Data privacy no longer concerns only legal teams. It has become a cross-functional business imperative that everyone from legal, to marketing, to IT must understand and pay attention to. In the two plus years since the General Data Protection Regulation (GDPR) was introduced, we’ve seen companies continue to suffer data breaches, and non-compliance in legislations leading to massive fines. Together, these issues have increased consumer awareness and skepticism in how companies are using their data. Legislations such as GDPR, California Consumer Privacy Act (CCPA) and the 2020 passing of the California Privacy Rights Act (CPRA) have also made higher standards of data collection a legal requirement, with non-compliance no longer an option.
So, what are the most common data challenges that businesses face today in the area of compliancy and how does this impact trust?
There are three main challenges for businesses trying to meet data privacy and security requirements:
- Change in mindset – Now that regulations such as GDPR and CCPA are established, it’s time for brands to stop looking at data privacy merely from a compliance perspective, but to start seeing it as an opportunity to demonstrate trustworthiness to consumers. The journey to compliance is a lengthy process that requires businesses to build and instill solid practices, systems and processes. From here it becomes more of a branding challenge that allows companies to reassure customers that they value and respect their data and will not misuse it or leave it vulnerable to hackers. As the CPRA will supersede CCPA and become operative by 2023, brands must get a jump start on understanding regulations to ensure a smooth, seamless and trustful transition. The time is now.
- Keeping up with a constantly shifting regulatory landscape – While data protection laws have existed for a while, we have not yet seen clear international precedent on enforcement as regulations vary in different countries. To prevent fines, reputational damage and a negative impact on customer trust, brands should always err on the side of caution. Dedicating their attention to how they capture and process data within the evolving regulatory landscape is key.
- Understanding data and how to work with it – Determining what counts as personal data is a challenge many organizations face as it could change from one situation to another. Furthermore, although some businesses have been racing to collect as much data as possible, they’re often not sure why they’re collecting it, how they’re going to use it and where and how they’re storing it. This creates risk under data regulation.
Building brand trust
While 88 percent of customers are willing to pay more in order to have a good experience with a brand, the issue of trust shouldn’t be neglected. Customers are more inclined to trust brands that are listening to them; therefore, trust and communication are related priorities. As customers are becoming increasingly suspicious of how organizations are handling their personal data, demonstrating transparency, responsibility and accountability for that data will encourage deeper levels of trust in your brand. GDPR becomes a business lever that your organization can pull to underline your commitment to the privacy of both customers and prospects, and that you take a differentiated stance from your competitors.
Customer trust and data privacy and transparency go hand-in-hand, so companies need to make sure they have processes in place that can document what information is being stored and where, and make it available to both customers and the regulatory body that is overseeing them. Regulations such as GDPR exist to ensure that both businesses and customers are comfortable with data sharing and trust the idea of working within digital experiences.
This is also an opportunity for organizations to revisit their marketing and digital experience strategy to take advantage of the fact that their data is now more accurate, structured, current and reliable. They can become more effective and efficient as a business by only engaging with those customers and prospects who are likely to engage with their marketing activities, developing latent brand promoters, and avoiding the inadvertent development of brand detractors, maximizing their reputation overall.
Organizations should also take the time to review the mechanics of how they deliver their omnichannel experiences. They need to ensure that customer data use is consistent, provides clear, channel specific preferences and customer consent is properly respected, and overall, the best joined-up cross-channel experience is being delivered within these constraints. Embracing data security and privacy may impact what you can do with some channels, but it may also open up opportunities in other channels that can ultimately provide a better experience for your prospective and existing customer base.
Here are a few things brands should adhere to on their journey to becoming a trustworthy brand:
- Build cross-functional teams across the business who value and work towards trust
- Only collect the data needed
- Collect data across the journey, not all up front
- Simplify the process of gathering consent to use customer data
- Demonstrate the value you add by collecting data from your customers and prospects
- Be transparent about how you’re using and protecting customer data
- Re-evaluate your marketing strategy in light of the quantity and quality of data you now have available
- Review the mechanics of how you deliver your omnichannel experiences
Putting practices in place that build trust in how data is handled has become more important than just checking the compliance box. These eight guidelines are a great foundation for businesses that are currently working hard to build customer trust while ensuring data privacy and security. Only when organizations start to understand the interdependent relationship between data collection and use and customer trust will they truly achieve their ambitions to be a trustworthy valued brand.
Chris Stennett, Global Vice President, Business Value & Strategy, Sitecore