Why personal data privacy needs a customer-centric focus

SOCIAL Blog Privacy

When it comes to personal data privacy, it can be hard to see the forest for the trees. Headlines and social media are dominated by data breaches, resulting in both reputational and financial loss. Meanwhile, organizations are panicked about complying with the latest regulation deadline. In all of this, the customer’s relationship with both personal data privacy and the organization itself can get lost.

Consumer trust should be an important focus for any personal data privacy initiative, according to the responses from a recent survey by Deloitte. The survey showed that when it comes to sharing their personal data, consumers want to trust the organizations they engage with to treat that information with care. Consumers understand that sharing their data with certain organizations can be mutually beneficial. However, organizations need to earn that trust – and consumers want evidence that their personal data will be treated ethically.

Data breaches and GDPR impact trust

Certainly, data breaches are having an impact on consumer trust. One of the reasons why the General Data Protection Regulation (GDPR) was created was because the EU felt consumer trust – built through better data privacy practices – was a vital part of creating the EU’s overall digital single market initiative. The Deloitte survey proves this point – 25% of respondents say that their level of trust with an organization would decrease if the company was involved in a data compromise. Another 35% said their decision to do future business with an organization depends on how much they trust it. Clearly, organizations who have a reputation for acting ethically in the way they handle consumer data – who have earned the trust of consumers – will have more resilience in the event of a data breach.  

It’s clear that a greater understanding among consumers about personal data privacy is having an impact, although this is more complex. Since the implementation of the GDPR in the EU, 55% of survey respondents say they have become more cautious about sharing their personal data with organizations. To some extent, this is because consumers are developing a greater understanding of the risks inherent in sharing personal data. This is also driven by increasing awareness of the rights that individuals have over their own personal data – on average, 78% of the survey respondents are aware of the key rights that they have. More specifically:

  • 84% of respondents claim to know of the right to opt out of direct marketing, and 23% say they have exercised this right
  • 79% of respondents are aware of their right of access
  • 76% of respondents are aware of the right to data portability
  • 79% are aware of the right of erasure, and 12% of respondents have already used it

Awareness among consumers of their rights under GDPR – and their willingness to exercise those rights – will only increase over time.

Trust has to be earned

Unfortunately, many organizations have decided to put compliance – and often in a minimal, box-ticking form – at the heart of their approach to personal data privacy. Although the organizations that responded to the survey indicated general confidence in their GDPR programs, the reality is that most will not be able to deliver, potentially damaging customer trust. For example, just 30% said they were able to respond to the data requests received within one month. And 37% were either unable to keep up with the volume or only able to respond to just a few within one month.

It’s almost impossible for more complex organizations to meet the demands of GDPR using manual processes such as spreadsheets. Earning customer trust – building and retaining a reputation for ethical action when it comes to personal data privacy – means being able to respond in a timely and accurate way to GDPR requests from consumers. It also means keeping consumer data safe, and acting in a responsible way if a data breach takes place. In short, building trust through ethical action requires organizations to think more strategically about how they develop the processes and resources that will put consumers at the heart of their data privacy approach.