Chris Hyde, SVP global head of data solutions at Validity
The General Data Protection Regulation (GDPR) came into effect in 2018,bringing with it new data privacy laws that put consumer protection at the forefront. It established core principles including unambiguous consent, data minimisation, limitation of purpose, and the right to object, making data privacy not only a best practice, but alsothe law.
However, thishas led to somechallenges, especially for data controllers and processors, who may struggle with the meaning of key clauses in these regulations. Often, they need to be tested in courts of law to clarify their true intention and establish legal precedent. This is clearly seen today across Europe,with regular incidents of tech giants being caught out breaching data privacy laws.
What to learn from the tech giants
Since GDPR laws came into play, and especially in recent months, European regulators have come down hard on data privacy, catching out many of the top technologyplayers. For example, this year, Meta was fined 17 million Euros1 for a data breach, failing to uphold measures which would enable the tech giant to protect EU users’ data. European regulators are clearly showing that GDPR should not be underestimatedand organisationsneed to recognise the importance of being clear with individuals. This is especially true when addressing how personal data is processed, and whetheran appropriate legal basis has been established for doing so.Going forward, businesses should think about whether their data privacy policies comply with changing regulation to avoid getting caught out.
Marketers also have a responsibility to their customers andshould ensure they are taking a more transparent approach about the data they gather, and how they use it. This includes educating customers about their responsible use of tracking.For example, Facebook introduced a ‘Privacy Basics’website2 to educate its customers on privacy settings and maintain their trust.Many marketers still fail to inform subscribers that tracking is used, which is against the law, so customers are unaware their behaviours are being recorded, though they may be able to guess. It is not only the mistakes of tech giants that organisations can learn from, but also their successes in data privacy. Policies such as Apple’s MPP, which enables consumers to hide their IP address so senders can’t link it to other activity, have shone a light on ethical data practices and have driven greater focus on using zero party data to maintain loyalty from customers.
Customers are key
Today, consumers have a far greaterunderstanding of their data privacy rightsthan ever before and are prepared to exercise these rights if they believe their personal data is being misused.Therefore, it is essential for businesses to earn the trust of their customers. Oneway organisations can ensure they are transparent with customers is with zero party data.
Zeroparty data3 is information that a customer intentionally and proactively shares with an organisation. It can include preference centre data, purchase intentions, personal context, and how the individual wants the brand to recognise them.Zero party data has many advantages from an ethical viewpoint. Individuals have 100 percent clarity on how their information was sourced, as they were the ones who provided it, it is provided with the intention of being used, and marketers can provide a clear explanation about how the individual will benefit.
Zero party data has additional benefits for brands, as it provides clear consumer preferences to help tailor content better aligned with their needs. Data accuracy is vital, as accurate data drives relevant content, meaning a better chance of increasing sales for the business. This means re-visiting customers on a regular basis, to ensure the data collected is up-to-date and still valid. When zero party data strategies are executed successfully, organisations will reap the benefits in both the short and long term.
What to do if there is a data breach
While it is important for organisations to do their very best to enforcedata privacy policies that comply with regulation and protect customer data, there are cases when companies breach regulations.Much of the time these data breaches are caused by human error orinadequate training. TheInformation Commissioners Office4 (ICO)reports that the most common self-inflicted data breaches include data emailed to incorrect recipients (22 percent), unauthorised access (14 percent), and data posted or faxed to incorrect recipients (13 percent).
Additionally, data breaches can happen because ofcyber-attacks, and although a cyber-attack is not a direct mistake of the organisation, it is still their responsibility to ensure the correct security policy is in place to protect data. When any data breach happens, it is not necessarily a case of an organisation trying to be purposefully deceitful. However,a data breach is still a bad look for a business and can reduce customer loyalty and trust.
If a data breach does happen, it is important to keep in mind that most of the time,regulators will be lenient with businesses that are transparent about what went wrong and that take immediate action. In addition, victim organisations mustco-operate with regulatory bodies and ensure that they are quick to put measures in place to prevent the issue occurring again. There are also mitigating circumstances that regulators may consider, whichcan result in reduced fines. For example,they might consider if it was a first-time infringement, the severity of infringement, whether it was deliberate, and if the organisation proactively notified the breach to a supervisory authority.
As we head into the new year,businesses really need to think about how they can maintain the trust and loyalty of customers as well as keeping their brands’ reputation intact. Placing customers and their data privacy at the forefront of considerations, as well as keeping track of regulatory changes – for example, to the more recent UK-GDPR –will put organisations in the best position possibleto weather the storm presented by a challenging outlook for 2023.
- https://www.reuters.com/technology/irish-watchdog-fines-meta-data-breach-2022-03-15/
- https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust
- https://www.salesforce.com/resources/articles/what-is-zero-party-data/#:~:text=Forrester%20Research’s%20definition%20of%20zero,to%20recognize%20%5Bthem%5D.%22
- https://ico.org.uk/action-weve-taken/data-security-incident-trends/
Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.