How to win at CRM post-GDPR

We asked Steve Lowell, KMMS and Indicia’s Director of Data, what GDPR means for CRM

Almost a month after GDPR has come into effect, many marketers and brands still have question marks hanging over their heads about what it might mean for their business.

So we decided to have a good old chinwag with our Director of Data and Data Compliance Officer, Steve Lowell, and get some answers for you.

We got to the bottom of how GDPR will affect your CRM, how you can avoid the roadblocks and make GDPR work in your favour.


First up, how does GDPR affect CRM?

Probably the biggest consideration is that GDPR sets a new standard for the use of personal data. If you’re relying on consent as the basis of processing data, it needs to be explicit and granular. In other words, you have to make it very clear what the customer is opting into.

Many brands decided that the consent they were holding from customers was not reaching GDPR’s higher standards. That’s why you probably noticed a flurry of re-consenting programmes before the 25th of May.

How do you see CRM changing as a result?

I see CRM programmes becoming more efficient. If you’ve had to re-consent your customer base and ask for an explicit opt-in, you’re only going to be communicating to people who have clearly expressed an interest in hearing from you. Therefore, they’re probably more likely to engage with your brand.

Are there any opportunities to improve CRM?

Yes, absolutely. It’s all about giving the consumer a reason to want to hear from you. This isn’t just about product or offer, it’s about brand engagement. The brands that deliver the best CRM programmes post-GDPR will be the ones with the most compelling proposition for the consumer. Now’s a great time to start thinking about where you can add value to your customer communications.

What are the biggest threats to CRM?

CRM can no longer be viewed as a transactional channel. Now, it needs to sell your brand’s benefits in the same way that any other channel does. You could almost view the recent re-consenting programmes as the ultimate test of brand engagement – those who get high opt-in rates clearly have a compelling proposition. Those who don’t should really be thinking about their wider brand positioning, not just their low opt-in rates.

What are your top tips for keeping your CRM compliant?

If you’ve not started on your GDPR compliance, you need to get a move on! The ICO and DMA websites have some great resources to help you understand the key points, so I’d start there.

It’s also really important to establish your own internal governance model as quickly as possible. You need to decide who owns data protection in your business, and who is their project team. Gone are the days when data compliance can be managed as a small side project for a junior member of the team. It requires attention and focus.

If you have any other questions, feel free get in touch with us. We’d be happy to let you know how we can help your brand ace all things GDPR and CRM.

Sign up to our newsletter
Get more content like this direct to your inbox – plus full access to our Retail Innovation talk, filmed at London's Tate Modern

We’ll use your information for the purpose of our newsletter, to occasionally invite you to our events, and send you other relevant information.