How organisations should tackle their data privacy requirements

Data privacy is one of the biggest problems that organisations and individuals face in modern business.

Customers are increasingly striving for personalised services – whether that’s recommendations tailored to their interests, account customisation, reports based on previous activity or countless other features.

But to provide those services, organisations must capture and store sensitive customer information, which of course comes with risks.

This includes the possibility not only of cyber attacks and data breaches but also of the organisation using the information in inappropriate ways. For example, they might use the data for purposes other than those for which it was originally obtained or sell it to a third party.

Whatever the threat, almost everyone is aware of the dangers involved. According to a Deloitte report, 75% of respondents were ‘fairly concerned’ or ‘very concerned’ about the way organisations use their information.

The issue was complicated with the introduction of the GDPR (General Data Protection Regulation) – and news reports of regulatory fines, whether they’re huge penalties such as the €746 million levied against Amazon or routine enforcement actions, demonstrate what a short leash organisations have when it comes to data privacy.

However, that narrative overshadows the fact that data privacy doesn’t have to be a burden. Rather, if organisations embed data privacy into their core activities, it can help them simplify the way they use data and give them a competitive advantage.

Reaping the benefits of data privacy

In June 2010, Apple chairman Steve Jobs gave an interview at the D8 Conference, and conversation quickly turned to data privacy.

“Privacy means people know what they’re signing up for. In plain English, and repeatedly.  That’s what it means,” Jobs said.

“I’m an optimist, I believe people are smart. And some people want to share more than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.”

That idea seemed extreme at the time – indeed, it was radical enough to cause the audience to burst into applause – but it is now the received opinion.

Yet, despite the changes in the way data privacy is perceived, individuals are more concerned than ever about the way organisations use that data.

The issue is perhaps not directly correlated to the way organisations handle personal data; the GDPR has ensured greater data privacy than ever. The problem may well be the way organisations approach compliance.

Indeed, there’s a difference between avoiding any action that could be perceived as a GDPR violation out of fear that you’ll be fined and taking steps to protect customer data because you want to gain their trust.

What should organisations be doing?

Those who want to know how to tackle data privacy may again take a lead from Steve Jobs – or, at least, his former company, Apple.

The tech giant recently changed the way it handles consumer data, giving users greater control over who tracks their information, how it can be shared and where that information is used.

These changes align with the growing standard in data privacy regulation – whether that’s the GDPR, the CCPA (California Consumer Privacy Act) or a host of others that have come into effect recently – but they do more than simply follow the rules.

They also acknowledge that personalisation is still possible – and desirable – in an age of tighter restriction. Organisations may not be able to purchase data from third-party sources, but they can take a proactive approach to seek out information from customers.

This is essential if your organisation is to thrive, as demonstrated by a 2018 Accenture survey. It found that 91% of consumers are more likely to shop with brands that recognise, remember and provide relevant offers and recommendations.

Although this might sound contrary to the goals of the GDPR, it isn’t. As Tim Glomb, the vice president of content and data at Cheetah Digital, writes:

While the changes made to data privacy regulation are all done in the name of protecting the consumer’s interests, particularly their privacy, consumers are, at the end of the day, still consumers. They will still be in search of products, services and resources even if their data is not collected through a third party. What’s changing is how and when that data should be collected.

Increased regulation doesn’t prevent organisations from creating a personalised experience; it simply gives control to the customer.

If businesses provide options for users and explain what data they need and how it will be used, they can not only comply with the GDPR but demonstrate their commitment to protecting customers.

How you can get started

You can find out more about data privacy and the benefits of GDPR compliance by enrolling on our Privacy Essentials for Marketers Training Course.

This one-day course explains the privacy considerations you must be aware of when building and maintaining websites, applications and digital marketing campaigns.  

You’ll also discover the impact that relevant laws have on your business and the requirements you must comply with when using marketing tools such as analytics and referral programmes.  

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.