X Close

Resource Center

Life Under GDPR: How to Maintain Consent

Type: Blog

Life Under GDPR: How to Maintain ConsentIf you’ve made it through our other recent blogs, “When and Where to Collect Consent” and “How to Collect Consent”, congratulations! But once you have consent to communicate with your customers, how do you keep it? Here we discuss 3 primary ways to help you maintain customer consent once you’ve managed to get it.

1. Maintain data in a central repository

One of the primary challenges to maintaining GDPR-compliant consent is the ability to locate it and verify it. Companies always have a larger technology stack than they realize. When we go to do an engagement with a new customer, they tell us “we’ve got 4 or 5 systems.” Inevitably, we find at least 10-12. With the introduction of each new technology comes a separate ability to capture and store customer data. Disparate data in siloed systems is one of the greatest risks to compliance. Marketers always want to run an effective and compliant marketing infrastructure. The correct approach is one that stores and maintains data in a centralized manner.

And speaking of compliance – now that GDPR is here, there are more regulations coming. There’s only one way to ensure compliance to GDPR and other future changes and legislation. Only through a system that is:

  • neutral
  • centralized
  • fully auditable system

can an organization truly ensure regulatory compliance. Companies can only feel secure with a system in place built with privacy by design, not with privacy as a bolted-on afterthought.

And what about any violation inquiries from customers about their data? GDPR and ePrivacy firmly place the responsibility on the company. Whoever is collecting the customer data is responsible:

  • for understanding and disclosing how data will be used
  • and providing an easy way to respond to customer inquiries. Not only that, the regulation requires alleged violators to deliver proof of consent within 30 days of the inquiry. That could be a significant challenge for companies without a system of record. And if that system doesn’t maintain records of enterprise-wide consent, that company could have trouble.

2. Provide easy access for the consumer

In addition to centralization, modification of consent must be possible. That means easy access for consumers to change prior consent and preferences. This is a valuable service that aids customer experience. It also ensures continuity of consent. When customers feel as though they can change their mind at any time, they know you intend to earn their consent. This makes them more likely to change their preferences, instead of opt-out altogether.

3. Anticipate customer needs

The proactive management of customer data is key to adhering to GDPR/ePrivacy requirements. This ensures that customers feel they are receiving an ideal experience. Anticipate that a customer may unsubscribe by paying attention to how often they open your emails. Even more important, pay attention to how often they don’t open them. Be proactive, and offer a digest or decrease in frequency. This is often an effective approach. Also consider pausing all customer communications based on an event. This could be their visit to an unsubscribe page or completion of a purchase. This can also be an effective way to preserve the customer relationship and stem customer complaints. Sometimes customers just need a break!

In summary, consider things from your customer’s perspective.

Consumers view companies as a single entity. If I buy a new car, I view the sales department and the service center as the same company (which they are!). I expect them to know when the other department emails or calls me. I expect them to have basic communication with each other.

To support customers’ expectations, consent collection must take place across the all interactions. It’s essential to collect and react to information from all touchpoints. That includes call centers, social media, and mobile devices. Companies can’t just rely on the easy or inexpensive ones (e.g. email or websites.)

Once consent is collected or updated, it has to be shared across the organization. The customer must have easy access to their data if they want it. That data needs to be centralized in order for that departmental sharing to occur. Enterprises should take advantage of every customer interaction. Learn more about the customer and establish a deeper relationship and understanding. That will allow companies to ultimately better service their customers’ needs and even proactively anticipate them.

What’s necessary to cultivate is a culture of thoughtful, progressive relationship-building. Only embracing that will enterprises be able to engage in meaningful dialogue that is in alignment with GDPR and ePrivacy.

Eric Tejeda

Eric Tejeda is the Director of Product Marketing for PossibleNOW and CompliancePoint. Eric supports the organization’s growth objectives by productizing and launching innovative new products and services that fill critical needs in the marketplace.  

With 25 years of experience, Eric firmly believes that permission-based marketing and preference management is a mega trend and the path to success for marketers today. 
Follow me on Twitter: @EricTejeda | Connect on LinkedIn: Eric Tejeda


  • Twitter
  • RSS
  • YouTube
  • LinkedIn