Customer Relationship Management (CRM) is now being allocated significant budgets by companies which understand the importance of retaining customers to improve their bottom line. Poor customer service leads to lost customers, opportunities missed through poor targeting and higher acquisition costs, but companies are still failing to make proper use of customer data and are flouting regulations at the same time.
According to new research carried out on behalf of Mondex International by CRM expert Professor Merlin Stone of Bristol Business School, European companies will spend £1.8bn on CRM technology this year. But the report shows that most companies, including some of the UK's best known law firms, are failing to comply with the Data Protection Act introduced a year ago and are, in fact, creating customer information chaos.
The act requires that data must be adequate, relevant and not excessive – ideally information should be kept only for specific purposes and not held indefinitely. It should be accurate and up-to-date and processed in accordance with customers' rights. And data should be secure – appropriate measures should be taken to ensure that information cannot be unlawfully accessed.
There are two key areas of non-compliance. The first concerns customer data being gained from multiple sources. There is no secure process for keeping that data to an appropriate quality, or for letting customers have access to it. The second is an absence of any secure processes for reviewing what data is held in order to maintain legal compliance.
Throughout Europe, many large companies are not complying with data protection laws because they have no process to do so, such as holding an initial data protection audit and then repeating that audit at regular intervals.
When companies conduct audits they usually find they are holding far more, and generally lower quality, data than they initially thought. Even if companies do achieve compliance, keeping it remains a challenge as businesses develop and new information is added. Then there is the issue of mergers and acquisitions. Companies coming together often share customers, and information is being kept on different databases and covers slightly different data. The terms under which the information was collected is often not clear and this can cause particular problems with data protection legislation.
Companies often fail to record the declarations they make to customers when they capture information. The usual rule applies – if in doubt, the declaration should be refreshed by sending the data to customers and asking them to sign a new declaration, or the data collection process should be restarted. Under the law it is not enough for consumers to be referred to declarations by clicking on a data protection icon – at the very least, a summary of the terms must appear with an easy link to full details.
This startling lack of compliance is further exacerbated by the trend towards e-business and the increasing importance of the internet as a customer care and sales channel. The addition of this new channel, digital TV and mobile telephony has created problems for legacy systems, obstructing companies in their quest for a single, integrated view of their customers.
Complying with the Data Protection Act is not easy, particularly for companies with existing, cumbersome databases. But the laws are expected to be tightened so that companies will need to look at alternative ways of managing customer information to provide a better service.
Technology in the form of smart cards does exist to enable companies to develop a single, accurate profile of customer behaviour, but adoption has been slow. However, with increasing legal and consumer pressure surely it is time for UK companies to re-evaluate their approach to CRM?
Iain Cox is head of CRM technology at Mondex International