The topic of data privacy has come a long way in a short time. If one were to consider just the new laws alone, the General Data Protection Regulation (GDPR) out of Europe, the California Consumer Privacy Act (CCPA) in the United States, and various other bills and laws have sprung up worldwide since just May of 2018. The age of data privacy has truly arrived.
While much has been written about the fines that can be levied against organizations deemed non-compliant of privacy laws, companies are beginning to understand that an element of the new regulations that they may have overlooked when originally assessing their privacy risk.
That missing element was “reputation.” Yes, the substantial fines are enough to give pause and need to be taken seriously. But it’s the potential loss of reputation that should be the top concern for all marketers, regardless of industry.
Make no mistake, authorities take their new regulations very seriously, to the point of considering data protection and privacy a “human right.” What this means is that if your organization fails to meet the requirements laid out in various laws around the world, it will become a very public affair. Not only will your existing customers hear about the violation, but potential customers will know as well.
Free webinar about data privacy and customer experience
Watch this webinar to learn the customer perspective on data privacy and how brands can stay compliant while still offering a great customer experience.
How do consumers feel about privacy?
Consider these figures from a SAS sponsored Futurum research report regarding consumer feelings as it pertains to data privacy:·
- 73% of are concerned with how brands are using their personal data.
- 76% of consumers are concerned with the amount of data brands gather when they search for or purchase a product.
- 73% of consumers are concerned with how brands are using their personal data to the point where they feel it is out of control.
- 71% believe that companies and brands should not be allowed to share their data with other companies or brands.
- 61% feel they have no control over the level of privacy they need for themselves, their family, or their children.
The value of trust
Trust. It’s the brand currency of the digital economy. Without trust, your customers are just one click away from switching to a competitor. A privacy violation has the potential to reverse years of the brand and customer trust that you’ve earned. And in the long run, that makes a fine seem minor.
If you consider the main elements of the various privacy laws, you’ll see that they raise two overarching questions:
- Can customers trust you with their data?
- Do you have an appropriate data management program in place to support that trust?
Marketers' next step: Blending in data governance
Companies embarking on data privacy programs are quickly realizing that much of what’s required is similar to what they may have accomplished with past data governance initiatives. At its core, data privacy compliance is about having the people, processes and technology aligned for one common goal.
Looking at just a sampling from the GDPR, you can see that’s the case. Each provision is about establishing proper data governance and maintaining a proactive approach.
A privacy violation has the potential to reverse years of the brand and customer trust that you’ve earned.
GDPR components and where data governance blends:
GDPR says: Personal data shall be processed in a manner that ensures appropriate security of the personal data.
- Data governance: Are only authorized employees at your company allowed to access certain data?
Conditions for consent
GDPR says: Demonstrate that the data subject has consented to the processing of his or her personal data.
- Data governance: Do you have proper data tagging and cataloging in place?
GDPR says: The data subject shall have the right to withdraw his or her consent at any time.
- Data governance: Do you have an integrated view of your customer’s data to ensure all of their records meet the consent withdraw?
Right of access by the data subject
GDPR says: The data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.
- Data governance: Do you have the data management in place to confirm which data is being processed, and which is simply just stored?
Right to erasure ("right to be forgotten")
The GDPR says: The right to obtain from the controller the erasure of personal data concerning him or her without undue delay.
- Data governance: Do you have an integrated view of your customer’s data to ensure all their data is erased?
At SAS we’ve witnessed some best practices that should provide a solid blueprint for marketers regardless of region or industry. The approach we recommend will help you work toward compliance, and it also ensures that the trust you’ve built with your customers will remain steadfast and become part of your brand. Here’s what we recommend:
- Blend your privacy program in to your existing data governance practice. As mentioned, maintaining privacy is very much a governance issue and organizations should not treat the two as separate goals.
- Build privacy by design into all processes (i.e. treat data privacy as a core component of your organization and all businesses initiatives).
- Ensure that all individuals within the organization know their role in keeping customers’ data secure and private. Your company is just one careless employee action away from a reputation breaking privacy violation.
Data privacy in action at Interamerican
One company that puts data privacy first, and yet is still very much using data within their marketing efforts, is Interamerican. As the largest insurance provider in Greece, Interamerican was required to comply with the GDPR deadline of May 25, 2018.
On their data privacy journey, they learned something interesting: Not only did complying with data privacy regulations not hamper their marketing efforts, it enhanced them. Watch the short video below to learn more.
Data privacy and marketing at Interamerican
Hear how the largest insurer in Greece, Interamerican, is using the GDPR as a catalyst for meeting broader business goals. This insurer knows that the GDPR is about much more than just avoiding fines – it’s about ensuring that its trusted brand name remains the company’s greatest asset for many years to come.
About the Author
Todd Wright leads Global Product Marketing for SAS Personal Data Protection and SAS Customer Intelligence solutions. He works closely with the product management and sales organizations to create and promote materials that are relevant and valuable to SAS customers. Wright has 14 years of experience in data management software, including sales and marketing positions at DataFlux and SAS. Wright is instrumental in developing customer relationships and creating strategic marketing plans that drive awareness, consideration, education and demand for SAS Data Management. He received his business degree in Marketing from Western Michigan University. You can find him on Twitter: @toddwright_GDPR
- Tread carefully with customer data platformsThe potential benefits of customer data platforms are significant, but CDPs are by no means a silver bullet. Follow these three steps to avoid disillusionment.
- The digitization of everything — its impact on customer experienceWhen your coffee barista greets you by name and has your usual morning order piping hot and waiting for you — that’s customer relationship management at its finest. But with tech innovations rapidly merging the digital and physical worlds, what will CRM look like in the future? Brian Vellmure explores this question and more.