24 / 05 / 2019
Moving the Dial on Customer Trust
HOW COMPANIES CAN USE PRIVACY AS A DIFFERENTIATOR AND THE ROLE OF THE GDPR
The GDPR has moved data protection and privacy from a back office, compliance matter, often ignored by non-regulated organisations, to an important business critical issue that has been and will remain on the board agenda of almost all companies, large and small. Similarly, GDPR has raised awareness amongst consumers on their rights regarding the personal data that is being collected and processed about them. This has made building and retaining customer trust a key business goal.
However, twelve months on many organisations are now realising that their GDPR readiness programmes fell short of reaching a meaningful level of compliance and that more work is still needed. Despite this, many organisations have taken the decision to not go beyond a mere tick box exercise or a level of paper compliance. This is disappointing as organisations, to be able to really show that they have embraced both the letter and the spirit of the GDPR, need to move beyond these superficial compliance layers to the deeper layers of organisational compliance, to embedding sound data governance in all of their business processes and to being able to demonstrate accountability.
The Many Layers of the GDPR
Many organisations prepared for the GDPR by focusing on updating privacy notices on websites, creating data inventories, retention policies and doing some internal awareness training. These are all useful steps but do not take into consideration the full impact of the GDPR and in particular the impact of the GDPR on the deeper data and operational layers of their organisation.
An example would be the secondary use of personal data, such as for data analytics, where there are challenges complying with GDPR principles including purpose limitation, data minimisation and data retention as well the challenge of finding a legal basis. Despite the GDPR being a year old, many companies are still to define the processes and mechanisms to ensure secondary use of data across their organisations are being managed in a compliant way.
When it comes to consumer trust, almost every day there is a new report of a privacy breach and it is not an overstatement to say there is a crisis of customer trust as regards data privacy. It is not clear yet if the introduction of the GDPR has moved the dial on customer trust, as there still appears to be wide spread confusion and distrust amongst consumers on how their data is being collected, used and who it is being shared with.
Companies that are truly customer centric need to do more with regard to transparency and also more to demonstrate how they are acting ethically and responsibly with their customers’ data. It is unrealistic to burden the consumer with the responsibility of reading reams of privacy notices to try to figure all this out.
Now is the time for those companies that position themselves as valuing and being respectful towards their consumers to show real leadership and to demonstrate their trustworthiness.
Data Privacy and Data Utility
There might be a view that the push to demonstrate privacy leadership looks to be at odds with the pressure to deliver data driven business growth. But this is not the case – it is possible to turn this compliance requirement into a competitive advantage by focusing on data quality not quantity, by building consumer trust and by using privacy as a differentiator to establish brand loyalty and preference.
Corporations have been replacing Business Intelligence systems with predictive analytics and machine learning tools. They are moving away from just analysing structured data, as a tool to assess the state of their business, to also being able to analyse unstructured data and delivering foresight. The challenge now is how to create these models without compromising privacy.
In reality, there are many use cases where you don’t actually need to analyse personal data to derive insights and to become a data-driven organisation. For analytics programmes that improve product profitability, or drive digital transformation or customer segmentation there is a need for large volumes of data to establish trends but it is not requirement to be able to identify an individual within this analysis. Therefore, the effective anonymization of data can ensure consumer privacy is protected and provide valuable data to power results from data.
Building Customer Trust – The Power of Anonymization
If personal data is rendered truly anonymous, data protection regulations, such as the GDPR do not apply and companies are no longer subject to limitations that apply to personal data. Provided the original data was lawfully collected, companies can use data from all their customers, not just those that consented to analytics being conducted. They can use the data for all use cases and the data is not subject to retention requirements. Truly anonymized data is also not subject to data subject rights such as access requests, the right to be forgotten and the right to object to processing. This delivers a comprehensive and stable analytics data universe that can provide longitudinal views essential for analytics programmes such as lifetime value modelling and recommendation engines.
Working with anonymized data, rather than personal data, means companies can embrace the spirit and the letter of the GDPR without compromise and thereby build customer trust.
Follow the link to read more about the Trūata Anonymization Solution.
Aoife Sexton, Chief Privacy Officer
Aoife joined the Trūata team from the law firm Tech Law Services, where she was a Principal for six years advising technology clients within the areas of Commercial, Data Protection, IP and Technology Law. Aoife is a graduate of University College Dublin (BCL) and the College of Europe, Bruges, Belgium. She is a Certified Data Protection Practitioner (PC.dp) as well as International Association of Privacy Professionals CIPP/E certified. She is an approved IAPP trainer for the CIPP/E course and conducts regular training courses in Ireland.