For many organizations, there was an immense frenzy in the lead-up to the GDPR. There was panic surrounding consent messaging requirements, trepidation at the thought of entire customer databases disappearing overnight, and general confusion about how to comply with the new legislation. Let alone being able to progress to the next step of rebuilding engagement levels with customers.
Fast-forward a year, and the brand experience has become littered with endless consent pop-ups, in various shades of grey, irritating consumers as a click standing between themselves and content. Meanwhile, some brands have done little more than privacy theatre, cosmetically adapting old tactics such as implied consent, or worse, cookie walls that regulators have already declared as non-GDPR compliant.
No sooner than companies have come to grips with GDPR compliance, a whole host of proposed privacy laws are coming, such as the California Consumer Protection Act (CCPA). We are all wondering: will this ever end?
The answer is: No, not until we have mastered the art of engaging with customers while truly respecting their privacy.
And with nearly 30% of the U.S. internet users predicted to install an ad-blocking tool by 2020, we still have a long way to go. The very reason the CCPA was hurriedly passed was to avoid a more stringent, grassroots ballot measure that was gaining steam among California citizens. We live in a new normal, where consumers are starting to demand more from their governments and brands around the protection of their privacy, and it doesn’t seem to be slowing down.
Yet there is hope. Some brands are slowly gathering their own consent-driven, first-party CRM data, using mutual value exchange concepts. These organizations are embracing the opportunity and competitive advantage that such legislation can bring in building consumer relationships.
The compliance journey so far
For many organizations, 2018 was a wake-up call, with the EU delivering on its promise to hold non-compliant data handlers to account. More than 200,000 data breaches have been reported since the inception of GDPR, and fines were handed out at every turn, with Google receiving the lion’s share of the reported €56 million when the French regulatory body the CNIL fined it €50 earlier this year. Global brands such as Facebook and Uber also fell afoul of the regulations, while data giant Rubrik took a wrong turn when it leaked tens of gigabytes of server data including customer names, contact details, and sensitive casework information.
Continuing on the path to compliance
The next six months will be a telling time for organizations who are still working on their compliance practices and procedures. Perhaps the most pressing of the proposed regulations come in the form of the aforementioned CCPA, which is due to take effect in early 2020. Although not as stringent as GDPR – focusing on consumer opt-out rather than opt-in – the legislation will still grant consumers the right to demand clarity around any data stored and restrict usage without losing access to digital content and services.
The ePrivacy Directive 2019, which is set to replace the original ePrivacy Directive of 2002, is also just around the corner. Elsewhere, Brazil’s General Data Protection Law (LGPD), Indonesia’s Initial Draft Law, and Hong Kong’s Personal Data (Privacy) Ordinance are all designed to support the efforts of the GDPR.
If the GDPR has set the stage for best practices, then we need to use the remainder of 2019 to consider how to prepare for compliance on a global level.
Bridging the privacy gap
As the breaches, penalties and subsequent global efforts demonstrate, adopting a ‘wait-and-watch’ attitude is no longer an option. So what actions can organizations take to be data compliant today and ensure data success tomorrow?
Take your time
If the GDPR has shown us anything, it is that the compliance does not happen overnight. Don’t rush to follow your competitors. Instead, do the research and establish your own goals. This will help you find an individual approach to data compliance that still meets regulatory requirements.
Embrace the change
While it is true that current and impending regulations will have an impact on the day-to-day running of any organization that handles customer data, their entire purpose has been to turn data collection practices on their head. So, rather than only thinking about the implications of data breaches, take a step back.
Put yourself in the mindset of the consumer and you will find that you can build customer engagement levels and still be compliant.
Consider how can you make each exchange with the customers, a mutual value exchange, where there is something in it for your brand and your customer. We hear it time and time again, but customers who feel they have been consulted about the way in which their data is handled are far more responsive – and willing to share.
Differentiate your brand
Take this ‘mindset’ one step further and use privacy laws as a means of differentiating yourself from the next-best brand. Apple’s recent iPhone ads are a great example of getting the privacy message out there loud and clear and drawing in customers with humorous, and therefore engaging, messaging – while its counterparts continue to face large fines.
And it hasn’t stopped there; the tech giant also claims to have developed a privacy-by-design chip for its latest devices. It won’t be long before other brands follow suit, so now is a critical time to stand out as a pioneer of the privacy-first user experience. Consider how you can start to treat privacy as a fundamental part of your customer’s experience and use this new approach to build trust and transparency with your customers.
If you have hit the crossroads of data compliance, don’t be tempted to take the wait-and-watch path. Embracing the changes and ramping up the user experience now will prepare you for any and all legislation that comes into effect over the coming years, and help you become a champion of consumer privacy.
Recognize that privacy and consent are parts of customer experience
Organizations have taken either a legal or a marketing view of privacy compliance. For the lawyers, it’s been about risk-mitigation, about how to avoid fines and penalties. For marketers, it’s been about how to maintain business-as-usual and maximize marketing databases.
But for the smartest enterprises, its been about shifting focus to the consumer. Those organizations that shift to focus from database growth and checkbox compliance to customer satisfaction and building relationships will capture the spirit for these regulations easily and position themselves more strongly in their consumers’ minds.