Data Privacy and Compliance for Marketers: A Complete Guide
Marketing thrives on information. Information about the product, competitive intelligence, and (probably most profitably) customer data. Detailed insights into the customer landscape bring huge benefits in terms of demographics and buying behavior.
Until recently, there was relative freedom to use this information, as long as certain minimum requirements were met. However, with the onset of a more restrictive statutory framework, marketers have had to wise up to a new way of getting products and services known.
This new climate has been challenging and will likely get more challenging still with the advent of a cookieless world. But the thing about a challenge is that it serves to focus the mind. From it have emerged new methods and processes. We’ll look at those in due course. But we’ll start with a nice basic question.
What is Data Privacy?
If data is the currency of the internet, data privacy is what stops that currency from being stolen. Data is something we now use to get access to certain things customized for our digital experience. But, without some form of privacy, our personal information can be exploited by just anyone, especially hackers who could use it against us.
Data privacy is one of those areas everybody agrees is important. However, the lengths to which different organizations and individuals go in order to adhere to the principles of data privacy and compliance can vary widely. Some go all-out. Others stick with the basics, like using electronic signatures or only gathering the bare minimum amount of data.
But in relatively recent years, many countries have introduced a statutory framework with the intention of imposing standards on how data is kept. An example of this is the California bill of sale.
That’s right - with a framework in place, it’s easier to ensure you’re following the guidelines rather than coming up with everything from scratch!
So, in countries like the US and the UK, any information that is held on an individual by an organization has to be kept in a prescribed manner.
This extends to the collection, retention, and processing of data. It asks the data capturing entity to be sure that they do actually need the data for the expressed purpose, and it requires that the data be securely destroyed when no longer needed.
Too often in the past, companies have been proven to be somewhat cavalier with their customers’ data. With these new rulings, they can’t afford to be any more.
Why is Data Privacy Important to Marketers?
Without data privacy, the digital world would be a marketing wonderland.
Before the internet, the golden eggs of consumer details and desires were historically a little tricky to pop into a marketer’s basket. It was often necessary to commit to expensive (and not always reliable) outreach in order to find out who customers were and what they wanted.
And, with the introduction of the internet, it would be much easier to gather intimate data on prospects, were it not for the provisions of data privacy that were put in place to protect consumers’ details.
However, it’s not just important to consumers. Let’s look at some of the factors that make data privacy important to marketers.
It stores confidential company and customer information
Once a company has gathered information on a customer, the conditions in which it’s stored are hugely significant. There has to be attention given to protecting it from outside access, as well as unauthorized access from inside entities. So, encryption and firewalling are the order of the day in data privacy and compliance.
The significance of all this to marketers is that all access has to be authorized by the person with ultimate responsibility for that organization’s compliance with the country’s data protection laws.
At least, this is the case in the UK and EU in their GDPR laws. These laws, called the General Data Protection Regulation, govern the uses to which data can be put. The significance of GDPR for marketers, therefore, is colossal. Other countries will have their own equivalents.
In the UK, EU, and certain parts of the US, there is in place the ‘accountability principle’. This means that organizations are trusted to look after data in the way that is most suited to their nature. But they have to be able to show due diligence when asked.
It increases customer satisfaction
Although it’s often cited that customers are willing to sacrifice a certain level of anonymity in order to benefit from the personalized service they crave, 86% of US consumers say data privacy is a growing concern, and a full 40% don’t trust companies to use their data ethically.
Consequently, having a clear data privacy provision written into the UX will result in higher levels of customer satisfaction with your company.
It enables companies to advertise brands efficiently
We’ll touch on this in more detail below, but for now, let’s just consider this. A poster depicting a new range of vegan shoes will attract some interest if put up in a shopping mall. It may get some more interest if emailed to those who have bought from the company before.
However, in terms of advertising efficiency, it will score highest when sent to people who have consented to transfer their data for marketing purposes and have indicated a preference for vegan footwear. This is where data privacy meets marketing opportunities, and it’s a very exciting area.
It builds trust with your clients
Data privacy isn’t just a pie-in-the-sky ethical consideration. It has a tangible impact on commerce too. If customers are more confident in the manner in which their details are procured and protected, they’ll feel happier to hand them over in the first place. That means you get all that tasty, tasty data, and your customers trust you and keep coming back.
Done right, data privacy can have a huge positive impact on customer trust. Look at Apple’s iOS 15 privacy update in 2021, for instance, which was a very popular development among its users.
It protects the company’s information from fraud activities
The online fraudster is the hooded claw that keeps data professionals awake at night. The fact is, that although security is better than ever, fraud is on the rise.
Fraud costs not just in terms of the money stolen at the time, but also in terms of damage to a company’s reputation and possible fines levied. By investing in data protection, a company can work to frustrate fraudsters, at the same time as boosting their profile as a safe pair of hands for people to deposit their data in. In this way, security and marketing can work in tandem.
How Do Marketers Comply with Data Privacy?
One of the key factors cybersecurity professionals are keen to drum into a business is that data privacy and compliance are everybody's responsibility. From the data entry clerk to the CEO, everybody has their part to play in ensuring that data is kept safe.
Marketers are no exception. There are many ways that their activities are shaped to comply with data privacy requirements. Here are some of them.
They collect marketing consent
When a customer is approached for marketing permission, marketers generate the wording in the first place. There will be an element of review from those responsible for data protection compliance, but marketing staff will put together the initial construction .
This is because they know better than anyone else exactly what data will be required and, crucially, the purposes to which this data will be put. You should spell it out carefully If email addresses are required for regular mail outs on specific product areas.
There has to be no ambiguity in this. If a customer can show that their confusion over what they signed up for stems from the permission request’s wording, then the business will be in trouble with the data protection authorities.
As previously indicated, marketing consent can be an absolute boon to marketers, and not just in the obvious way. Sure, it means that a customer is counting themselves as interested in hearing more from the company, which is great.
The necessity to acquire consent delivers into your hands the pretext for communication concerning what the customer wants from you. You can give them a list of options that narrows down exactly how the customer wants to see the further relationship.
It’s often a good idea to use a pop-up on the website to make the compliance collection process clearly visible. Then consumers will be clear on what’s available. Here’s a good example from the RSPB:
Users don’t want SMS communication? Fine. It means you’re not wasting your time and resources sending them to an unresponsive number. They’d like to hear from you by email? Great. That’s how it’ll be from now on.
This leads to a great user experience. The customer’s happy because they’re directing their relationship with the company, and the marketer’s happy because the way forward is clear.
They verify and clean email lists
Email’s an enormous boon to a marketer. There are now more than 4 billion email users worldwide, representing incredible potential.
When a marketing professional is given an email list to work with, one of the first things they should think about is just how productive the list will be. A major problem with email lists is the speed with which they become obsolete. People change email addresses all the time, after all.
Consequently, in order for email lists to retain their potency, marketers must perform regular sweeps for addresses that are no longer current. It’s not just a priority from a purely marketing perspective. Most data protection regulations make it clear that this is a key requirement: storing obsolete data is not demonstrating a careful approach to the duty of data protection.
They use data relationship management (DRM) programs
One of the potential difficulties faced by businesses is the disparity of data coming in from a wealth of different sources. Marketers can fall prey to this phenomenon when gathering data across multiple touchpoints including email, social media, telephone, and a host of other avenues.
This is where a tech assist from DRM programs can be invaluable. DRM provides a way of keeping on top of the multitude of data inputs and structuring them in a meaningful way. It has a huge significance for data privacy. An organization that’s overwhelmed by its data inputs is not in total charge of its data privacy. DRM can help to rectify this.
They develop ethical awareness
One of the key benefits of the data privacy culture is the prominence it gives to the individual’s rights over the purposes to which their data can be put. This has encouraged ethical thinking on the part of everyone involved.
When marketing is re-framed as a collaborative exercise between the company and the consumer, it becomes less predatory and more of a reciprocal process in which both parties get what they explicitly signed up for.
This kind of approach can lead to an abandonment of the all-out profit motive, to be replaced by a wish to see the company do some good while it conducts business. While it’d be nice to think of this as purely altruistic, it’ll also help profit - the younger generations are much more likely to purchase from ethical companies.
They control customer data visibility
Data visibility is, in general, held to be a good thing. Maximal data visibility enables decisions to be made with ready access to pertinent information, wherever the decision-maker happens to be in the organization.
However, in the world of data privacy and compliance, it’s very important that data visibility is in accordance with the consent that has been given. It also has to be visible only to those who have a legitimate need to see it. If there’s a violation, data visibility will be scrutinized to see who had access to the data and why.
Marketers need to be sure that if marketing data is visible to another party, there is a clear and present requirement for this in place. An identity management tool is a key to ensuring only authorized users can access it. In addition, marketing staff need to return to this area periodically, as requirements for other staff to access the data will change over time.
What are the Risks of Data Privacy?
A host of dangers that can afflict a company in the world of data privacy. Even the strictest data privacy adherents will face these threats from time to time. Consequently, it’s wise to learn about such hazards ahead of time, so your business is in a good condition to respond as and when the attacks occur.
When an email comes in that looks legitimate but actually contains a malicious link or attachment, you’ve got yourself a prime piece of phish.
The rate at which phishing is growing as a threat to commerce and individuals is remarkable.
It’s now a remarkably common method of attack, so it pays for marketers to be on top of the problem. What can they do? Marketers can liaise with IT professionals to install security tools that are capable of recognizing email phishing attacks and flagging them up as such.
And once installed, remember to update them regularly. Nothing invites abuse like an out-of-date security program.
We’ve all heard of memory sticks and laptops left on the bus containing staggering levels of confidential information. Let’s face it - we’re all capable of mistakes. And we’ve probably all left property in a public place before. This, however, is of an altogether different scale. The importance of that memory stick is astronomical.
That single USB stick could contain an entire database of financial information.
The difficulty is not limited to physical objects. The potential for sharing information via electronic means is greater than ever before, which naturally means that the potential for mis-sharing information is greater too. With the click of a mouse, you can share a myriad of confidential records with all manner of parties.
So, what to do? Firstly, review all processes that involve data sharing. Can they be streamlined? Then, look at those positions that are required to share data. Can their exposure to risk be mitigated? Is it a matter of better training? Or a change in the process? Do you have a good data governance tool in place?
Marketers are part of this, as they have to share data from time to time, usually among themselves. By adhering to strict protocols, they can be part of the solution, not the problem.
The rise of ransomware attacks is of particular concern to organizations with mission-critical data, such as healthcare providers. Marketing operations can be ruinously compromised too, such is their dependence upon consumer data for the success of their efforts.
What are ransomware attacks? The concept is a simple one: the attacker invades a company’s system and encrypts the data therein so that the owner can’t access it, until a ransom is paid.
It’s of vital importance that marketing departments are vigilant in their outlook. Quite often, ransomware can infect via a phishing email, so the tools outlined above are helpful here.
There should also be a strict protocol regarding who can install and upgrade software. That way, even if someone does fall for it, they can’t inflict the ransomware on the whole system! Finally, there should be a backup process in place, so that there’s a reliable data safety net available should the worst happen.
Unfortunately, a company’s weakest point might be a staff member. Should they be at all susceptible to bribes from an outside party, there will be a problem ensuring data privacy.
The access that marketers have to consumer data makes them prime candidates for bribery schemes, and while most employees will demonstrate company loyalty, there will always be those who are more morally questionable.
Ways to tackle this include good selection techniques so that your company benefits from the right kind of employee in the first place. On top of this, measures to enhance loyalty will not go amiss. Perks and privilege go a long way.
But not all the way. So make it a priority to review data access in order to be sure that it’s only trusted employees who get their hands on the valuable stuff. Admittedly, it’s not always easy to be sure of who the trusted employees are, but you can tighten things up so that only those of a certain pay grade can access certain files, for instance.
What is the Penalty for a Data Privacy Act Violation?
A great deal of the commercial sector (and governmental sector, come to that) has been guilty of not being appropriately conscientious with the collection, processing, and storage of customer data. However, with the changes in the statutory environment that have taken place, stiff penalties can now be applied.
What kind of penalties? Well, it depends on where you are. There’s no one single data privacy body in the US for instance. A lot of states have their own provisions in place.
No matter which data privacy law you transgress, there will be a penalty to pay. All the authorities involved will press strict fines and even imprisonment in response to data protection violations.
For instance, fines of up to $100,000 per offense are commonly dealt out as a provision of US GLBA legislation. In the EU, GDPR transgressions can attract fines of up to 20 million euros or up to 4% of the previous year’s worldwide turnover, whichever is higher. So, the importance of such regulations as GDPR for marketers is eye-wateringly huge.
These fines might be even larger if you work with protected data, for instance, in healthcare, so investing in HIPAA-compliant tools is a must.
Monetary costs are only the beginning of it, however, The hit to a company’s profile and the lost business that stems from this is hard to calculate.
Factor in the potential for imprisonment too and you have what you might call a solid deterrent in place, no matter what developments the future may hold.
So, why is data privacy important? Because of what it represents, both in terms of restrictions and opportunities.
Data privacy requirements may look at first sight to be an encumbrance to the marketer. However, the discipline it creates in an organization and the need to review processes can deliver improvements across the company, not least in marketing.
Moreover, the potential it opens up for a productive dialog between consumer and company should give most marketers a little burst of excitement and immediately have them thinking of new, creative ways to act.