Big Data

Cleaning customer data in time for GDPR compliance

By Jim Conning, Managing Director, Royal Mail Data Services
Big Data
Published: 20 June 2017

Despite a proliferation of data cleansing and management solutions available to CIOs today, over 9 in 10 (91.4 per cent) of UK marketers report their organisations are plagued with data quality issues.[1] As businesses prepare for the enforcement of the EU General Data Protection Regulation (GDPR) in May 2018, these data issues are likely to become a lot costlier. Designed to harmonise and strengthen data protection laws across the continent, UK and multinational businesses now have less than 12 months to prepare their data for the tough new GDPR standards.

As we approach the enforcement deadline, Royal Mail Data Services’ annual survey of UK marketing, data and analytics professionals reveals that 58 per cent of organisations are concerned that their customer data may not comply with the new regulation, and 43 per cent expressed concerns about data sourced from third-party data providers. The cost to organisations unprepared to comply is real. Along with potential reputational damage and loss of customer confidence, GDPR non-compliance carries hefty fines.

Mismanaged customer data has liabilities far beyond compliance with data protection regulations. UK businesses recently told Royal Mail that poor-quality customer data costs their organisations, on average, up to 6 per cent of annual revenue. This means too many businesses are missing out on the benefits compliant and permissioned third-party data can offer their marketing efforts. Such resources help to improve customer contact data quality and allow organisations to implement effective permissioning campaigns.

So, what can CIOs do to ensure their customer data is accurate, compliant, and properly permissioned ahead of this looming deadline?

Mapping data flows
Preparing for the GDPR means better orchestrating the abundance of channels that capture customer data today. Digital marketing (websites and mobile web), sales (retail and e-commerce) and direct customer contact (face-to-face or contact centres) provide organisations with new customer information daily. The responsibility for managing all this incoming data is often shared across multiple functions without consistent processes for data collection, validation and cleansing. While Royal Mail’s research found marketing leads data strategy and collection in most organisations, CRM functions, customer service, sales and e-commerce also play parts in managing incoming customer data. For some organisations, centralised data management operations or IT take on this role.

Mapping incoming data flows will allow CIOs to see how their data is managed and cleansed at all touchpoints across the business. Only then will compliance experts have the insight they need to break down siloed working and ensure all customer information is treated with the same scrutiny when it comes to accuracy and permissioning.

Customer consent under GDPR
Given the focus on GDPR compliance, it is also somewhat surprising to find that little more than half of all marketers (52 per cent) have plans in place to seek fresh permission from their customers. While CIOs should have confidence that they will be able to gain the consent necessary to continue effective customer communication, this is a process that must start sooner rather than later.

There is no doubt the GDPR is changing the rules around consent, but with the proper permissioning strategies and data management practices in place, business and marketing operations shouldn’t be too badly affected. First, it’s important to make the distinction between first-party marketing (to existing customers) and third-party marketing (to new prospects).

Any communications targeting existing, correctly permissioned customers under the GDPR is defined as being in the “legitimate interest” of the company and its customers. This means that in most cases and for most channels, businesses just need to provide current customers with a clear opportunity to object when their data is used or collected. A simple and well-worded “opt-out” message across all communications should suffice.

When it comes to using third-party data for customer acquisition campaigns, clear, affirmative consent must be gained before the company can engage in new communication to prospects. This can be difficult and ambiguous when dealing with bought-in name and address data. Working with a trusted third-party data partner can provide companies looking to find new customers with GDPR-compliant contact data to use to target new prospects.

However, customer data that was not captured with a process or privacy statement that complies with the GDPR doesn’t necessarily have to be discarded. CIOs with any doubt about their compliance can set up systems to automatically contact those individuals again to request appropriate consent, thereby repermissioning customer data for marketing purposes.

Finding vulnerabilities
Once existing customer contacts are permissioned, and the business has established a formal system for cleansing and permissioning all incoming customers, the next step is to establish formal, continuous data-cleansing and enhancement processes to keep customer information accurate, permissioned and compliant over the long term. A third-party analysis can help companies identify any compliance concerns in their new practices, and establish the ongoing processes that will ensure compliant and permissioned customer contact data moving forward.

Achieving more effective customer engagement
GDPR-compliant data is necessary to meet new regulations, but with data cleansed and permissioned, businesses can leverage new data-processing protocols to improve customer data management as well as overall marketing effectiveness. Enhancing internally collected customer data with third-party data sources allows sales and marketing teams to reach new customers while ensuring their internal contact data is up-to-date as customer information changes. Marketing mail, such as direct mail and door drops, is actually made easier under the GDPR, as door drops and unaddressed direct mail target postcodes rather than individuals. A simple way to directly reach a large audience of prospective customers, traditional direct marketing channels are proven to drive online interaction. In fact, as a result of receiving direct mail, 92 per cent of people were driven to online activity, 87 per cent were influenced to make online purchases and 54 per cent engaged on social media.

Cleaning up data processes for the long term
Improving the quality and compliance of customer contact data takes an organisation-wide approach that starts with the CIO. Rapidly-approaching GDPR deadlines give marketers a mandate to educate the entire organization about any existing data challenges and make the cultural and technology changes necessary to overcome persistent customer data management challenges.

For more information please visit

[1] New Customer Data Research Report 2017, Royal Mail Data Services,