Business

Consumer Privacy and Consent – Relationship One

Managing privacy and consent of our customers is nothing new. The passage of CAN-SPAM in 2003 made the practice of consent management a standard part of doing business and since then marketers have seen the regulatory landscape steadily expand as new requirements from double opt-in to the right to be forgotten have become law in places we do business.

There’s little reason to believe we’re nearing an end to new privacy laws either. Data privacy legislation may be stalled at the national level, states are beginning to take their own initiative with several either passing or considering new legislation modeled after the California Consumer Privacy Act (CCPR) of 2018. New laws are also being drafted in China and the UK that will likely go into effect within the next few years.

The cost of failing to comply with privacy regulations has been rising. Enforcement of CANSPAM and CASL has been relatively modest in recent years and the first cases filed under the California Consumer Privacy Act are just beginning to enter the system. GDPR enforcement, however, began to increase in late 2019 and has been picking up speed ever since. 2020 saw GDPR’s biggest fine to date, a €50 million judgement against Google, along with several other high profile judgments including €35 million against clothing retailer H&M. €27.8 million against Telecom Italia.

So far in 2021 Close to 150 fines have already been issued for GDPR violations totaling €17,570,000 in fines.  The German tech hardware site notebooksbilliger.de was fined 10MM in January and there have been seven other fines of €1 million or more.

In addition to the cost of fines, there is always the risk of reputation damage and a loss of trust with your customers. B2B customers are every bit as unforgiving as B2C customers and will quickly abandon a brand they feel isn’t trustworthy or is seen to engage in risky behavior with their data. News of a privacy complaint can spread quickly and impact your business, even before any judgement is reached.

Against this backdrop, there are concrete actions you can take to help guard against privacy violations, ensure you are positioned well for future compliance and put your customers’ privacy and consent. Here are four steps you can put into begin to take now to set your organization up for success.

  1. Know the Laws

    • Work with your organizations’ legal team or third-party data and privacy specialists to understand which regulations apply to your activities.
    • Gain their input on how to be complaint and seek their confirmation on the consent policies you adopt.
    • Keep the door open. Even if the laws themselves don’t change their interpretation will. How GDPR is understood today may look very different in just a couple of years.
  1. Be transparent

    • If you haven’t made the switch yet, consider transitioning away from an opt-out based system of consent to a single or double opt-in system.
    • Clearly state what is done, and not done, with customer data.
    • Provide easy to use tools for opting out and not just for emails. Data sharing is fast becoming an area of consent that marketers will need to manage.
    • Read your own terms and privacy pages. Do you understand it? Would your parents be able to read and understand it?
  1. Collect only the data you need

    • Review database to understand what information you’re currently holding. Is it still relevant? Is it outdated and serves no purpose?
    • Audit forms to know what’s being routinely collected and compare that against the ways you’re using data for personalization, targeting and reporting.
    • It’s a balance between privacy and personalization. Customers increasingly demand businesses show that they know them. Yet the technology that empowers personalized experiences is fundamentally at odds with customers’ desires for data privacy.
  1. Guard your customers’ data

    • Know who you do business with. If a breach occurs customers point the finger of blame at you, not the third-party organization where the breach occurs.
    • Document your practices. Think of this as your internal privacy policy that details how you handle data and manage consent. Share this with your staff and provide training so everyone can execute on it.
    • Routinely purge your lists of old data that’s no longer actionable or relevant. In particular, focus on personally identifiable information of customers who’ve never engaged with your brand,
    • Look for opportunities to aggregate and anonymize older data like purchase histories and other transactional information.

Consumers themselves are the main drivers of many of these changes and there is a growing global awareness of the value of this data. Companies who take action now to prioritize their customers’ privacy and consent will be best insulated from damaging fines, will more easily adapt to future legislative requirements and most importantly will be seen by their customers as a trusted partner.

If you have questions, or need help, with your customer’s data, give us a call.

Thank you for subscribing!

Consumer Privacy and Consent - Relationship OneSubscribe to our Thought Leadership Today

Be known by your own web domain (en)

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *