Simplifying the regulatory environment so consumers and businesses can fully benefit from the digital economy

The General Data Protection Regulation (GDPR) provides European citizens with a strong set of data protection laws to protect their personal information. This regulation caused EXL’s client, a large UK utility provider, to reconsider its marketing strategies.

Previously, customers who had not explicitly opted-out of receiving communications were considered for marketing messages. In this post-GDPR environment, there are stringent penalties for contacting customers without prior consent, as well as other new considerations. Now, the company needed a clear audit trail for showing opt-in consent provided by a customer for all marketing messages.

This raised several major concerns for the organization:

  • They required support in making marketing consent changes to ensure that they complied with GDPR regulations
  • Need to maximize their marketing base given the conditions
  • Avoid GDPR fines which could reach as high as 4% of global turnover


Instead of simply converting a large customer segment to opt-out status, EXL monitored the customer consent journeys over time to make sure these customers had truly opted-out of receiving messages.

  • EXL helped the organization stay GDPR complaint by optimizing the volume of the customers that should be moved to the no marketing category
  • Actively monitoring unexpected consent changes for customers over a period of time.
  • Identified the root causes and why customers opted out.

In this process, EXL also highlighted certain drawbacks that led to implicit consent conversion to opt-in, helping avoid several clear GDPR violations.

We helped the organization fully utilize its marketing base by aligning the channel preference to the overall consent preference.


The approach primarily required ensuring that the client gained the proper consent from customers who had received marketing communications. In case where we a reliable audit trail could not be identified, the customer was listed having opted out. For such an exercise, EXL looked at the following:

  • Time slice customer data to identify the points where there was a change in customer consent
  • Identify the source of the change in the customer status, and whether it was an implicit or an explicit conversion. This required analysing different customer journeys that the customer was undertaking at that time, such as enrolling for loyalty or other programs, registering for an online account, making a complaint, or a conversation with a call centre agent which involved a consent change.
  • Once all the key factors had been considered, customers were segmented into red, amber and green pots indicating the level of associated risk

The above findings provided insights into situations and fixes EXL shared with key stakeholders. We then used our technical expertise to perform the following actions:

  • Fixes for customers the organization had seen as having opted-in in line with pre-GDPR regulations
  • High priority consent conversions resulting from direct GDPR violation concerns/complaints.
  • Identification of the blanket customer base that may have been aff ected due to technical issues with the digital systems
  • Orchestrated fixes in the core source systems, as well as provided list of customers for suppression in various marketing systems
  • Channel preference fixes for customers on a special marketing program, ensuring that they are opted in/opted out on relevant marketing channels


EXL supported in minimizing GDPR violation risk for the energy provider. This included optimizing the volume of consent fixes customers listed as having opted-out. Supported channel preference fixes to make sure client didn’tunderutilize marketing opportunities.

Conversions to opt-out

High priority consent conversion

Channel preference alignments

Contact US