The initial shock of “you want me to do what!?!” regarding data protection and privacy appears to be wearing off and we are entering the “reluctantly getting things done” stage. The primary motivation at these early stages is legal compliance. Stated simply: we don’t want to be fined.
Yet as we unpack this and start to more closely examine these policies and procedures that are legal requirements, we notice they are also best practices for how to treat a customer or prospect. In our rush to explore and optimize digital marketing, we forgot the first rule of marketing: Take care of the customer.
Fact is during the last 20 years we have collectively mis-behaved regarding our customer’s data. I am certain many of the brilliant minds in human psychology could explain why, but the reality of today is we have to be regulated into treating our customer’s data and privacy professionally. How bizarre.
An Early Precedent
The companies who changed their email practices in 2014 due to the new Canadian Anti Spam Legislation (CASL) which is now being referred to as “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act ” for short, have begun to notice more frequency and an improved quality of engagement with their audience. One might go so far as to say there is a re-building of trust going on, within the first 5 years of the changing of poor practices as it applies to email marketing.
So what do we think may happen in the wake of the General Data Protection Regulation (GDPR) in the EU? As EU data subjects (yes, that’s what they are called) start to see companies and brands respect their privacy and work hard to secure their data from bad actors and harm, do you think their buying habits will change? Do you think brand reputation will directly affect sales? If so, how long will this process take?
With email in Canada, it was relatively quick when you consider brand cycles. Demonstrating respect for your customer and prospect’s data and privacy rights while striving for legal compliance should perhaps be considered a long term investment in the customer relationship rather than a legal necessity. After all, we believe our Personal Information Protection and Electronic Documents Act (PIPEDA) will look an awful lot like GDPR within the next 2 years.
The New Reality
If that’s not enough to convince the boss to address this important area of business management, consider a trend we are just now starting to notice: Large bids and RFPs are being threatened by poor data protection and privacy practices. We have had several clients ask us to help them through the audit stage of 3rd party contractors, vendors, etc. And the audit questions are lengthy and detailed. What’s on the line is the value of the contracts.
A construction renovation firm was bidding on a major renovation of a building and the insurance company involved wanted to know what their policies and procedures were regarding any data they encountered during the renovation. Examining the document we determined the GDPR was the driving force, but the mid-term impact on 3rd party providers of any service is staggering. In this case a $10 million dollar contract was approved or not approved based on the results of that data protection and privacy audit.
Data breaches are an everyday occurrence and for the most part we have merely paid lip service to the security of that data. During the past 10 years most countries have passed laws regarding the handling of data breaches and are clearly placing the responsibility of protecting the data on the company that has been entrusted with that data. While their own policies and procedures regarding data security have improved, they must also be responsible for all 3rd party organization in their world. Any vendor with any kind of access to data must now be vetted. The large credit card data breach by Target stores a few years ago was caused by their HVAC supplier leaving a gateway into their data wide open. Now that there are monetary penalties for not securing individual’s data, organizations are dotting the “i”s and crossing the “t’s. Canadian banks have been doing this for years as they take the security of their customer’s data very seriously.
The most difficult part of changing your policies and procedures is accepting that change is inevitable. For many of our clients, once they accept it, we can move quickly through a proven process that puts new privacy and security policies and procedures in place and allow them to answer these audits and get on with their business. As an added bonus, they become compliant with the laws globally.
Bottom line: good data protection and privacy practices are good for business.