Top 8 Privacy Compliance Topics for 2020: Part 2
In our previous blog post, we covered the first two topics of our eBook, “Top 8 Privacy Compliance Topics for 2020.” In this blog post, we’ll cover the next two topics:
- Marketing Should Be Leaders with Privacy Compliance
- Taking Action is the Only Option
Marketing Should Be Leaders with Privacy Compliance
Many believe that the legal department, or perhaps the risk, compliance, and security team, should lead privacy compliance programs. Each plays an essential role in defining and implementing a privacy compliance program. However, their focus tends to be an internal, narrow focus on risk mitigation. Marketing, on the other hand, is focused almost exclusively externally on the customer. As a result, marketing should take a leadership role.
No organization spends more time obsessing over the customer’s perception of their brand. Marketing creates and manages the public face of your company. Beyond building and maintaining your company’s websites, and social media presence, they invest extensively in improving the customer experience across all channels. Savvy marketers see compliance as an opportunity to enhance the customer experience by asking the customer directly and requesting, with permission, data about their wants and preferences. By taking a privacy by design approach, actively informing and granting users control over their data, brands create more trust and confidence, and as a result, get better and more accurate data — all designed to support their marketers better.
Taking Action is the Only Option
Few people dream about diving into the details of privacy compliance laws and regulations. However, there are critical concepts that impose new expectations on marketers. Here are three we have identified as particularly noteworthy.
The Right To Be Forgotten (RTBF)
In marketing, we have operated under the assumption that you can collect and keep reams of customer data indefinitely. Indeed, relationship-based sales rely on the assumption that we can serve customers better as we learn how to understand them. However, the “RTBF” provision changes that.
Under RTBF, a given prospect or customer may ask you to erase all information about them. To meet that requirement, you need to understand your data thoroughly. For example, can you find and delete all backups and copies to fulfill a customer’s request? Do you feel comfortable informing a customer that you have fully completed their request?
If that weren’t enough, your contacts would expect you to complete the above change within 30 days.
Right to the restriction of processing (“RTRP”)
Your contacts may restrict how you can process information about them. For example, we can see a situation where the prospect does not allow you to use their data to employ remarketing or retargeting techniques. How? They could tell you not to share their name and email address with third parties like Facebook.
You must be able to make adjustments to data processing at an individual contact level. Jane Smith may forbid one type of handling, whereas John Smith may forbid multiple kinds of data processing. If you cannot offer that level of nuance, you may face the prospect of having to make significant manual interventions.
The right of access by the data subject
This provision requires data controllers to be ready for transparency. In the past, it was a best practice for companies to respond to inquiries such as “send me a copy of my customer file.” That has now become a baseline expectation. This right of access includes disclosing information about “automated decision-making,” which may include the use of AI, machine learning, and related technologies.
To respond to this expectation and others, we suggest organizations develop templates, checklists, and procedures that staff can use. Otherwise, you have an operational risk that data may be mishandled or disclosed improperly.
As you read through this eBook, you will become more informed about privacy compliance and how it impacts your marketing efforts. But what about the rest of your organization? That is the next requirement we will explore in Part 3 where we’ll cover the next two top privacy compliance topics for 2020: Regular Data Audits are Less Expensive than Fines, and Anonymous Data is Not Very Anonymous.
If you would like to get our entire eBook now, click here to download a copy of “Top 8 Privacy Compliance Topics for 2020.”