30-second summary:
- Click Z spoke with Max Kirby, Publicis Sapient’s Director of Digital Identity & Cloud Solutions, to discuss how technology and transparency can help address the issues companies face around data privacy implementation.
- Kirby outlined some of the biggest challenges that companies face regarding data privacy compliance including what organizations must consider when implementing a data privacy policy.
- Key things that companies must do when implementing a data privacy policy include: understand the principles of privacy law, combine datasets against a single identity, keep your tech flexible, create a data use case, use a data “explainer” video, and build transparency into your privacy model.
- Publicis Sapient works with businesses to help them keep pace with internet technology and leverage all aspects of digital transformation from data to AI to CX and, of course, privacy.
Over the past few years, regulatory regimes and the rise in the need to provide clarity on user data has forced organisations to comply with specific and often onerous data privacy requirements.
While data requirements and standards can often seem burdensome, the implementation of data privacy policies can be smooth, says Max Kirby, Publicis Sapient’s Director of Digital Identity & Cloud Solutions.
“Technology is properly understood as the enabler,” he says. “If you think about data through the lens of information, it becomes easier to figure out what technology you need to meet data privacy requirements.”
For Kirby, the right technology can allow an organisation to connect their data privacy policy to the value they provide the customer and bring transparency to the fore – a key element in engaging with any digital native, he says.
But transitioning from treating a customer as an object to a subject is an onerous task for companies. That exercise itself requires identifying customers as individuals by collecting a large amount of data. This is the only way that the customer journey can be personalized, yet this places an emphasis on the need to keep data secure and maintain customer privacy.
“The amount of data that you have is proportional to your potential privacy liability,” explains Kirby. “Companies that have a lot of customer data currently in use have more pain points versus those that don’t.”
To address consumers’ concerns over privacy, big platforms tend to use words like “trust” and “safety” which can backfire. Once you mention the term “privacy,” people start worrying about the security of their data. Privacy implies “big tech” is watching and that data is vulnerable.
The answer to this dilemma is transparency which fosters trust. If consumers understand exactly what an organization is doing with their data, there’s strong indication that they’ll trust that organization more – and more likely share their data.
Companies build that trust by creating comprehensive data privacy policies that incorporate a mix of technology and transparency, and brings multiple teams together. Finding the right mix people who have expertise in privacy law, marketing and technology is key—but it’s also a big challenge.
Kirby defines this as a problem of “digital hybridity.”
“Most companies don’t have people with the skillset to address everything that must be factored into data privacy policies as single individuals. The people in marketing don’t have technical backgrounds. The people in technology don’t have policy background. The policy people don’t have marketing backgrounds,” says Kirby.
There is no simple answer to solving the data privacy problem for companies, but here are some best practices that Kirby uses when he works with clients at Publicis Sapient:
Solving the data privacy problem
To address the issue of hybridity (or lack thereof), companies need to create a privacy team that includes the CMO, CTO, and CIO along with a Chief Privacy Officer (or someone with a law degree) who understands privacy laws.
Privacy teams should be comprised of leaders with hybrid skills as well as team members who represent each specific focus of expertise, whether that’s marketing or data collection or privacy law.
Here is a checklist of things that companies should consider when implementing an effective data privacy policy:
Understand the principles of data privacy law
An understanding of privacy law (eg, the GDPR and elsewhere) is key to developing a data privacy policy that works.
“The law is a moving target,” says Kirby. “Regardless of the specific manifestation of privacy law or how you handle opt in or opt out, what you’re talking about is the principle of informed consent. The “informed” is key. If you can orient your business towards that, you’ll be more future proof.”
Combine datasets against a single identity
Kirby stressed the importance of de-siloing data when it comes to data privacy and compliance. Companies need to combine their data into one place. This ensures, for example, that if you get an opt-out, you can populate that throughout your organization.
“The law doesn’t care whether or not you have two different databases or systems,” says Kirby.
Keep your technology flexible
Utilizing flexible technology ensures that you can easily adapt your systems and infrastructure, changing as the laws change. Again, keep in mind that because the law may change frequently as it forms, it’s important to base your privacy approach on the foundation that the law rests on itself.
Create a data use case first
If data sits in a database without being used, it will quickly become out of date.
“You have to use data in order to clean it,” explains Kirby. “A data hygiene effort is not complete without a use case that outlines what you’re going to use the data for. That’s how you understand if the data is accurate and precise. Privacy to ensure that is done right can follow the utility involved.”
Explain data with a video
Most people know don’t know much about what companies do with their data and very few of us read terms and conditions.
“The answer to this,” says Kirby, “is video.” Create a video explanation of what you use data for as an immediate way to help consumers understand your organization’s data privacy policy and exactly how their data is being used.
Transparency, ethics, and trust
There’s one thing that binds the above strategies together—transparency. Says Kirby, “The goal is that users have had a chance to know at the moment of collection, at the moment of use, and at the moment of sharing, what data you’re collecting, why, and how you’re going to use or share it.” As people understand how companies collect and use data (for personalization, advertising, etc.) privacy will become inextricable with ethics and trust. That’s why transparency is critical.
Technology as the secret to privacy policy implementation
Publicis Sapient works with clients to embrace business transformation using technology as the main driver for change. They work with clients at the industry level to help them understand how they can use technology and methodology to work with data and facilitate privacy policy implementation.
“APIs, consent management tools, and customer data platforms can help organizations with privacy policy implementation by effectively managing data,” explains Kirby.
For example, consent management platforms give organizations the ability to manage opt-outs across multiple channels. Customer data platforms unify data against a single primary identity. APIs facilitate the sharing and accessing of data internally and externally.
Finally, interoperability standards including the Open Data Initiative which provides a single, comprehensive view of a company’s data and the Cloud Information Model, an application-agnostic data model, are attempts at making sharing data easier by structuring it the same way across multiple companies and platforms.
“Last place when it comes to privacy is going to be shaky ground once digitally native consumer’s finish taking over,” Kirby added. “Our research shows more people are paying attention every year.”