Privacy Enforcement, U.S. Laws & Regulations

Privacy rights compliance management: The new competitive differentiator

In the face of continued consumer distrust over data privacy and a regulatory environment that remains uncertain, forward-thinking companies are building best practices for data stewardship – and creating a competitive advantage in the process.

 

Consumers are more concerned about data privacy than ever before. It is the No. 1 social issue that Americans would like businesses to address. Even ahead of healthcare.

 

Regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act 2018 (CCPA) – and a host of other new regulations being developed around the world – are attempts to calm those fears and force companies to be better stewards of their customers’, or users’, data.

 

Yet the new regulations don’t seem to have had an immediate calming effect. Several months after GDPR was enacted, a Global Web Index survey found that 70% of internet users in the UK and U.S. were more concerned about their online privacy than a year earlier.

 

In this kind of environment there is a tremendous opportunity for forward-thinking companies to build a competitive advantage based on good data stewardship.

 

Data privacy is the No. 1 social issue that Americans would like businesses to address. Even ahead of healthcare. 

Click to tweet

 

Opportunities for forward-thinking companies

We have entered a new privacy paradigm. Privacy rights compliance management used to mean protecting your customers’ data. Today also means enabling your customers to exercise control over their data.

 

The basic idea, in this new privacy paradigm, is this: When a user gives personal, sensitive information to a company in order to get a service, that company should have a duty to exercise care in how it collects, analyzes, manipulates, and shares that information. India McKinney, a legislative analyst for the Electronic Frontier Foundation, reflected the popular consensus well: Companies should “serve as fiduciaries for their consumers’ data, and to satisfy duties of loyalty, confidentiality, and care for their users.”

 

We have entered a new privacy paradigm. Privacy rights compliance management used to mean protecting your customers’ data. Today also means enabling your customers to exercise control over their data.

Click to tweet

 

Personalization and privacy can coexist

There’s a valid concern that rigid privacy rights rules could stifle innovation – just as companies are increasingly able to turn data into competitive advantage. As Gartner analyst Saul Judah explains it, “Effective governance is a critical success factor for data and analytics initiatives, and one of the most difficult challenges that organizations face.”

 

Yet it’s a misconception that personalization and privacy are conflicting efforts. In fact, they’re symbiotic opportunities to deliver business value. Leverage customers’ data to deliver more personalized products and services to them, and at the same time be a good steward of that customer data.

 

It’s a misconception that personalization and privacy are conflicting efforts. In fact, they’re symbiotic opportunities to deliver business value.

Click to tweet

 

Best practices for data trust and business success

Being an effective steward of your customers’ data can be a key differentiator as you acquire new and deepen existing customer relationships. Delight your customers with clarity, speed, and education.

 

There are three best practices that will take you a long way toward establishing that competitive advantage:

1. Privacy portal

This is the number one way to deliver transparency to your data subjects. Unlike a basic web form, a privacy portal is a space in which your users can self-administer some or all of their privacy requests. A portal enables the secure transfer of sensitive information with a password and SSL encryption. You can communicate disclosures, past consent(s), and open and closed requests. Intelligently designed workflows make the process easier and more understandable.

 

2. Matrix of consent

A matrix of consent helps manage complexity by tying data categories (profile data, social data, contact info, income data, etc.) to data uses (app, new account, loan application, etc.). The matrix shows the type of data used by service. It shows what data subjects have agreed to, what they have specifically revoked access to, and what data does not apply to a particular service. It provides easily understandable transparency into the ways your access to a customers’ data enables you to provide their services.

 

3. Automating for fast response

For most organizations, best practice privacy rights compliance management demands at least some automation. If you expect to receive a lot of subject access requests or you have a very complex data environment to extract the data from, automation is key to fulfilling requests quickly and transparently. (What’s more, organizations in that position often find that the cost of automating some or all of the process is less than the operational overhead required to manually manage the requests.)

 

There are other best practices in privacy rights compliance management of course, including practices that reduce operational overhead by automatically deleting or anonymizing records across hundreds of back-end systems. But these three are the key ones to delight customers and thereby gain competitive advantage.

 

Being an effective steward of your customers’ data can be a key competitive differentiator. Delight your customers with clarity, speed, and education.

Click to tweet

 

Now what?

None of this is easy. For most businesses, managing data, alerting users to their rights, and responding to data subject access requests is an overwhelming amount of work. Making it more difficult is the fact that data privacy regulations continue to change.

 

The ideal solution is a complex piece of software that can navigate through the different regulations and render a complex web of rules into a platform that can be easily understood.

 

The Apples and Microsofts of the world are building their own such software. For most companies, that’s not the best approach.

 

There are reasons why most enterprises license Salesforce rather than building their own customer relationship management system … why Oracle’s fastest growing products are as-a-service solutions:

  • You get much faster time to benefit (just license and configure, which takes weeks rather than months)
  • Typically, the all-in costs are much lower over time
  • It is, by definition, highly scalable
  • You get new releases and upgrades as soon as they’re rolled out

 

A software-as-a-service solution for privacy rights compliance management has all those same benefits, which go a long way to delivering flexibility for today’s uncertain privacy rights environment.

 

Indeed, in their July 2018 survey, TrustArc found that 87% of companies are looking to a third party to help meet GDPR compliance requirements. More than half use third-party technology and tools to automate and operationalize data privacy.

 

87% of companies are looking to a third party to help meet GDPR compliance requirements, according to TrustArc.

Click to tweet

 

By turning to a purpose-built SaaS solution, you can focus on building trust with your users and customers and understanding what the data means. And that can be a huge competitive advantage to the business that is your primary focus.

 

{{cta(‘ec250143-f8c6-470d-adbe-0920de0c9be8’)}}


Author

Dan Clarke
Dan Clarke
President, Truyo
January 8, 2019

Let Truyo Be Your Guide Towards Safer AI Adoption

Connect with us today