GDPR: the complications of consent

With the launch date for the GDPR looming ever closer (25 May), many publishers will no doubt be busy checking they have appropriate marketing consent from their customers and other contacts. That might also involve going back to contacts to refresh existing consents if those don’t meet the GDPR standard.

But for many publishers, even that might not be sufficient. Publishers typically hold different forms of contact data in many different places: author submission systems, subscriptions databases, hosting platforms, and so on. That poses some major challenges relating to customer consent:

1. The same individual will often exist in more than one system. They might be an author, a subscriber, and an e-alerts recipient, for example. What if they’ve said it’s OK to contact them in one place, but opted out of all communications in another? Will their global opt-out be respected across the board?

2. If a contact wishes to withdraw all marketing consent, is there a process in place to ensure that’s honoured across all systems, in all marketing contexts? Or is there a risk they’ll be opted out in one database, while still receiving marketing emails from a different system?

3. Or what if a customer does wish to be contacted in one context (e.g. author notices), but not in another (e.g. sales promotions)? Do existing consents capture that level of granularity, and do they make those options clear to the customer, including their right to change or withdraw consent at any time?

Effectively this “lots of systems” scenario – typical for most scholarly publishers – poses a huge headache for managing consent and compliance. The scope of GDPR is “natural persons”, which implies it’s not sufficient to consider consent on a per-system basis – it’s also important to establish a coherent view of each unique individual across all relevant systems.

That’s not a trivial challenge, but it’s one we’re actively helping many of our clients to solve right now. MasterVision makes it easy to build a complete picture of each contact across multiple data sources, and then apply business rules to compare and combine their various consents (and the dates they were given) into an accurate composite picture of their current opt-in and opt-out preferences. If you feel you may need help in that area, please contact us ASAP since the GDPR launch date is 25 May 2018.