Marketers and privacy

The topic of data privacy has come a long way in a short time. If one were to consider just the new laws alone, the General Data Protection Regulation (GDPR) out of Europe, the California Consumer Privacy Act (CCPA) in the United States, and various other bills and laws have sprung up worldwide since just May of 2018. The age of data privacy has truly arrived.

While much has been written about the fines that can be levied against organizations deemed non-compliant of privacy laws, companies are beginning to understand that an element of the new regulations that they may have overlooked when originally assessing their privacy risk.

That missing element was “reputation.” Yes, the substantial fines are enough to give pause and need to be taken seriously. But it’s the potential loss of reputation that should be the top concern for all marketers, regardless of industry.

Make no mistake, authorities take their new regulations very seriously, to the point of considering data protection and privacy a “human right.” What this means is that if your organization fails to meet the requirements laid out in various laws around the world, it will become a very public affair. Not only will your existing customers hear about the violation, but potential customers will know as well.

How do consumers feel about privacy?

Consider these figures from a SAS sponsored Futurum research report regarding consumer feelings as it pertains to data privacy:·       

• 73% of are concerned with how brands are using their personal data.
• 76% of consumers are concerned with the amount of data brands gather when they search for or purchase a product.
• 73% of consumers are concerned with how brands are using their personal data to the point where they feel it is out of control.
• 71% believe that companies and brands should not be allowed to share their data with other companies or brands.
• 61% feel they have no control over the level of privacy they need for themselves, their family, or their children.

The value of trust

Trust. It’s the brand currency of the digital economy. Without trust, your customers are just one click away from switching to a competitor. A privacy violation has the potential to reverse years of the brand and customer trust that you’ve earned. And in the long run, that makes a fine seem minor.

If you consider the main elements of the various privacy laws, you’ll see that they raise two overarching questions:

• Can customers trust you with their data?
• Do you have an appropriate data management program in place to support that trust?

Marketers' next step: Blending in data governance

Companies embarking on data privacy programs are quickly realizing that much of what’s required is similar to what they may have accomplished with past data   governance initiatives. At its core, data privacy compliance is about having the people, processes and technology aligned for one common goal.

Looking at just a sampling from the GDPR, you can see that’s the case. Each provision is about establishing proper data governance and maintaining a proactive approach.

GDPR components and where data governance blends:

Personal data

GDPR says: Personal data shall be processed in a manner that ensures appropriate security of the personal data.

• Data governance: Are only authorized employees at your company allowed to access certain data?

Conditions for consent

GDPR says: Demonstrate that the data subject has consented to the processing of his or her personal data.

• Data governance: Do you have proper data tagging and cataloging in place?

GDPR says: The data subject shall have the right to withdraw his or her consent at any time.

• Data governance: Do you have an integrated view of your customer’s data to ensure all of their records meet the consent withdraw?

Right of access by the data subject

GDPR says: The data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.

• Data governance: Do you have the data management in place to confirm which data is being processed, and which is simply just stored?

Right to erasure ("right to be forgotten")

The GDPR says: The right to obtain from the controller the erasure of personal data concerning him or her without undue delay.

• Data governance: Do you have an integrated view of your customer’s data to ensure all their data is erased?

Best practices

At SAS we’ve witnessed some best practices that should provide a solid blueprint for marketers regardless of region or industry. The approach we recommend will help you work toward compliance, and it also ensures that the trust you’ve built with your customers will remain steadfast and become part of your brand. Here’s what we recommend:

• Blend your privacy program in to your existing data governance practice. As mentioned, maintaining privacy is very much a governance issue and organizations should not treat the two as separate goals.    
  
  
• Build privacy by design into all processes (i.e. treat data privacy as a core component of your organization and all businesses initiatives).
  
  
• Ensure that all individuals within the organization know their role in keeping customers’ data secure and private. Your company is just one careless employee action away from a reputation breaking privacy violation.

Data privacy in action at Interamerican

One company that puts data privacy first, and yet is still very much using data within their marketing efforts, is Interamerican. As the largest insurance provider in Greece, Interamerican was required to comply with the GDPR deadline of May 25, 2018.

On their data privacy journey, they learned something interesting: Not only did complying with data privacy regulations not hamper their marketing efforts, it enhanced them. Watch the short video below to learn more.