Preparing for the opt-in revolution

FMXA CEO Alisha Dattani says the arrival of GDPR next May will force resellers to rethink their sales and marketing tactics

FMXA CEO Alisha Dattani says the arrival of GDPR next May will force resellers to rethink their sales and marketing tactics

Resellers live or die by the quality of their sales leads and marketing activities, which in turn depends on the quality of data they hold on customers and leads. There's just one problem: the EU General Data Protection Regulation (GDPR) is set to have a major impact on these efforts. By enshrining sweeping new rights over how data is used and protected, resellers need to urgently revisit and revise their processes.

The most successful channel players will view this not as a burden, but an opportunity to improve customer engagement and drive sales.

The GDPR is the biggest change to Europe's data protection laws in a generation, designed to bring them up to date with our cloud, IoT, mobile and social-driven world.

It is set to affect any business which processes personally identifiable information (PII) on EU citizens. Thanks to the UK Data Protection Bill making its way through parliament, it will continue to apply to UK resellers post-Brexit. In addition, the old Privacy and Electronics Communications Regulation (PECR) which governed marketing communications is to be replaced by a new ePrivacy Regulation designed to fall in line with the GDPR.

The most obvious element that will affect sales and marketing functions is that the individual (or "data subject") must explicitly give consent for their data to be used and to understand exactly how it will be used (known as the right to be informed). Resellers will also have to keep a record of how consent was obtained, and respond speedily to requests to withdraw consent. Sales and marketing comms will have to be more targeted to the specific individual in a business, so resellers can argue they had a "legitimate interest" in sending it. Business email addresses apply, as do personal ones.

What does this mean for resellers?

All this has major implications for common reseller practices such as buying data lists, following up on leads provided by vendors, allowing vendors to access customer databases for campaigns, or uploading lead data to partner portals. Resellers may need to be more self-sufficient than they might have been in the past in terms of compiling these lists.

Historically the reseller community has always received leads from vendors who gather them from contact forms and web downloads. In the new GDPR world order, vendors won't be able to hand these leads to resellers for follow-up without explicit and specific opt-ins from consumers. This could result in the short term in a dramatic decline in reseller leads. To combat this, resellers will need to boost their own in-house marketing and lead-generation capabilities.

Focus on building and promoting your unique brand: hire a PR team and bring in SEO expertise to improve organic search rankings. The aim should be to improve credibility and awareness of your organisation. Develop compelling content positioning your business as a thought leader, and don't forget the power of social media channels to enhance inbound marketing efforts.

The GDPR will also force resellers to revisit their privacy notices, to include more information on "fair processing" written in "clear language". However, privacy notices must be separate from GDPR consent notices. Be sure to include here any GDPR-compliant sharing of data with third-party services. You must name your organisation and any third parties that will be relying on consent.

Under lock and key

The GDPR also introduces strict rules on how to protect, store, process and transfer this PII. One of the core principles is data minimisation; that is, only to collect and store what's strictly necessary for the tasks for which you have obtained consent.

Conduct a data audit to see what data you hold, where it's stored and where it flows, inside and outside the organisation. Then check what security controls you have on consumer PII and plug any gaps. The GDPR isn't explicit about what you need to put in place, but anything following industry best practices — especially approaches accredited with ISO 27001 and other frameworks — will stand the best chance of appeasing regulators. Pseudonymisation and encryption tools are a given.

The most successful resellers will embrace the challenge to improve internal data protection and become more self-sufficient in lead generation.