We wrote earlier about the issues facing firms when it comes to implementing a successful policy for conforming to data privacy legislation.  In this blog we’re going to sum up the key issues and offer you some “Golden Rules”.


If you would like to subscribe to receive regular updates from Stanton Allen then please visit our Contact Us Page and sign up to our e-newsletters.  You can also “Follow” our blog by clicking on the Follow Link on your screen and entering your email address.  That way you’ll automatically get emailed when we update our blog.

Rule 1 – Understand the legislation that effects you in the territories in which you operate

Data protection and privacy is complicated and complex, so this link might be useful to find out about the legislation around the world that might effect you.  But you should always bear the following things in mind:

  • Is your data obtained and processed, fairly and lawfully?
  • Are you using the data for the purposes for which it was gathered?
  • Do you think your contacts and clients would approve of what you’re doing with their data and the information you hold on them?
  • Do you have appropriate security and other measures in place to protect confidentiality?

Rule 2 – Recognise that Data Privacy legislation really only reflects contacts’ rights to decide from whom they want to receive communications

We have to recognise the fact we live in an era when legislation and client expectations mean we can’t “info-bomb” people.   We have to be extremely careful about how we communicate with our clients and contacts.  We have to have something interesting to say and allow those who want to hear our message to exercise their right to choose to do so (or not).

Rule 3 – Have a clear plan

The way in which firms attempted to comply with Cookie legislation indicated a great deal of confusion.  You need to make sure that there is someone identified as being responsible for monitoring this legislation and devising a plan that complies with it and that is also practical.

Rule 4 – Get the partnership on board

One of the challenges is that there seems to be a reluctance amongst the professionals to “give up” the right to decide if their contacts should receive communications.  However the reality is that the right has to be with the individual.  Opt-out is no longer enough.   This is not necessarily going to go down well.  Therefore it’s essential that for your data privacy policies to be implemented you’ll need to get senior management buy-in and proactive support.

Rule 5 – Think about who you’re targeting

Data privacy legislation is good thing for CRM.  For too long the emphasis of CRM systems has been to add contacts to mailing lists and then to recycle those lists.  I argue that recipients of unsolicited marketing communications have always had the ability to be in control of the marketing communication process.  The only difference is that they will shortly have legislation on their side too.   So we need to think about who we’re targeting for campaigns.  Rather than recycling lists we need to go back to defining the criteria that determines if someone should or should not be on a list.

Rule 6 – Think practically

We may have a very long wish list of what we would like to do when it comes to personalised marketing preferences for our clients, and the technology can certainly delivery.  However you have to be practical about what you can achieve.  The worst thing is to set expectations with your partners and clients that you can deliver a sophisticated system and then fail to do so.  It’s almost worse than not trying at all.

Rule 8 – Less is more

If we are to introduce individualised marketing preference management for contacts, then we certainly are not going to be able to do that for hundreds of thousands of contacts.  Firms are going to have to consider what criteria it will use to determine who should be added to the CRM system.   In this context less data is definitely more!

Rule 9 – Understand why we’re doing this

In my opinion the reason that we need to comply with data privacy legislation has nothing to do with the law and everything to do with the fundamental principles of good marketing communication.  We should only be sending things to people who genuinely find it of interest and want to hear from us.

Rule 10 – Use the legislation to promote your CRM agenda

As CRM professionals we now have a real warrior in our corner.   The data privacy legislation provides us with a strong argument against those in our firms who want us to add contacts to a mailing list without them having expressed a preference to receive that particular communication.    So we can use the legislation as a means to promoting our wider CRM strategy.

Watch out for our Directors’ Briefing Room update on Data Privacy giving you the abridged arguments so that you can explain it quickly and easily internally.