Does your business have a data privacy policy in place?
If the answer is “not yet,” my next question is whether you do business with customers in California – because that state’s strict new consumer privacy laws take effect on January 1, 2020. The California Consumer Protection Act (CCPA), which particularly applies to larger firms as well as firms that sell personal consumer data, is part of a growing trend in consumer privacy legislation worldwide.
This article will take a look at why data privacy policies are not just a must for regulatory compliance, particularly with new legislation coming online, but also good business.
Why you need a data privacy policy
The latest wave of consumer privacy regulations is part of a global trend putting customers back in control of their data and giving them more of a say in efforts to market to them. One of the most public examples recently has been the European Union’s General Data Protection Regulation (GDPR): It has strict requirements for opting-in to marketing communications, allowing people to manage their marketing preferences, and even giving consumers the right to be digitally “forgotten” if requested. Backed by stiff fines that can total as much as 4% of annual turnover, it affects companies of any size that market to EU consumers.
According to a recent Capgemini report, laws such as these are proliferating worldwide, with regulations pending or in effect on every continent, and draft privacy legislation in the works for at least 10 US states. In addition, Washington state has even proposed its own GDPR-style legislation.
Sadly, companies are still behind the curve in adapting to this new landscape. Capgemini notes that less than a third of organizations were fully GDPR-compliant as of June 2019, with some market sectors such as insurance, telecom and government services falling below a 25% compliance rate. Closer to home, nearly a third of firms are claiming they will only be partially compliant with CCPA by its 2020 implementation. And in the latter case, these firms cite factors including legacy IT systems, unclear guidance and getting employees on board as major factors.
From a data quality standpoint, this means that having clean, validated contact data from a central source isn’t just nice to have – it is increasingly becoming a requirement. When a customer opts out at any touch point, for example, every stakeholder in your organization needs to know this. And the cost of bad or misdirected customer contact data now includes potential regulatory fines as well as increased business costs. This means that a data privacy policy, as part of a larger data governance framework, must replace silos of contact information and unclear boundaries for data quality responsibilities.
Why you want a data privacy policy
For years, we have been making the case that better control of data privacy – including a process for ensuring data quality at each phase of data acquisition and usage – makes good business sense, for reasons that go far beyond fear of compliance penalties. Here are just a few of the reasons why:
- Better customer engagement. When your marketing and customer communications are targeted to people who want to hear from you, and welcome your message, you are building an engaged community with better ROI compared with traditional “spray and pray” marketing.
- A single 360-degree view of the customer. The single customer view (SCV) movement has gained steam over the years, particularly with the growth of multi-channel support and marketing. Company-wide data privacy policies are a foundation for successful SCV implementations.
- Brand reputation. When you play “gotcha” by tricking consumers into opting in to marketing communications, don’t give them control over their preferences, or worse, market with dirty data, you not only run afoul of data privacy laws – you brand yourselves as pests in a world that likes interruptive marketing tactics less and less. A recent GlobalWebIndex article describes this as a “Data-Driven Trust Deficit” affecting your brand image.
- Improved performance. In perhaps the most important reason of all for data privacy, Capgemini notes that firms that are fully GDPR compliant have better revenue performance, customer satisfaction and even employee morale. Correlation isn’t necessarily causation, but there is a clear and quantifiable relationship between good data governance and better outcomes.
The rise of the new consumer
Most industry observers will say that data privacy policies are increasingly becoming a requirement, on the heels of a growing regulatory compliance burden for data managers. We would take this view a step further – these policies can also be a competitive differentiator and even a strategic foundation for revenue growth. Compliance is important – and growing in importance – but it is only part of the picture nowadays.
So don’t just react to the threat of compliance penalties – think through the advantages of an engaged community of prospects and customers. Then quantify these advantages and let them inform the development of your data protection, privacy and governance policies. The end result will be an organization that knows and interacts with its contacts much better than its competitors do.