Personalisation and data gathering

For the final part in our series on personalisation, it’s time (*deep breath*) to talk about data gathering.

To recap, in our first blog we spoke about what personalisation was and why it’s needed. In our second blog, we looked at how personalisation works. Now it’s time to get down to the driving force behind personalisation: data.

Buckle up, there’s a lot to take in here. We’re going to dive into the can of worms that is data ethics, scare you all with data regulations, and then (after a quick palate-cleanser – you’ll need it after all that heavy stuff!) we’re going to tell you how to gather data in ways that won’t compromise either your ethics or your customers’ privacy.

Ready? Let’s go:

Putting personalisation data in perspective

In order to personalise in ways that are valuable for your audience, you need to know your audience. That means gathering data on them. And data gathering can feel kind of icky – a bit like snooping. 

If you’re dubious about collecting customer data, we don’t blame you. It IS a bit gross to peer into the private lives of your customers. 

If it helps, think of it in terms of how you interact with bricks’n’mortar businesses. If you go into your local pub, it’s nice if the barperson greets you by name and knows your usual, right? Well, the barperson is using data you’ve previously given them to do that. 

When you get right down to it, ‘data’ is just a fancy word for ‘information’. As you build up a relationship with the barperson in your local you’re exchanging all kinds of data, from your name to your demographic details, your job, your likes, your dislikes, your opinions, and (of course) your drinking habits. 

Ever wondered why barpeople are so friendly? It’s because they know everybody’s secrets and THEY WANT YOURS TOO

This is where a ‘normal’ agency would try to assure you that gathering customer data for web personalisation is no different to getting to know the barperson at your local. But we’re a no bullshit agency. We’re not going to do that.

Because, let’s be real, it IS different. You can interact with the barperson on a human level that can’t be replicated by a brand, no matter how hard they work on their brand persona. So let’s not pretend that the two are the same.

We’re not going to tell anyone that giving their data to a brand is the same as chatting to a barperson. But we do find it helpful to flip it, and look at how the analogy can teach brands to personalise properly, with ethically-gathered data.

Look at it this way: when someone chats to a barperson, they’re entering into a reciprocal exchange. They tell the barperson about themselves, and in return they get things like:

  • A convivial experience
  • A new friendship
  • A deeper relationship

They also feel welcomed and over time, as the barperson gets to know them, they’ll get things like easy recognition, a personal greeting when they walk in the door, their usual order poured before they even have to ask – that kind of thing.

So, it’s worth your while to chat to the barperson.

In order to personalise your website and marketing properly, you need to be like that barperson. You need to be using what the customer ‘tells’ you to give them something of equal value in return. You need to do the equivalent of supplying that warm greeting and regular order.

This, essentially, is what personalisation is supposed to provide. And that’s how you should be thinking of customer data: as something the customer gives you in exchange for a good experience – not as a resource that you can exploit.

But how do you get customers to start ‘chatting’ with you in the first place? How do you get that data when you don’t have the advantages of a human barperson (you’re not right in front of them with a big, friendly human smile, and you can’t exactly ply them with alcohol. Well….not usually. If you can ply them with alcohol then just do that. Log out now and grab some pint glasses, we have nothing further to teach you).

Data ethics

Data gathering is not simply a case of attaching tracking pixels to everything and waiting for the numbers to stream in. Over the past decade, a series of data privacy scandals has seen the introduction of stringent data regulations. And for very good reason.

People don’t like their personal information being taken without their knowledge. And they especially don’t like that data being sold on to anyone with the right money. But, because data is worth a lot of money, corruption around the gathering and sale of data is rife. Remember the Cambridge Analytica scandal? Even companies as (supposedly ????)  kosher as Facebook aren’t immune to harvesting and selling data.

As a result, public trust around data is at an all time low. And their concerns are backed up by legislation with teeth.

All over the world there are strict laws in place to protect privacy and prohibit the unauthorised gathering and sale of data. And by ‘unauthorised’ we mean ‘unauthorised by the individual’. 

The legislation that concerns us in the UK is the GDPR, but if you have an international audience it’s a good idea to get familiar with the others:

Image source:

The GDPR in a nutshell

The General Data Protection Regulation (GDPR) protects consumer data in Europe and the UK from theft, loss, and unauthorised use. It’s not to be trifled with. If you’re found to be in violation of the GDPR, you can be fined up to 10 million Euros (well over £8m) or 2% of your total global turnover the preceding fiscal year – whichever is higher. In January 2023, Meta had to cough up 1.2 BILLION Euros for GDPR violations. 

So, don’t mess with it.

The basic requirements of the GDPR are:

  1. Lawful processing. This means that companies must have a legitimate and non-harmful reason for collecting data.
  2. Transparency and individual rights. This means that companies must be completely transparent (and honest!) about why they are collecting data and what that data will be used for. They must also give customers the option to opt-out of data collection, and be able to erase any customer’s data upon request.
  3. Data security. Organisations are totally responsible for any data they collect. If data is stolen or leaked, the organisation is at fault and must pay the price.
  4. DPIA. Companies should conduct Data Protection Impact Assessments when carrying out high-risk data activities. 
  5. Cross-border data transfers. The GDPR is a cross-border legislation, meaning that data being transferred in and out of the EU is still subject to GDPR stipulations. This is the one that stung Meta for that 1.2bil.
  6. Record-keeping. Organisations must record all their data-related activities, and have records ready to present for audit.
  7. DPO. Some organisations are required to have a Data Protection Officer, and provide the contact details of that DPO to anyone on request.
  8. Accountability and enforcement. Organisations must be fully accountable for all data-related activities, and will be punished heavily for transgression.

What does this mean in practical terms, for you? It means BEHAVE, buster, or the GDPR will literally ruin you.

Luckily, following the GDPR is actually pretty easy. Even better, following the GDPR will help you build that perfect barperson/boozer relationship with your customers.

In a moment, we’ll tell you how. But first, a puppy palate-cleanser:

Wasn’t that adorable? Did you see his fluffy lil’ ears flapping? Wasn’t it just the cutest? Do you feel better now after all that intense data protection stuff? 

Great. Now let’s look at how data gathering can be done ethically.

How to gather personalisation data ethically

There are lots of ways to gather the data you need for personalisation. Here are just a few:

  • Surveys
  • Signup forms (for example, when people sign up for your service or newsletter)
  • Checkout forms
  • Focus groups
  • Feedback
  • Social listening (i.e. paying close attention to your social media audience)
  • Analytics (i.e. data gathered from social media and other digital platforms)

Getting the data is easy. Getting it ETHICALLY and in ways that COMPLY with the GDPR is what’s trickier.

Luckily for you, we have three simple rules that will get that data pouring in AND build trust with your customers:

  1. Be no bullshit. Be like us. Don’t bullshit your customers. If you need more of their data, tell them. And tell them in a no-bullshit, totally-transparent way. You don’t have to be as blunt as us, of course. Be polite, if you must! But don’t conceal any details or try and pretty it up in flowery language.
    You basically want to say “Hey customers! In order to give you the kind of personalised experience you deserve, we need more of your data. Here’s a form, fill it out if you want to. Or don’t! It’s your data, do what you like with it. But if you DO choose to hand it over, here’s how you’ll benefit” And then list the benefits. Oh, and make sure that they know you’ll be keeping their data safe while you’re at it. Speaking of which…
  2. Be safer than you need. It’s better to be over-cautious than under-cautious when it comes to data protection. Put in rigorous data protection protocols and stick to them. And, as we said above, tell your customers what you’re doing to protect their data. Transparency is very important for trust.
  3. Give the customer control. If the customer wants to opt out, or alter the amount of data that you use, or change what you’re using it for, let them. In fact, help them to do it. Build in customer-control tools and show your customers exactly where they are.

Control, transparency, and a total lack of bullshit about data will reassure your customers that you’re legit. It will also show them that you’re using their data for their benefit. 

Now all you have to do is make that personalisation do what it’s supposed to, and give your customers a great, personalised experience.

For more on that…well, start this blog series all over again!

To build a website that works for you AND your customers, give us a shout today. Our consultations and advice are ALWAYS free!