THE IMPACT OF GDPR ON THE MARKETING PRACTICES OF SMALL BUSINESSES
Technological developments and the advent of the internet have undisputedly provided myriad marketing opportunities for businesses of all shapes and sizes (Armstrong et al., 2015). For smaller businesses in particular, the ability to use the internet as a means to market directly to a much wider potential pool of customers, or conversely, segment and target with greater precision, has in many instances allowed such businesses to flourish were otherwise it may have been impossible (Mazzarol, 2015). Certainly, many contemporary texts are of the opinion that online and/or social marketing is absolutely fundamental as part of a wider marketing strategy. However, as with all such good things, invariably it is taken too far by handful of firms or individuals in pursuit of a ‘quick buck’ (Massiera et al., 2017). This has led to a proliferation of so-called ‘spam’ or unwanted marketing using online medium, and the suggestions of some scholars that the internet has turned into something of a ‘Wild West’ (Chaudhry, 2017, p.78).
Following extensive research commissioned by the European Union (EU), the conclusion was reached that there was a need for much tighter regulations over the use of customer data harvested from such online channels in order to prevent the nefarious use of such customer data, and as of 25 May 2018, the UK and all other EU member states have been subject to the General Data Protection Regulations (GDPR). These Regulations set out quite onerous conditions for any organisation seeking to use customer data and particularly so if these organisations wish to use this data for marketing purposes (Goddard, 2017). One of the most notable provisions of GDPR is that organisations must seek explicit consent from customers to ‘opt in’ to marketing communications in any form - tacit assumption on the basis of previous communication will no longer suffice (Nicolaidou and Georgiades, 2017). Furthermore, any organisation must demonstrate that it can comply with the protection of customer data or face punitive and potentially crippling fines. The challenge this presents for small businesses in particular is that the burden of GDPR compliance is very high and, has arguably the potential to entirely disrupt the business models of some small firms (McAllister, 2017).
This discussion gives consideration to the application of GDPR to such businesses, the tension between ‘good practice’ online marketing principles and GDPR, and an assessment of how small businesses might be able to react in order to maintain marketing contact with their customers.
If you need assistance with writing your essay, our professional Essay Writing Service is here to help!Find out more
General Data Protection Regulations (GDPR)
In order to fully appreciate the potential impact of GDPR it is necessary to provide some explanation of its functionality. Within the UK, GDPR is regulated by the Information Commissioner’s Office (ICO), a body that has long predated GDPR, and which describes itself as “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals” (ICO, 2018a, p.1). The remit of the ICO is to monitor the handling of data by public and private bodies, with particular emphasis on maintaining the right to privacy of individual citizens. It is therefore responsible as a body for ensuring that organisations operating within the UK comply with the provisions of GDPR. The ICO is also responsible for promoting and maintaining compliance with and regulation of specific UK legislation relating to data management protection, the most recent of which being the Data Protection Act 2018, which is a quieter cousin of GDPR and aims to “fill the gaps” between GDPR as a regulation, and UK legislation (ICO, 2018a, p.1). In practice, however, the two sets of regulation and legislation are relatively similar with the same aim of protecting the private data of citizens.
Focusing on GDPR specifically, the overarching premise is that any organisation which holds any form of data regarding individual citizens must do so in a safe and secure manner and must also ensure that it has the consent of the individual in question to hold such data (ICO, 2018b). Whilst face value this sound relatively straightforward, research by Vanberg and Ünver (2017) suggests that on average each person in the UK has in excess of 120 ‘data relationships’ with various organisations ranging from the obvious of the government such as national insurance numbers, and driving licences, through to much more tenuous relationships, for example something bought online several years ago whereby a customer unintentionally signed up to a marketing database. It is this latter element which has caused a flurry of consternation amongst organisations, as they have now been forced to actively seek consent from consumers who may well have signed up many years ago and never had contact with the organisation since (McAllister, 2017). The fines for failing to demonstrate proactive agreement on the part of the customer to hold data are punitive (ICO, 2018b), posing a very real threat to organisations which fail to demonstrate compliance. Whilst some organisations are nominally ‘exempt’ under the guise of having a ‘legitimate right to data’ for example the NHS, De Hert et al., (2017) observe that there is a concerning lack of clarity about the actuality of GDPR in practice, and it is this which has the capacity to disrupt many established small business marketing models.
The Rise and Fall of Social Media Marketing
The concern on the part of small businesses is equally legitimate, as the rapid growth of the internet has created many opportunities for organisations to offer a wide range of products and services to potentially a global marketplace. Indeed, a significant number of businesses operate entirely online, and have been able to grow rapidly through using a number of emergent online marketing practices encouraged through data harvesting and social media sites (Tuten and Solomon, 2017). For example, the use of ‘cookies’ on websites to capture specific data regarding items viewed or browsed on a website, and also the internet trail of customers searching for items on the web. Technologically astute organisations recognise that tracking consumer behaviour on the internet is an ideal way of personalising marketing experience (Olsen and Levy, 2018) and indeed in a number of practitioner papers this personalisation was presented as such, highlighting the significant increase in sales conversion by targeting customers in this manner.
Academic research has confirmed the effectiveness of this particular approach to marketing and it has rapidly become common folklore amongst business advisers that an online marketing strategy is essential for business growth (Harrigan et al., 2015). In turn this led to the emergence of some marketing and also advertising firms actively using tracking to promote goods and services - despite the equally rapid proliferation of advert blocking software (Lamberton and Stephen, 2016). The problem is that this relatively aggressive online marketing and/or advertising approach has now been stymied by GDPR. Whilst it is certainly entirely legal to market or advertise on the internet, it is no longer permissible to directly target individuals with such communications unless they have explicitly consented to receive them. In short, this has the practical effect that a number of widely accepted marketing and business practices have been entirely undermined (Allen et al., 2018).
If you need assistance with writing your essay, our professional Essay Writing Service is here to help!Find out more
Closing Thoughts - Where Now for Small Businesses?
The challenge at the time of writing is the uncertainty surrounding the actuality of GDPR in practice for small businesses. Anecdotally there is a reasonable expectation that the underlying purpose of GDPR was to prevent very large or unscrupulous businesses harvesting and selling personal data as a shorthand marketing technique or profit generation approach (Yeh, 2017). Unfortunately, however, whilst this may have been a noble aim particularly in the context of a number of recent data scandals, the burden of compliance with regulation and legislation has fallen disproportionately on entirely legitimate small businesses (McAllister, 2017). Some small firms that have spent years carefully building up a database of loyal customers have found themselves with their marketing lists slashed (Smith, 2018), potentially setting the business back years in terms of re-encouraging customer commitment and loyalty. To have lost their marketing databases in such a manner seems ill-conceived, but could be interpreted as a literal reading of GDPR.
Some other small businesses have taken a more flexible but potentially higher risk approach, concluding that providing they can demonstrate that they handle customer data safely and in compliance with data protection, then they are operating within the spirit of GDPR (Schomer, 2018). As such, this tranche of businesses has actively chosen not to explicitly seek compliance but instead promote their new or updated ‘privacy policies’. This has enabled these small businesses to carry on largely marketing as they have before to a dedicated marketing list but making it clear that customers can opt out at any time.
It remains to be seen how the cards will fall with respect to GDPR in practice. For many consumers, it is undoubtedly a relief to no longer be bombarded by marketing emails on a daily basis. For many small businesses however, reputable discussion sites suggest that they believe this has already caused a hit on their bottom line (Schomer, 2018; Smith, 2018). The concept of no longer being able to easily target specific consumer segments will arguably call for a rethink of marketing strategy, and potentially return to the ‘old-fashioned’ traditional modes of print and postal marketing until there is greater clarity surrounding the functionality of GDPR in practice. Whilst it is sensible to assume that the spirit of GDPR was well-intentioned, the potential increased cost of marketing to small businesses is likely to be disproportionately high, and as McAllister (2017) suggests, GDPR very might well turn out to have unintended consequences for economic and business growth.
Allen, D., Berg, A., Berg, C. and Potts, J., 2018. Some Economic Consequences of the GDPR. [online] available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3160404 accessed 06/06/2018.
Armstrong, G., Kotler, P., Harker, M. and Brennan, R., 2015. Marketing: an introduction. Pearson Education.
Chaudhry, P.E., 2017. The looming shadow of illicit trade on the internet. Business Horizons, 60(1), pp.77-89.
De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L. and Sanchez, I., 2017. The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review. DOI: https://www.sciencedirect.com/science/article/pii/S0267364917303333
Goddard, M., 2017. The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), pp.703-705.
Harrigan, P., Soutar, G., Choudhury, M.M. and Lowe, M., 2015. Modelling CRM in a social media age. Australasian Marketing Journal (AMJ), 23(1), pp.27-37.
ICO. 2018a. Home. [online] available at https://ico.org.uk/ accessed 06/06/2018.
ICO. 2018b. Direct Marketing Guidance [online] available at https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf accessed 06/06/2018.
Lamberton, C. and Stephen, A.T., 2016. A thematic exploration of digital, social media, and mobile marketing: Research evolution from 2000 to 2015 and an agenda for future inquiry. Journal of Marketing, 80(6), pp.146-172.
Massiera, P., Gilmore, A. and Sellami, M., 2017. Marketing illegitimacy within SMEs: learning triggers and influence on marketing communications. Journal of Strategic Marketing, pp.1-14.
Mazzarol, T., 2015. SMEs engagement with e-commerce, e-business and e-marketing. Small enterprise research, 22(1), pp.79-90.
McAllister, C., 2017. What about Small Businesses: The GDPR and Its Consequences for Small, US-Based Companies. Brook. J. Corp. Fin. & Com. L., 12, p.187.
Nicolaidou, I.L. and Georgiades, C., 2017. The GDPR: New Horizons. In EU Internet Law (pp. 3-18). Springer, Cham.
Olson, C. and Levy, J., 2018. Transforming marketing with artificial intelligence. Applied Marketing Analytics, 3(4), pp.291-297.
Schomer, A., 29th May 2018. GDPR – Immediate impact on Publishers and Tech [online] available at http://www.businessinsider.com/gdpr-immediate-impact-on-publishers-tech-2018-5?IR=T accessed 06/06/2018.
Smith, M. 1st June 2018. The Immediate Impact of GDPR [online] available at https://www.pepperjam.com/blog/the-immediate-impact-of-gdpr accessed 06/06/2018.
Tuten, T.L. and Solomon, M.R., 2017. Social media marketing. Sage.
Vanberg, A.D. and Ünver, M.B., 2017. The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo?. European Journal of Law and Technology, 8(1), pp. 1-7.
Yeh, C.L., 2017. Pursuing consumer empowerment in the age of big data: A comprehensive regulatory framework for data brokers. Telecommunications Policy. 42(4), p..282-292.
Cite This Work
To export a reference to this article please select a referencing style below: