The aim of Privacy Day 2018 is to inform people of the importance of taking care of their personal data and how they can protect it. This is incredibly important, an enabling opportunity to establish the right relationship with the Customer, Colleague, Company, and Community.
A key aspect to any lasting relationship is trust. Trust the other party - be it a friend, partner, or a company - as you want to have confidence that they have your best interests at heart, they will not take advantage of the situation, and are working with you to achieve the same goal. From this, value grows, loyalty blossoms, and a lasting trusted relationship is built.
How does this translate to Data Privacy?
For the customer, they trust their personal data is provided with a clear understanding of what it is being used for and with the confidence it is going to be used for these stated purposes. They expect that these purposes will benefit them and that their personal data is protected from internal and external threats, misuse, and loss. Plus, if anything changes they will be informed and asked to consent to the change.
Sounds fair? Hopefully so, as this strikes me as a reasonable expectation and very achievable.
With a more marketing focus, if the purposes of providing their personal data is automated decisioning, dynamic pricing, or analytical profiling, and the customer has signed up to these then great. They see the value in the offers made to them, comfortable these are relevant and timely based on who they are, their current context, and driven by insight into what interests them.
Using the right data at the right time to make the right offer. A positive experience driving our People Based Marketing.
On the flipside, if they have not consented then is it right to ignore and continue? Obviously not, but it happens. It is much better to respect these wishes and to focus on delivering the offers to those who see value from the interaction.
Greater transparency in how data is being used to drive offers helps avoid the negative experience, the creepy ‘how do they know that?’ feeling, or the poor performing campaign that has much lower conversion than forecasted. Remove those customers who are no longer customers and focus instead on engaging those who see the value in continuing the relationship.
A perfect time to ‘right size’ the marketable base.
This is very enabling to the marketer and analyst, they have clarity regarding what can and cannot be done with the data, and have a more manageable and active base to work from.
If there is a desire for more data-driven innovation (collect everything, then try to figure out what is useful), the data can be anonymised (cannot be traced back to the individual person), or even better, pseudonymised (can be traced back to the individual).
A good discipline to enshroud is to question what the value is of capturing this data before investing into ingesting, processing, storing, and security. The ‘so what’ justification is required to help ensure data minimisation is being enforced. There are many legitimate reasons ranging from gaining insight to better understand the customer, servicing customer requests, prevent fraud, or support legal obligations by holding data for a set period.
For IT, they can put into practice the housekeeping they always wanted to enforce, reducing operational costs (30 days of backups rather than months) resulting in improved infrastructure performance. This in turn enhances the customer experience, be it the end customer or internal user.
Taking this further, simplifying the IT estate will allow focus to switch to building the enabling assets, which raises the ceiling of what is possible. This could be the essential holistic view of the customer, a solid foundation of data governance, or the more pioneering always on marketing service; a golden opportunity to raise the roof on what is possible in terms or data, insight, and action.
It should come as no surprise that the IT preference will always be to focus on the cool innovation, rather than spend time and effort perpetually fixing legacy issues and compensating for bad practice. Sending live customer data via email or copying into a development environment is just wrong. Stop!
To help with what is acceptable, recent Data Privacy regulation, notably the impending GDPR (General Data Protection Regulation, May 25th, 2018 – yes, this soon) raises the floor for many companies (or organisations). It sets out a minimal set of regulatory obligations, standards, and good practice. This helps clarify what is acceptable and with the pretty hefty potential fines, it provides the impetus for most organisations to make the investment, and change to a better way of protecting data, ensuring it is appropriately collected, processed, stored, and used.
As an example, delivery of the extended rights as articulated in GDPR shows what is expected, however, looking a bit further, additional value beyond privacy and GDPR compliance (just in case you needed even more justification) can be easily discerned to justify investing in Data Privacy.
To summarise, GDPR is an opportunity to establish the solid information infrastructure needed for your organisation. You have:
- Defined the data
- Know where it is
- Built or enhanced the means to improve its quality
- Have the means to transfer (enhance internal data integration)
- Reduce the data estate (ILM – archiving, retention, etc)
- Deliver the right data in the right way to enable and empower analytics and marketing operations
- Ensure security is at the level to protect against internal and external threats
- Establish data governance with a purpose and the teeth to enforce
Beyond the individual customer, colleague and company, the benefits to the community (big society or marketing industry) are more profound. It sets out our culture, and how we view and interact with one another. We, as a society, are leading ever more interactive lives online so it is important for each of us as individuals to feel our best interests are being considered, our rights honoured, and the relationships we have are fair and valued.
Greater awareness of Data Privacy and supporting regulation will not only help protect us, it will also lead to greater trust and maybe even true data democratisation, where customers willingly choose to share their personal data while gaining value. An open and fulfilling relationship.
Head of Data Practice at Merkle|Comet
James has been a chief data architect at Vodafone, T-Mobile UK (precursor to EE) and more recently with Barclays. Prior to that he gained a good grounding in delivery, with experience at consultancies who, specialised in Business Intelligence, CRM and Decisioning, Information management and governance where he undertook a diverse set of roles ranging from business analysis, project manager, design and development, tester and release manager at varying levels of seniority, working on projects across the globe in multiple industries including Financial Services, Telecommmunications, Utilities, Retail and Public Sector. During his working experience of 17 years, a constant thread has been evident, a focus on Data, big or small, starting with how it is collected, its management, how it is understood and made available, assuring it is fit for purpose and made secure, what can and can’t (or shouldn’t) be done with it, ensuring it drives value for our clients and their customers. It is this focus on the Data space that James brings to Merkle|Comet and will bring to this blog, aiming to share insight and spark debate in current and future trends, innovation of data products, services and practices, how-to guides with lessons learnt, tips and tricks to gain and then maintain stakeholder buy-in through successful delivery of what is of value and is sustainable.