New privacy regulations mean your company needs better data management now
Do you know how every company you interact with uses your private data? Consider this: In December 2018, The New York Times revealed that tech and marketing companies use seemingly innocuous apps to gain access to users’ locations -- sometimes up to 14,000 times each day.
For example, the Weather Channel app funneled users’ location data to an IBM subsidiary, while Reveal Mobile, a location-based marketing firm, harvested users’ location data from code planted in more than 500 other apps. It’s safe to say that most people trusted the Weather Channel app to make daily decisions about what to wear or whether to take an umbrella. After the news broke, however, the Weather Channel’s status as a trusted institution was less certain.
The companies used the data to calibrate advertising campaigns to potential customers’ preferences, a type of personalization 90 percent of consumers say they find appealing. Yet the companies’ actions also raised serious privacy concerns from those who didn’t want their intimate movements tracked. Users were especially horrified to learn that the apps could trace their children’s movements to and from school -- information that could be dangerous in the wrong hands.
Location-tracking data is just one subset of the 2.5 quintillion bytes of data internet users produce each day. If businesses today want to avoid backlash, they must walk a tightrope between personalization and privacy, collecting and analyzing consumer data to make products better while also keeping the data secure.
As countries around the world tighten privacy regulations, businesses have new incentives to wield data responsibly. The General Data Protection Regulation (GDPR) became enforceable in the EU in May 2018, and recent court cases against Facebook and Google show that the grace period is now over for violators. In June 2018, California signed its own privacy regulation into law, and a national data privacy regulation proposal is sparking heated partisan debate. A federal U.S. law might be hot on its heels.
Ultimately, greater ownership of data benefits the end customer
As revelations about apps tracking users’ locations made headlines, businesses were forced to confront the reality tAs revelations about apps tracking users’ locations made headlines, businesses were forced to confront the reality that consumers care deeply about how their private data is handled. In fact, 57 percent of customers saying they’re uncomfortable with the ways companies use their data data. Clearly, there’s room for improvement.
To earn back customers’ trust, companies must be transparent about what services or benefits customers receive in exchange for their data -- and what security measures are in place to protect it. For example, customers might be willing to grant the Weather Channel app access their locations if doing so allows the app to provide better service, as long as they’re sure their data will never be shared with unknown entities. Additionally, companies must acknowledge that consumers have the right to change their minds. Consumers should always have clear ways to opt in or out, depending on how their needs and preferences evolve over time.
Companies that manage consumer data transparently not only earn consumers’ trust -- they can also outperform their competitors. A 2018 survey by Veritas found that 59 percent of consumers are willing to spend more money with organizations they trust to look after their data. For nearly one-third of consumers, that could mean spending up to 25 percent more with businesses that take data protection seriously. Research by McKinsey echoes these findings, showing that businesses that make decisions based on customer analytics are more than twice as likely to beat competitors’ profits and sales growth.
Privacy regulations might be the impetus for better data management, but improving data management can yield higher profits, better brand loyalty and happier customers, too.
Here’s how companies can manage data effectively -- while upholding privacy standards and earning consumers’ trust.
Companies should know how vendors handle their data
In most cases, companies are ultimately liable for upholding privacy regulations, regardless of who manages their data. If companies give up control of their data to a third-party vendor, they risk gaps in oversight that prevent compliance while exposing them to any security shortcomings in the vendor’s platform, among other perils.
In March 2018, Facebook ended its "Partner Categories" feature, which used third-party data to segment users, due to growing scrutiny sparked by GDPR. Facebook’s struggle might preview a trend in which companies part ways with external vendors. In the immediate days after GDPR became official, some businesses pre-emptively closed their European operations out of fear they wouldn’t be able to comply with the new standards on their own.
Under privacy regulations, businesses can still work with data management partners, but the standard for establishing trust will be much higher. A successful data management strategy should include three key elements: people, process and technology.
People should receive training and support to keep up with the latest changes in data compliance, as well as data management processes they can rely on to streamline decision making. Finally, technology such as Customer Data Platform (CDP) software can unlock new data management capabilities while reducing the risk of human error.
Enforcement is still evolving
Although privacy regulations outline some expectations for how companies must manage customers’ personal data, it’s still unclear exactly how the regulations will be enforced and what penalties will exist for businesses that violate them.
For now, several high profile cases hint at the future of privacy regulation enforcement. Germany's antitrust regulator recently ruled that Facebook's advertising model exploits users' privacy. But without a viable alternative to the social media giant, users can’t give the voluntary consent GDPR requires. Until this and other cases establish precedents, businesses simply won’t have a clear sense of what enforcement will look like in Europe or in other regions with similar privacy laws.
As U.S. states and the federal government consider their own privacy regulations, upholding privacy standards could become even more complicated.
As laws change, it pays to be proactive
Businesses that wait until the last minute to adapt to new privacy regulations will be trapped in a constant cycle of reaction as future privacy regulations emerge. By contrast, businesses that excel at managing their data will be prepared to adjust with agility and speed, no matter how privacy regulations evolve.
Businesses keep pace with changing privacy regulations in two main ways: by segmenting audiences that are subject to different regulations and by upholding the standards of the most stringent privacy regulations that encompass all others. At a minimum, businesses must maintain up-to-date records of each customer’s country of residence, subscription status, consent for data collection and more. Note that GDPR applies to EU citizens, no matter what their current location might be.
For businesses that accurately manage and maintain their data, following a new privacy regulation might be as simple as creating an additional segment or filter or requesting consent from an existing subgroup of customers. If there is no plan in place, however, this will require repeatedly building new systems from scratch in ways that potentially expose businesses to mistakes and violations.
All businesses must abide by privacy regulations, and taking proactive measures now will avoid stress and potential legal consequences later. Plus, it could lead to greater customer trust and profitability in the future.
Erik Archer Smith is Marketing Director, ABM at Arm Treasure Data. A data-driven marketing and sales professional, he has 10+ years experience helping companies scale during phases of hyper-growth.