With the Protection of Personal Information (PoPI) Act set to commence soon, Rogerwilco’s Charlie Stewart believes companies should consider why they are collecting data in the first place. He shares tips to get data collection right.
With the anticipated commencement date for the Protection of Personal Information (PoPI) Act set for 1 April 2020, the number of companies concerned about their data collection policies is set to skyrocket.
While it’s good that regulators are trying to protect customer data, POPI is a cure, rather than the prevention. Imposing penalties on companies who are not playing safe with consumer data is essential. But companies should think about why they are collecting data in the first place.
The obsession with data can be blamed on the opaque promises made by the proponents of big data, with companies benchmarking against the likes of Amazon, Google and Facebook, who harvest vast tracts of our data. By trying to emulate this behaviour, companies collect as much customer data as they can but rarely know what they’ll do with it.
A 2017 Harvard Business Review article notes that less than half of structured data is used and just 1% of unstructured data is used in the decision-making process.
Consequently, much of companies’ data ends up dumped on a server, underutilised and logged as another concern for the IT guy. And it’s here where this data is exposed to negligence or possible hacking, punishable by fines under P0PI.
Why?
Fundamentally then, South African companies need to think about the purpose of the information they’re collecting. Will it be used in planning, reporting or in personalising marketing going forward? If there is no clear answer, rather avoid it altogether.
Not all data is created equal, so think about what you want to collect? Many companies target new customers by purchasing B2B emailing lists or buying third-party data from Google and Facebook.
Yet few have an effective first-party data programme in place. Who is the customer? Do they have an email address and telephone number? What did they buy? What are the demographics and psychographics at play? These are the building blocks needed to get to understand current customers and to personalise future campaigns effectively.
And if any evidence was needed on the value of pleasing existing customers versus targeting prospects, another Harvard Business Review article claims it can be five to 25 times more expensive to acquire a new customer than it is to retain an old one.
The value of first-party data is coming to the fore. A first-party data strategy can lead to the paradigm shift needed to turn away from continuously searching for new clients instead of servicing current clients effectively.
Customer data platforms are one of the hottest tickets in the burgeoning martech industry, which already gobbles up around a third of all marketing budgets according to Forrester. Yet, in South Africa, all too many brands still invest their martech spend into Data Management Platforms and other adtech platforms that focus on third-party sources.
The folly of this was exposed earlier this year when Google announced that it would be phasing out support for third-party cookies, which are instrumental in the pursuit of new audiences.
Clean data is good data
In this so-called data ‘land grab’, companies often pour hard-earned records down a CRM black hole. It should come as no surprise then that a study from SiriusDecisions found that 25% of the average B2B database is inaccurate.
It doesn’t help to spend the time and effort in acquiring vital customer information if you don’t invest in making sure the data is accurate – and keeping it so. Don’t let it be your business that sends out emails addressed to the wrong person or to decision-makers who have left the company.
The more considerable concern around POPI is, of course, the safety of customer data. News of significant data breaches has become a regular occurrence, and it seems that cybercriminals can exploit almost any preventative measure.
However, this is no reason to make it easy, especially for smaller companies who store data on their servers or simply in spreadsheets on employees’ devices.
The move to a reputable and certified cloud-based data platform or CRM solution will pay-off in the long run. And, while it may not guarantee protection from a security breach, you can at least demonstrate that you took active measures to protect your information.
Respect the client
Finally, don’t use your collected data in a way that customers might find disturbing or unprofessional. I recently visited a website where the chatbot greeted me by my company’s name, without me feeding it any information.
Although this shouldn’t come as a surprise with the amount of cookie data available, it still struck me as highly inappropriate and downright creepy. Being POPI compliant doesn’t eliminate the need to be respectful towards your clients.
It’s important to remember that the steps above will not make you POPI complaint. Instead, it should serve as a reminder to utilise collected data effectively, rather than setting the collection of data as the goal.