Has GDPR reduced the amount of consumer data?

Having now been back in the world of sampling data for a couple of years, following a 15-year gap, it seems appropriate to consider what have been the main changes that occurred in my absence; in particular, what has been the result of GDPR on the UK data industry?

Firstly, let’s set the scene by looking at the world of 2004. Sample Answers was then in the enviable position of managing lifestyle data in house for 6 European countries, all of which with deep profiling, allowing us to target respondents for telephone research on many variables with a high degree of accuracy.  At that time positive ‘opt-in’ was not mandatory; it was sufficient for data subjects to have not ticked the ‘opt-out’ box. But for that, much of current GDPR was in place at that time under the European Data Protection Directive of 1999.

Besides opt-in the other really significant changes have been, firstly, that the liability for any breach of GDPR is now the responsibility of each of the parties involved in the breach: it is no longer satisfactory to say – “it was my supplier who was at fault”. Secondly, the maximum penalties for any breach have now been very substantially increased such that they now provide a major deterrent.

Today, there is still a large and competitive industry for consumer data, with numerous suppliers. Moreover, we are able to sample 17 million of the UK’s 24 million households; a huge number that seemed impossible 15 years ago. And this in spite of GDPR. That said, there is less data about people and households – the profiling has become shallower, and we have fewer selection criteria from which to select. In some cases, this would appear reasonable: previously we were able to profile: members of the armed forces, people by their religion and voters of various political parties. But in other cases, the suppliers and collectors of consumer data have chosen not to collect the information in the first place.

Some of the familiar names in the industry previously do still use data and indeed collect it, but do not release records for commercial use. Experian are of course still in the data business, but supply mainly services; analytics, profiling and modelling. Likewise in Europe where we see the likes of Schober or Consodata retreat almost entirely from the responsibility of holding personal identifiable information (PII). So, whilst one can’t approach them to obtain a targeted list by holiday destinations or car owned, they will happily look at other data services and offer a 360 degree solution for campaigns. This could be data-enrichment, data-mining and also a focus on b2b marketing (which has fewer restrictions due to publicly available data points). Similarly, they will be able to offer solutions for mobile marketing and geo-location campaigns. Essentially anything but control and release PII.

The same can be seen with US suppliers who previously held European PII. A preferred supplier of ours simply does not sell EU-based lifestyle data any longer. With the threat of fines and the likelihood of spending more on legal counsel this is all quite understandable. And I also take the view that this retreat from PII may not be regrettable or unwanted. If suppliers are wary enough to no longer pursue a hitherto profitable business model, then perhaps GDPR has done its job and discouraged actors uncertain of their data’s provenance or legitimacy, to take a step back.

This isn’t to say that changes were not already afoot within the industry. For example, the changing way in which households buy/pay for cars had already led to a reduction in the quantity of this type of information and that it is collected and used in a different way – principally online and digitally. So, what remains in the industry in terms of consumer / lifestyle data? Notably there are the large players as noted, but in a fractured marketplace, there are more numerous niche suppliers. We can for example select households based on perhaps a magazine subscription, which will indicate the type of respondent a market researcher wishes to interview and to a high degree of accuracy. But the flipside of the coin is not knowing other key demographics such as age or address.

So in conclusion, GDPR has indeed led to a reduction in a lot of aggregated/pooled data and a reduction in the larger agencies prepared to deal with large volumes of PII. We ourselves have fewer data-points relative to 15 years ago but have increased the number of households that we can sample. A wide variety of consumer data is still available – legitimately and GDPR compliant – and in a thriving marketplace. Albeit in a fractured sort of state where you might have to contact multiple suppliers or make a compromise as to which data-point is the most important: the attitudinal / behavioural or the demographic.

If you would like to learn more, please contact us by clicking here.