Privacy has evolved beyond regulatory compliance and moved into a world of integrated data governance — a shift that requires increased cross-functional collaboration, leadership buy-in, and maturation of privacy processes across all stages of the data lifecycle. Expanded privacy programs see other benefits such as a decrease in security incidents and providing a faster time to deliver new products and services that use personal information.
Maintaining good data privacy and governance practices is now mission critical for fostering trust with customers and unlocking the value of data across your organization. But the regulatory landscape is becoming an increasingly complex space to navigate, and data sprawl is a very real problem that organizations are seeking to solve, meaning organizations must go beyond privacy compliance and embrace a data-centric approach to privacy automation.
Enza Iannopollo, Principal Analyst at Forrester recently joined OneTrust CEO, Kabir Barday, as a guest speaker for a webinar to discuss what the future of privacy looks like and how organizations can work more efficiently to solve these challenges. Iannopollo sat down with OneTrust after the event to discuss this topic in more detail. See what was discussed below.
The evolution of privacy programs
The make-up of a privacy program is not what it once was. Drastically changed by an influx of regulation and consumer awareness, organizations are having to adapt their privacy program focuses while new challenges reach beyond compliance.
“Privacy programs are evolving. They are generally becoming more aligned with business objectives. When it comes to strategic priorities, for example, companies are leveraging their privacy programs to increase business efficiency and better support business decisions.” Iannopollo stated on the webinar. “Increasing trust with customers and employees has also become a critical goal for most privacy programs, as many companies learn about the direct impact that managing personal data has on customers’ buying decisions, loyalty, advocacy, and engagement.”
According to Forrester’s 2022 Trust Survey, more than 60% of consumers across the US, Singapore, and Italy are likely to try new products and/or services from companies they trust. Privacy programs no longer serve the sole purpose of compliance — they are evolving into strategic areas of the organization that have an increasing impact on business outcomes.
The effect of privacy and governance on trust initiatives
Without effective governance, privacy programs will fail to meet the expectations of regulators and individuals. And, without fundamental privacy compliance, governance processes cannot manage organizational data in a meaningful way. But together effective governance and privacy compliance processes work harmoniously to help organizations achieve their trust objectives.
“The collaboration between privacy and governance delivers a range of benefits to companies. One of the most critical benefits is the ability to meet compliance with privacy requirements. In fact, if you consider the fines and the enforcement actions that have been issued so far for non-compliance with the EU General Data Protection Regulation (GDPR), it is easy to notice that most of them refer to poor data management.” Iannopollo said on the webinar.
“As an example, think about compliance with key privacy principles, such as data minimization and purpose limitation. Only organizations that have identified specific data needs for their data-driven initiatives and those that do a good job designing and managing data access policies and policies for data use can meaningfully comply with these privacy principles. Trust is immediately linked to these outcomes, too.”
Forrester’s Trust Imperative Research shows that accountability, integrity, transparency, and dependability are among the top trust levers that shape how individuals trust brands. When it comes to the ability of an organization to deliver on these trust levers in the context of their data-driven initiatives, only a strong collaboration between privacy and governance can enable them to meet their goals.
The trust benefits of first-party data collection
There is a fundamental shift happening that is having a significant effect on how organizations can collect personal data. The depreciation of third-party cookies means that organizations are having to rely on first-party data collection methods in order to provide tailored and personalized experiences to the consumer. But this first-party approach has its challenges, particularly in respect to transparency and obtaining valid consent.
“A robust customer consent management strategy is a critical step for every organization that wants to improve their approach to first-party data. The idea is simple: ask customers for the data you need, tell them how you plan to use it and for how long you need it, and give them clear options that keep customers in control, even after they have shared their personal information. It can feel like a tectonic shift, especially for those companies that have assumed for a long time that they have a right to their customer data by default.” Iannopollo said on the webinar. “This is not the case, and it is time to embrace fairer and more transparent data collection practices. I have seen many success stories. Typical outcomes of successful customer consent management strategies not only include an increased availability of first-party data, but also a narrower dependency on poor quality third-party data, reduction of risk, and greater ability to put data to better use, given the more granular customer permission.”
The role of first party data plays in respect to customer experiences has made transparency and trust table stakes for organizations that want to compete and cut through the noise in today’s digital marketplace. First-party data is the most privacy-centric, trust-oriented consumer data source because it represents a value exchange between a business and a user and therefore is critical that organizations are on the front foot when it comes to first-party data strategies.
Managing minimization and retention of first party data
First party data collection requires a much closer transaction between the consumer and the organization. Therefore, it is imperative for maintaining consumer trust that, once collected, personal data is treated appropriately with robust policies in place to ensure that it is held for no longer than required and only the necessary information is collected in the first place.
“Think about data minimization and data retention principles as the ability of an organization to ‘keep its promises’. This ability is tightly connected with companies’ trustworthiness. In fact, the belief that ‘someone will keep their promises’ is a basic way to describe the feeling of trust. First-party data collection is an agreement between two parties.” Iannopollo continued in her presentation, “When a company asks customers for their data, the company must tell the customer which data it wants, for how long it needs it, and how it plans to use it. The customer’s expectation is that the company will keep these promises. Only through robust processes that help companies define data needs and strong policies that govern how data is accessed, used, and disposed of, a company can keep the promises it made to customers and earn and safeguard their trust.”
What can you be doing right now to become more trusted?
Trust is becoming one of the most critical business drivers for organizations and it is won and lost in a variety of ways — all of which are in the hands of organizations. Taking a strategic approach to trust through privacy and governance is increasingly important within the context of a global, digital economy.
“Trust is key to business profitability, its ability to retain talents, and build strong partner ecosystems. But too often companies fail to act on it. Most companies do not even know how to influence the way customers, employees, and partners trust them. Companies must develop a more strategic approach to trust. Firstly, they must start from understanding which specific levers of trust are the most important for their customers, employees, and partners,” Iannopollo stated on the webinar.
“Forrester’s trust imperative research shows it clearly: not every company should shape trust in the same way. Depending on business type, the primary levers that govern trust vary. Every company must identify their critical levers of trust. Secondly, companies must measure trust. But let’s be clear: Mere reliance on self-assessments will not cut it. In fact, companies that rely only on their perception or self-assessments to measure trust typically end up with values that are way more generous than reality. Instead, companies must collect feedback from their ecosystem to really understand their trust opportunity. Thirdly, companies must build the infrastructure of processes, technologies, and skills they need to execute on their trust opportunity and optimize their actions to deliver against their key levers of trust.”
Organizations must quickly understand what trust means for their business and to their customers. Actively monitoring your trust initiatives and deploying the talent and technology to enhance the ways that you build trust can be a setting for success.
Watch the webinar with OneTrust CEO Kabir Barday, featuring Enza, for more on the interplay between privacy and trust.