GDPR may be one of the hottest topics in the business world today, causing many organizations to rethink and revise how they approach many of their everyday practices.
The General Data Protection Regulation, or GDPR for short, aims to increase the protection and privacy of personal data, also known as Personally Identifiable Information (PII), for all EU residents.
In the age of the GDPR, consent and managing individual’s rights are crucial. Because of this, Voice of the Customer (VoC) research may become an even more important source of data and insights to marketers wanting to understand better and improve the Customer Experience (CX).
In this post, we look at why.
Online visitors are more cautious about what they share and with whom
Overall, the GDPR aims to ensure that:
- Organizations are more upfront, clear and transparent to their online visitors in the EU about the data they collect about them (and why).
- EU residents have more rights and control over their personal information.
Online visitors are becoming increasingly knowledgeable and careful when it comes to the data they share online and how it will be used. A May 2017 survey by Statista revealed that cybercrime, such as having your personal information stolen online, as well as companies collecting and sharing personal data online with other organizations, are among their most concerning issues about online usage.
What is “personal data”?
The GDPR defines personal data as any information that can allow organizations to:
- Directly or indirectly identify individuals (e.g., name, email addresses, IP addresses, location data, online identifiers)
- Allows them to associate individuals with sensitive data relating to their physical, physiological, genetic, mental, economic, cultural or social identity.
One of the major requirements in the GDPR is the existence of a lawful ground to process data. One of these lawful grounds is the express consent of EU residents to allow organizations to collect potentially personal data on them.
However, with online privacy and data security becoming a growing concern, this could impact many visitors’ willingness to consent to their information being automatically collected. That is, visitors may be more hesitant to allow organizations to collect information about them using items such as cookies, as opposed to having the ability to provide organizations with only the information they choose.
As a result, this may open the door to more permission-based, manual methods of data collection where visitors have more control over what is shared about their experiences.
Voice of the Customer is founded on a permission-based methodology
VoC research is fundamentally rooted in visitors volunteering to share their experiences using their own words, sharing only the type of information they feel comfortable providing.
How does it ensure this? Providing customer feedback is a two-step process, both requiring the consent of the online visitor before any data is collected:
1. The visitor must accept the invitation to participate
A visitor must first be invited to share their feedback, during which time the purpose of the research can also be presented. In the case of surveys, clear options to accept or decline the invitation will be provided.
As for comment cards, the visitor can choose either to click the feedback button to participate, or to simply ignore it and carry on with their session if they don’t wish to share their feedback:
Example of a comment card button that indicates the purpose upon hovering over it
2. The visitor must manually enter and submit feedback
If the visitor accepts the survey invitation or clicks on the comment card button, then they will be able to provide their feedback. Alternatively, they can choose to move on without submitting their feedback if they have changed their mind.
During this stage, the visitor can choose to share how much or how little feedback and insights into their experience as they wish, which makes this stage inherently permission-based.
VoC research is founded on obtaining explicit consent from the visitor at each stage of the respondent experience. Also, as opposed to collecting feedback from every visitor, VoC only obtains feedback from a smaller but representative sample of visitors, allowing marketers to get a better understanding of how their entire audience feels about their experience.
By requiring consent at every step, VoC research will prove even more valuable as a source of insights into your Customer Experience.
How iperceptions meets GDPR compliance
iperceptions has always taken the security and privacy of our clients' and survey respondents' data very seriously.
As we are a Voice of the Customer research company, brands leverage our solutions to collect feedback on their behalf from their customers and visitors all over the world, including the EU.
Our VoC experts are well-versed in the requirements of the GDPR, and while we can help our clients to decide what to ask in their surveys, our clients ultimately have the final say in their VoC research. As such, in the context of the GDPR, iperceptions is considered a Data Processor, whereas our clients are considered Data Controllers.
The relationship between Data Controllers and Data Processors
Determines the purposes (why) and means (how) of the processing of personal data
Processes personal data on behalf of the controller under its direction
To learn more about how iperceptions is approaching the requirements of the GDPR as a Data Processor, please feel free to refer to the GDPR page on the iperceptions website.
VoC presents an opportunity for CX-driven marketers
The digital world has changed drastically over the years, and the GDPR aims to provide online visitors more of a say over organizations’ access and use of their personal data.
For marketers who are always striving to optimize their online visitors’ experiences, VoC provides them with a way to leverage a research method that:
- Collects feedback directly from their visitors, allowing them to better understand their visitors’ experiences, in their own words
- Is based on being permission-based and consent-driven
Banner image source: Unsplash