GDPR and E Commerce – One Year On

This time last year, here at Forms Plus, like many of our customers, we were working hard to make sure we complied with the imminent introduction of GDPR. The General Data Protection Regulations came into place on 25 May 2018. One year on, we thought we’d take a look at what the impact has been for businesses, and specifically for e-commerce.

How were e-commerce businesses affected by GDPR?

The majority of e-commerce businesses had to invest time and money in improving their practices to meet GDPR requirements.

This included:

  • Educating staff and appointing Data Protection Officers
  • Improving data storage systems and processes
  • Updating documentation such as Privacy Notices
  • Updating agreements with Third Parties who share data, such as delivery companies, email and CRM software providers
  • Reviewing marketing practices, cleaning up email lists and changing sign-up protocols to ensure everyone has given clear consent
  • Justifying any data that is used without unambiguous consent, by being able to show the person has a “legitimate interest” in hearing from you, for example, in case of product recalls
  • Reviewing all the data you collect about customers and being sure you can justify why you ask for each item

If some of this is news to you, you might want to visit E Commerce Guide’s full set of guidance to GDPR. 

For many companies, GDPR led to a huge cut in the amount of people on email lists, up to 80% having to be removed in some cases. Marketers were gloomy about the likely outcomes and saw a tough year ahead. Some firms took even more dramatic actions. Wetherspoons famously deleted its entire customer database. Marks and Spencer hired its first chief digital and data officer. Some US companies stopped selling to Europe entirely. Video games makers had to block EU users from games that did not meet the requirements. It all looked a bit daunting!

So, what actually happened when GDPR came in?

As we all remember, there was a huge rush of activity last May. Many companies sent out “re-consenting” emails and updated privacy policies. As The Guardian reported, some of these were quite comical.

With Cambridge Analytica also in the news at the time, consumers become much more aware, very quickly, of how companies should be handling their data. One year on, and this shift in awareness seems to resulting in a more positive outcome.

A recent report from the Chartered Institute of Marketing (CIM) shows that 41% of consumers think GDPR has improved how businesses use their data. 31% are now happy to share data in return for personalised brand recommendations (Smart Insights).

Consumers have shown more trust in marketing communications, with improving email open and click through rates. Less people have been unsubscribing and reporting mails as spam. We might be sending out less emails, but a higher percentage are being read, and even better, converting into sales – so perhaps those hundreds (or even thousands) that had to be deleted, were not worth having anyway.

GDPR has also led to e-commerce companies improving their marketing on other channels. Many are making more use of Social Media, online advertising and other channels. These providers have responded with improved targeting options, such as the possibility to advertise to “lookalike” audiences on Facebook and Instagram, for people with similar characteristics to those who have bought from your website before.

91% of marketers still see email as a major tool, and lists are rapidly growing back up, this time with unambiguous consent.

How should e-commerce businesses be using marketing data now?

As customers, we are all very aware now that companies can track who we are, what we’ve bought or browsed in the past and may know further information about us. In return for allowing access to that data, we expect the marketing we receive to be relevant and useful.

E-commerce platforms such as Shopify and Big Commerce, and email marketing tools such as Klaviyo and MailChimp, make it easy for brands to segment and target their communications. The job for e-commerce marketers now is to ensure they respect the trust those contacts are putting in them by providing their data. Using data wisely and sparingly, for example by sending no more than a couple of Abandoned Cart emails, targeting offers to products people have actually browsed and not trying to sell to people who have either bought already, or are unlikely to buy, are now part of the rules of this new data-driven marketing.

If businesses stick to the rules, then customers will happily continue to allow access to data, open emails and continue to buy – and the business will of course also be safe from the risk of hefty GDPR fines.

There may be further change. 2020 should see the introduction of additional e Privacy rules, perhaps relating to cookies and tracking that are also used by many e-commerce marketers. We will let you know more as soon as we have an update.