a period in history when people are beginning to demand the right to give consent—whether to romantic overtures or data use.

The University of Pennsylvania, along with Princeton Survey Research Associates International, conducted a national survey of 1,506 Americans age 18 and learned that: "91% disagree (77% of them strongly) that if companies give me a discount, it is a fair exchange for them to collect information about me without my knowing.'"

We don't know what we don't know

Other findings in the study included:

  • 49% of American adults who use the internet believe (incorrectly) that, by law, a supermarket must obtain a person's permission before selling information about that person's food purchases to other companies.
  • 69% do not know that a pharmacy does not legally need a person's permission to sell information about the over-the-counter drugs that person buys.
  • 65% do not know that the following statement is false: "When a website has a privacy policy, it means the site will not share my information with other websites and companies without my permission."

So even though customers may give consent, they've been doing it without really knowing what they're consenting to. And finding out what companies are doing with their data pissed off customers. For example, there was a "Quit Facebook" movement in March of 2018 when it became known that Facebook had sold users' data to Cambridge Analytica, which then used that data to influence the 2016 elections. Facebook survived, but not without damages.

Permission to get personal

There are a lot of ways to deliver a personalized experience and still ask people's permission to use their data. In a survey of 300 marketers, researchers learned that they use various tactics to create a personalized experience, including personalization platforms that take in all the data about a customer to create a personalized experience, recommendation engines that put a likely product front and center for a customers, and exit or bounce messaging tools that ask things like, "Do you really want to leave? What if we…."

But most marketers acknowledge they're not getting the results they want. In fact, The Wall Street Journal reported

So, what's a company to do to create a personalized experience? Plenty.

  • Offer a lot of channels for interaction. If the company does a great job of responding through the communication channel the customer prefers, that's an immediate "me" score for the company. If the customer has a problem or question and can resolve it the way they want, that earns trust that this company will cater to them. They're more likely to trust that giving access to data will result in a better personal experience.
  • Explain in a friendly way what you want the data for. Those bars at the top of the page seem like disincentives. They come across like, "We use cookies, so if you want to buy from us, we’re going to track you. Otherwise buh-bye." Some better ones say something along the lines of: "We use cookies to try to create a more relevant experience and if you keep using the site we’ll assume you’re okay with that. But you can change your cookie settings at any time by clicking here." That’s giving the customer more control and a meaningful choice.
  • Create options. Let customers know you want to give them the best experience and give them options—like a game—about what they want to see. They can pick their hold music, for example, or you can use a filter system that lets users identify characteristics of products they’re looking for. Show me everything you’ve got in low-heeled, comfortable, leather boots; don’t make me sift through versions of those plastic 4-inch high purple Go-Go boots.
  • Respond to emotional cues. This includes everything from training your technology to your customer service team. Research shows that emotion is a key to a great customer experience.
  • Use contextual advertising. Contextual advertising is marketing or customer service messages embedded in sites. So if someone is looking at the Whole Foods site, you can place an ad for your upcoming Healthy Living seminar, or your water purification company on the page. No, you don’t know exactly who your customer is in that case, but you can make some reasonable guesses about their interests.

If the company does a great job of responding through the communication channel the customer prefers, that’s an immediate "me" score for the company.

The problem with technology is that humans sometimes focus more on what they can do than what they should do. Learning about customers and giving them what they want in the name of personalization, without their permission, is a little bit like having a stranger hand you a bouquet on the sidewalk and say, "I’ve been watching you and I know daisies are your favorite flower. Want to go out?" The response is more likely to be "No thank you, but give me your name for the restraining order." No business wants to be that person, or leaving a customer with an experience that feels unsettled at best.

GDPR will push companies to work a little harder to create personalized customer experiences. But that’s probably a good thing for everybody.

Susan Lahey is a journalist who lives in Austin and writes about everything that piques her curiosity including travel, technology, work, business, art, sustainability, and cultivating deep, messy, exquisite humanness in the digital age.