For the past fifteen years, 28 January has marked Data Privacy Day, an international event that’s designed to raise awareness about online privacy.
But this year, the event’s organiser, Stay Safe Online, has expanded the campaign into a full week. From 24 January to 28 January, it’s running a series of events alongside its usual guidance and resources to help people better understand the importance of data privacy.
In this blog, we take a look at the lessons you can learn from Data Privacy Week and the ways you can make long-term commitments to improving the way your organisation handles sensitive data.
The importance of data privacy
Customers are increasingly striving for personalised services – whether that’s recommendations tailored to their interests, account customisation, reports based on previous activity or countless other features.
But to provide those services, organisations must capture and store sensitive customer information, which of course comes with risks.
This includes the possibility not only of cyber attacks and data breaches but also of the organisation using the information in inappropriate ways. For example, they might use the data for purposes other than those for which it was originally obtained or sell it to a third party.
Whatever the threat, almost everyone is aware of the dangers involved. According to the Pew Research Centre, 79% of respondents reported being concerned about the way organisations use their data.
The issue was complicated with the introduction of the GDPR (General Data Protection Regulation) – and news reports of regulatory fines, whether they’re huge penalties such as the €225 million fine levied against WhatsApp or routine enforcement actions, demonstrate what a short leash organisations have when it comes to data privacy.
However, that narrative overshadows the fact that data privacy doesn’t have to be a burden. Rather, if organisations embed data privacy into their core activities, it can help them simplify the way they use data and give them a competitive advantage.
Reaping the benefits of data privacy
In June 2010, Apple chairman Steve Jobs gave an interview at the D8 Conference, and conversation quickly turned to data privacy.
“Privacy means people know what they’re signing up for. In plain English, and repeatedly. That’s what it means,” Jobs said.
“I’m an optimist, I believe people are smart. And some people want to share more than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.”
That idea seemed extreme at the time – indeed, it was radical enough to cause the audience to burst into applause – but it is now the received opinion.
Yet, despite the changes in the way data privacy is perceived, individuals are more concerned than ever about the way organisations use that data.
The issue is perhaps not directly correlated to the way organisations handle personal data; the GDPR has ensured greater data privacy than ever. The problem may well be the way organisations approach compliance.
Indeed, there’s a difference between avoiding any action that could be perceived as a GDPR violation out of fear that you’ll be fined and taking steps to protect customer data because you want to gain their trust.
What should organisations be doing?
Those who want to know how to tackle data privacy may again take a lead from Steve Jobs – or, at least, his former company, Apple.
Last year, the tech giant changed the way it handles consumer data, giving users greater control over who tracks their information, how it can be shared and where that information is used.
These changes align with the growing standard in data privacy regulation – whether that’s the GDPR, the CCPA (California Consumer Privacy Act) or a host of others that have come into effect recently – but they do more than simply follow the rules.
They also acknowledge that personalisation is still possible – and desirable – in an age of tighter restriction. Organisations may not be able to purchase data from third-party sources, but they can take a proactive approach to seek out information from customers.
This is essential if your organisation is to thrive, as demonstrated by a 2018 Accenture survey. It found that 91% of consumers are more likely to shop with brands that recognise, remember and provide relevant offers and recommendations.
Although this might sound contrary to the goals of the GDPR, it isn’t. As Tim Glomb, the vice president of content and data at Cheetah Digital, writes:
While the changes made to data privacy regulation are all done in the name of protecting the consumer’s interests, particularly their privacy, consumers are, at the end of the day, still consumers. They will still be in search of products, services and resources even if their data is not collected through a third party. What’s changing is how and when that data should be collected.
Increased regulation doesn’t prevent organisations from creating a personalised experience; it simply gives control to the customer.
If businesses provide options for users and explain what data they need and how it will be used, they can not only comply with the GDPR but demonstrate their commitment to protecting customers.
Data privacy by design
Effective data privacy requires a company-wide commitment. You need senior management to prioritise its importance, followed by policies and procedures governing the way you use sensitive data and staff awareness training to ensure that employees act responsibly.
This process is often referred to as ‘data privacy by design’. That is to say, data privacy concerns are addressed at the outset of any project and is embedded within the organisation.
You can find out more about data privacy by design by downloading our free guide: Privacy by Design – Step by step.
It contains an in-depth explanation of what it is and how it works, along with our expert tips on how to implement its principles.