Data privacy was a hot topic in 2018, from Cambridge Analytica and Mark Zuckerberg’s subsequent senate hearing to Amazon’s Black Friday mishap, where they inadvertently disclosed many of their owns users’ names and email addresses.

In 2018 there were 300 recorded data breaches in Australia alone, spanning across the finance, travel, healthcare and education verticals. Google Trends also reveals that “how to opt out of my health record” was the number one search term of the year.

Clearly, consumers are concerned about their personal data and how it’s being collected, used and misused – not just by brands but by the government too.

Data plays a pivotal role in everything we do as consumers. With so much of it out there, it has never been more important for brands to take data protection seriously and enforce compliance – especially when consumer trust so strongly relies upon it.

While there’s no single “best” way that a brand should approach data privacy, there are three elements that successful implementations tend to have in common:

Starting with a mindset shift

The mindset of data protection being a technical undertaking is outdated. If your organisation has no privacy policy and manages data on a sporadic basis, it’s time to re-assess your data protection framework to ensure compliance with all the new data laws.

Organisations need to enforce internally that everyone has a part to play in protecting data integrity. This starts by prioritising and implementing tailored data protection directives to ensure compliancy.

In practice, this means correcting or replacing unsafe procedures and educating employees at all levels on how their day-to-day encounters with data should be handled.

Investing in resources and infrastructure

Optimal data protection can only be achieved through adequate investment in resources and infrastructure. For large organisations, this means having a dedicated team to instil data governance.

The tech boom has created unparalleled hiring demand for emerging skill-sets, none more so than ones like “Data Protection Officer”. Data protection roles were unheard of in the past, but with the continuous emergence of new data technologies (and laws to go along with them) it’s paramount that organisations rethink their corporate structure to include these roles.

Rising Demand for Data Protection Officers

Data is power in the 21st Century. And as the saying goes, power is nothing without control. If anything, power without control is dangerous.

To mitigate risk, organisations can’t afford not to invest in data management platforms and security stacks designed to safeguard their data. At the very least, their security stack should provide data encryption, data storage, classification management and archiving.

Transparency and audience-centricity

“We have a Terms of Service Agreement on our website. Job done. Surely customers know what we do with their data, it’s all in there!”

Consumers’ attention spans are getting shorter, and more often than not, the “I agree” box proves to be nothing more than something to be closed as quickly as possible so we can confirm our order for that new iPhone or fresh pair of Yeezys.

25 pages of jargon… which somehow we manage to all read under 1 second…

The GDPR, Recital 30 states that individuals should know “[what] personal data concerning them [is] collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed”. Likewise, businesses with websites in the EU are required to not only have a privacy policy in place, but also state how their website uses its customer’s data.

Does your website send information to 3rd party data providers? If so, the names of these partners have to be clearly presented in the privacy policy, and failure to do so can result in hefty fines. As such, transparency and audience centricity should be the guiding elements when crafting your privacy policies.

In summary

Privacy protection laws may still be in their infancy, but they already pose significant challenges for businesses that lean towards the “freestyle” method of handling data. One thing is for sure: as consumers become more data-savvy, the market will favour brands that respect and protect their users’ data.

Whether you’re at the start or several years into your data privacy journey, now is the time to review or shift your organisation’s mindset, make investments in infrastructure and demonstrate transparency to the very customers who want to put their trust in you.

 

References

https://finance.nine.com.au/2018/07/31/07/59/australians-hit-by-300-data-breaches-in-2018-impacting-millions

https://www.reuters.com/article/us-cyber-gdpr-dpo/rise-of-the-data-protection-officer-the-hottest-tech-ticket-in-town-idUSKCN1FY1MY

https://www.gdprandbeyond.com/blog-post/data-security/gdpr-technology-stack/

https://www.reuters.com/article/us-cyber-gdpr-dpo/rise-of-the-data-protection-officer-the-hottest-tech-ticket-in-town-idUSKCN1FY1MY

https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/11/creepy-or-cool.pdf

Shares
Leslie See

Leslie See is a Digital Performance Specialist at iProspect Melbourne. A graduate of the Google Squared Online and alumnus of iProspect APAC & Singapore, Leslie is passionate about empowering brands and helping them navigate the metamorphic digital landscape.