Compliance should be an opportunity, not an obstacle. Box-ticking exercises such as cookie banners can prove off-putting for customers. Greater transparency around the reasons for consent, and what a business intends to do with customer data can help build trust, drive sales and optimize customer experience.
Ben Rapp, Founder & Principal at Securys; Vivienne Artz OBE, Managing Director & Chief Privacy Officer, LSEG; Marc Marrero, Director of Privacy, Standard Chartered Bank; Stef Elliott, Consultant, advisor to the ICO; and Romain Gauthier, CEO at Didomi discussed the positive impact of good privacy practice and more in our recent Yes We Trust Summit, a worldwide, 100% digital privacy event initiated by Didomi to help people understand and inspire trust in the internet age.
What does privacy mean to consumers?
Making privacy an element of trust is an opportunity to move your business forward. Trust should be a basis for developing the business rather than as a box-ticking exercise in compliance to keep the regulators off your back.
Most consumers are already on-board with this idea. A survey carried out as part of Securys’s Privacy Made Positive programme revealed that around two-thirds of consumers actively opt for privacy when deciding which product or service to buy. A similar number have not proceeded with a purchase because they weren’t comfortable with how the vendor was going to use their data.
It’s clear, then, that consumers care about how their data is used. If companies commit to safeguarding that data beyond the minimum required by law, and adopt transparent data practices, they’ll find their customers will be happier and more engaged. And this will have a direct impact on their bottom line.
So when you’re looking at your business’s data practices, it’s important to consider their effect on consumers – what’s driving their behaviours and the way they react to developments in privacy. How can you leverage privacy to have a better engagement with your customers?
Why there’s a need for mutual trust
In the past, compliance with privacy regulations has tended to be very legalistic and process-driven. It’s effectively been the eye of a needle through which businesses have had to pass before they could make contact with their customers. A “privacy by design” approach, however, can be a positive means of engaging with customers.
The customer relationship is key – and that relationship must be built on trust. You trust someone who you respect to look after your interests. But do businesses demonstrate sufficient respect for their customers? Is it the responsibility of the customer to understand what’s going on? Or should the business be responsible for informing the customer in the most appropriate way?
Ideally, if you want consumers to give you their data, they should be able to trust you with it. A business can signal to its customers that it trusts them. To use GDPR terminology, the controller can say to the data subject – we trust you and are therefore only going to ask you for the data we need.
Of course, it works both ways. Rather than waiting to be asked, we should tell people what they want to know, as shown in the example above. And rather than making it difficult to find or understand, we should recognise what information is legally required and provide clear links to it.
Why privacy is the new normal
Privacy requires businesses to behave in a particular way, and to have a particular attitude toward data. You must ensure you behave responsibly with it, so that you can build trust, and enhance your reputation. Behaving irresponsibly and unethically with data, ignoring a data subject’s wishes, for example, will only diminish its value – and your reputation will go down the pipes.
By thinking of privacy as a compliance obligation, businesses won’t build the right sort of attitudes or behaviours. Thinking of privacy as the new normal, however, will help to push the idea that this isn’t just a compliance hurdle, part of a process. With privacy firmly embedded in every aspect of an organisation, it will become part of how it behaves, and how it operates.
Why it’s time to change our approach to compliance
No business ever set out to harm its customer relationships but, as the result of honest attempts at trying to be more transparent while remaining compliant, we’re seeing consent fatigue.
Consumers are consistently solicited for cookie consent, for example, and these constant pop-ups often create obstacles to a fluid and satisfying user experience.
It’s time to revisit the approach and start putting the customer experience first. They’ll need to move away from long legalistic privacy notices that nobody reads, for example. They need something accessible, which makes it easy for their audience to understand what’s actually being done with their data.
Implementing compliance requirements in a way that people understand will set businesses on the path to delivering a better customer experience. But this kind of transformation can be complex – many people within a business will need to be convinced that it’s okay to be transparent, and that it’s safe to give control back to the users.
It’s a long journey, but it’s worthwhile.
How do we make compliance accessible?
A lot of time is spent arguing about what the appropriate lawful basis might be for any given data processing purpose. But the data subject would be better served if we instead considered the business reasons behind collecting particular information.
This would help us understand whether it was actually necessary and, if so, what it was worth to the business. Is it genuinely worth more than the risk of non-compliance, or the potential damage its collection might do to our relationship with the data subject?
The challenge, of course, is that most of this legislation isn’t accessible to the average person. It’s evolving rapidly, and with two-thirds of the world adopting privacy legislation within the last five years, that’s a very steep learning curve.
It’s an indication of maturity, then, when organisations and regulators move from debating what constitutes compliance to considering the issues of behaviours, attitudes, and trust.
There needs to be an assumption that a company will comply with its legal obligations. That way, it can move on to the next step – engaging with its customers in a way that will build trust. Only by accepting and working within the data privacy requirements can businesses turn the situation around and make it a more positive experience for their customers.
How can the compliance challenge be solved?
Many businesses still try to seek consent through a vast morass of cookies and background processing. Given that this approach detracts from the customer experience, there’s a need to think of better ways to collect data.
Regulatory compliance means businesses still need to ask for permission sometimes, so we need to find a way of embedding this seamlessly and transparently into the customer experience. Technology can help, especially when it comes to improving UX.
Indeed, it’s Didomi’s belief that, by creating consent and preference management solutions, companies can put users in the driving seat of their data.
Adopting a “privacy-first” business model will deliver a measurable return, not just in customer service, reputation protection and avoidance of fines, but also in increased sales and profit.
It’s our belief that brands can leverage compliance to turn data transparency and privacy into competitive business advantage. And it’s because of these beliefs that we agreed to be a founding sponsor of the Yes We Trust Summit.
Watch the best of video from the inaugural Yes We Trust Summit here: