By Alex Hazell, Acxiom UK head of legal
Data compliance can be a complex – and ever changing – consideration for marketers in all sectors.
And today, where a data-driven, personalised approach is the answer to create outstanding customer experiences that beat those of competitors – as well as a crucial governance consideration – it has never been more critical to understand data compliance, and get it right. This is particularly true in financial services, where neobanks and fintechs are using data-driven approaches to gain more and more ground in the sector.
GDPR, CCPA – understanding the acronyms and regulations that apply
With the volume of consumer data of all kinds growing exponentially, understanding how to use it effectively is critical to business performance; and a growing number of governance rules is in force to ensure legal, ethical and responsible use of personal data.
Ultimately these regulations are in place to compel organisations to review and improve how they collect, store and utilise personal data, and to place greater emphasis on ethical practice and individual rights.
For example, in the UK and the EU, the General Data Protection Regulation (GDPR) came into force in 2018 to accompany the e-Privacy Directive that sits alongside it, and is focused on protecting individuals from the unlawful and unfair use of their personal data. Note that the EU is in the process of replacing the current e-privacy Directive with the e-Privacy Regulation.
Equally, the California Consumer Privacy Act (CCPA) came into force as of January 2020 and is a state statute designed to enhance privacy rights and consumer protection for residents of California, USA.
Of course there are many other regulations to consider. For example, when in heavily regulated industries such as finance, firms may have a requirement to comply with other sector-specific regulations and codes such as FCRA, HIPAA, PCI – as well as CCPA or GDPR. Or, they may need to know how to manage sensitive or special category personal data which often requires a higher level of compliance.
And because of the breadth and complexity of these ever-evolving considerations – including, but not limited to eye-watering maximum level fines for non-compliance – data compliance can seem overwhelming. So, how can marketers truly understand what’s required, and stay on top of the rich tapestry of governance and regulations that applies to their organisation?
Six steps to ensure compliant customer data use
At a top level, data compliance requires marketers to take a transparent, considered approach to consumer data, based for the most part on providing varying degrees of notice and choice; for example, in the case of the GDPR, that may be via the consent or legitimate interest grounds.
With this in mind, and a focus on driving relevancy, value and impressive experiences, aimed to surprise and delight, both marketers and consumers can benefit from data compliance – it’s the ticket to better data driven experiences on all sides!
So how should data-driven marketers act to be certain of best practice data use, post GDPR and CCPA?
- Always put the consumer first. Consumer interests and customer value must always shape how marketers collect, use and protect data, to ensure trust, transparency and compliance.
- Work to communicate value. Keep data use balanced across the business, not just in marketing. Always orient toward driving consumer value – to demonstrate and explain the value return that consumers will achieve from a data exchange.
- Build trust through transparency. Clear, simple explanations are important to ensure understanding and build trust. So be open and transparent – data used for marketing is a far cry from personal data being used for other more intrusive purposes – and those doing the right thing have nothing to hide.
- Ensure responsible, balanced use of data. Organisations need to make sure it has clear internal policies around data ethics, privacy and work to ensure balanced data use everywhere, for true trust. Note that in the case of GDPR, firms need to be able to demonstrate accountability, and data protection impact assessments are often required to ensure the correct safeguards and balances are in place.
- Remove data silos. A fragmented tech stack with disparate data makes it hard to truly see what data a company has, where it is, and how compliant it is. Creating a unified data layer and removing silos is the best way to connect the data, ensure data accuracy and hygiene – and unlock seamless customer experiences through greater personalisation. This data combination also needs to be done in a compliant and ethical way.
- Prioritise data protection and compliance. Adhering to data privacy legislation is a ‘must-have’ consideration, not a ‘nice-to-have’. As such, it’s critical that marketers put in place a set of accountability measures to ensure responsible and compliant handling, whether they choose to do this alone, or with the guidance of a trusted data partner.
A compliant approach to consumer data and privacy is a critical part of any business strategy – not an optional one – so it’s important to have a roadmap to compliance for the business.
Of course, knowing how to assess, consider, and (where needed) adjust how an organisation hosts, manages and uses data to remain compliant can be a challenge. For this reason, many organisations choose to seek external expertise and advice, and understand the assistance and competitive advantage that a data partnership can provide.
Ultimately, from providing clarity over governance and legislation, to ensuring data processes and technologies are compliant, secure and futureproofed – working with a data partner can help organisations understand and navigate regulations to execute ethical, legal and responsible compliance for seamless, trusted marketing.
