GDPR: evolving multichannel marketing to prepare for a stricter data protection environment
With the enforcement of the General Data Protection Regulation (GDPR) in May 2018, EU industries face one of the biggest challenges to the way they use customer data to date. Dr Jessica Santos, global compliance and quality director at Kantar Health, investigates how the new regulations will affect the pharmaceutical sector and how companies can adapt their approach around them.
As the world entered the 21st century, the introduction of new technological capabilities and adoption of a variety of digital channels brought with it unprecedented amounts of customer data.
This new wave of insights into the way customers operate – in this case purchasing or prescribing decision makers – was quickly taken advantage of by sales and marketing teams across all industries to better market their products.
So far, the process has benefitted businesses – once they gain consent (explicit or implied) from a customer, their data can be used to inform marketing communications.
But in May 2018, this approach will change dramatically with the introduction of the General Data Protection Regulation (GDPR). This new set of universal guidelines will dictate how companies from all industries collect, store and use customer data and will impose heavy penalties on those companies in breach of them.
For pharma, where marketing strategies have remained formulaic, the new rules mean the industry will need to seriously examine its use of customer data in sales and marketing, particularly when developing content and using channels to deliver brand message.
What is GDPR?
Compared with the EU's Data Protection Directive – the official EU instruction regulating the processing of personal data within the region – the GDPR better defines and strengthens individual rights and attempts to harmonise organisational privacy policies and research consent forms across the continent.
The regulations will supersede the current EU Data Protection Directive 95/46/EC as of May 25, 2018, and will be adopted by all 28 EU Member States.
The 200-page legislation brings with it significant regulatory changes to consent, legitimate interest, transparency and security. Areas affected include:
- 'Personal' and 'sensitive' data definitions – personal data means any information that relates to an identified or identifiable living individual, while sensitive personal data includes both biometric and genetic data.
- Data Controller and Processer liability – both parties will be liable and face higher fines for non-compliance. For Controllers – such as a pharma company that sends its target list to a marketing agency (Processor) for the purposes of marketing – this means they will have the ability to audit the Processor. Processors, meanwhile, can now have action taken against them specifically.
- Accountability – accountability applying to various areas, including contracts, privacy notice obligations and record keeping, will need to be clearly stated and documented. Under GDPR, the Controller is responsible for making sure all privacy principles are adhered to, and an organisation must demonstrate compliance with all the principles.
- Organisational obligations – companies will need to appoint a Data Privacy Officer as well as conduct their own Data Protection Impact assessments. Data breaches will need to be relayed to authorities within 72 hours of their occurrence.
- Individual rights – importantly, individuals will have the right to: be forgotten and erased; notified prior to data collection; access their data; data portability (move data from one provider to the other)– i.e. transfer their data to another Controller; and object to profiling activities (e.g. object to automated refusal decision of loan application).
Transnational cases of data collection will be governed by a new Data Protection Board, while GDPR will also apply to personal data processing of any EU citizens, no matter where the processing takes place.
The guideline stipulates that commercial organisations will require a valid reason to hold and retain customer data. If an organisation does not, they could face a fine of up to €20 million or 4% of their global annual turnover, whichever is the greater.
It’s no longer just about consent
From a general marketing point of view, the GDPR represents a major shift in thinking about how customer data is used.
Previously, using customer data was driven by consent, i.e. a customer opting in to product marketing meant the company asking for it could begin sending them marketing materials. Companies exploited this by tying service provision into giving consent, for example, inducing customers to opt into marketing via a tick box as part of the Terms and Conditions of using Wi-Fi at a café.
This mindset gave companies a certain level of power to use their target audience’s data where they saw fit, bombarding data subjects with communications from that point onwards.
From May 2018, however, individual data subjects will be granted significant new or strengthened rights. The power will shift to the individual to exercise anything from ‘right to be forgotten’, ‘right to rectification’ or ‘right to object profiling’ rules. Exercising these rights will mean that a person can permanently opt-out of communications from a specific brand.
A more considerate, tailored approach
This new stipulation will require a new kind of marketing that considers and communicates the legitimate benefits a brand can give to its customer. The focus must now be on value, not just push marketing, to minimise the risk of customers wanting to ‘be forgotten’.
What is needed, therefore, is a personalisation of marketing materials tailored to the needs of each audience. Pharma companies must put themselves in the shoes of the patient, the healthcare professional or the healthcare organisation, to understand how their brand benefits each of them, altering their brand messaging to communicate that benefit in the best way possible. This may sound like ‘Marketing 101’, but companies have got away with not implementing this best practice previously; the downside of not doing so is now significantly increased by GDPR.
This more deliberate, measured approach will also bring cost into the equation. In the past, a customer opting in to communications opened the door to a variety of content being pushed their way, including emails, letters and social media campaigns – all of which could be done with a click of a button.
With the strengthened rights of individuals (to be forgotten and erased, notified, access their data, to data portability, and object to profiling activities) marketing strategies that abuse multichannel communication will be costlier, as overwhelmed individuals may opt out of communications altogether, leaving companies with a smaller target audience.
The case for touchpoints
One of the most effective methods to avoid this is touchpoint marketing.
Unlike traditional key messaging strategies – that push a brand identity through a variety of channels – touchpoint marketing considers each point of contact with each customer, helping to provide an understanding of what content is best for specific channels and particular individuals.
Channels can then be thought of as chapters in a book, which work in symphony to deliver distinct parts of an overarching brand story. The result is a more immersive, engaging and valuable experience for the customer. This does not have any impact on the right to store customer data, but it does reduce the risk of opt-out, which is now potentially permanent.
Of course, the value created through this approach is not just for the customer; pharma companies benefit too.
Touchpoint strategies allow for organisational agility through their underlying feedback mechanism. For example, if a company pushes content via email to a customer who has only previously been engaged via social media, and achieves better engagement from them using this technique, future marketing could focus more on the email channel.
Content preferences become clearer too. If the same customer remains active on social media yet engages little with social media marketing content, the indication is that the latter content needs to be altered.
Gradually improving the ability to provide value in this way reduces the likelihood of customers opting out of communications, saving pharma companies the headache of gathering new customers – particularly challenging given there is a finite number of healthcare professionals. It also gives companies a legitimate reason to hold customer data, helping them avoid the substantial fines imposed by the regulations.
A win-win situation
As with any regulatory change in the pharma industry, the first reaction of many is to see the GDPR as an obstacle to be overcome. But, on the contrary, the new regulations could offer a more valuable landscape for everyone.
Customers' lack of trust towards marketers is a common problem. With a more considered approach to marketing, and given the strengthened rights of individuals, customers will appreciate brands more, increasing their likelihood to engage with them. Over time, this will help to restore the trust previously lost through historically uncoordinated and overwhelming multichannel marketing.
Pharma companies that adopt a touchpoint marketing approach will see greater trust and value in their customer relationships in the short term, and higher levels of retained data over the longer term.
About the author:
Dr Jessica Santos is the Global Compliance Director at Kantar Health, a leading global healthcare consulting and market research firm in the life sciences industry. She is primarily responsible for providing oversight and support across the 40+ Kantar Health global offices in the area of regulation, interaction with clients, suppliers and others within Kantar Health, Kantar and WPP. Jessica is responsible for maintaining, anticipating and coordinating all activities with regard to compliance laws/regulations and quality framework on real-world research and market research.
She is an experienced statistician, analyst and methodologist. She gained her reputation through her publications and professional committee work in the industry. Jessica is a frequent speaker and contributor to major conferences. She has a PhD in Marketing and MRS fellowship.
She is also a member of the BHBIA Ethics Committee, EphMRA Compliance Network, UK Research Ethics Committee, reviewer and chair of ISPOR (International Society for Pharmacoeconomics and Outcomes Research) Code of Conduct Committee with patient representatives.
To read the latest Kantar Health Edge of Insight Report: Touchpoint Optimization, click here.