Data Protection compliance really is, in many cases, seen as a grudge purchase much like an insurance policy. You get compliant in order to adhere to regulation and perhaps put something on your website that says “we comply”; perhaps a nice little badge next to your Privacy Policy. For one, I cringe when sites say that they are “certified” or “compliant” as it is a truly ongoing exercise, but secondly, this grudge purchase mentality really hurts a great process and journey that could be embraced for strategic advantage.

Compliance is not the only reason to comply

Sure, you can comply so that you’re all good in the face of the regulator, but you’d be silly to not market this fact too. Many of my clients actively show that they are either compliant or on the journey (depending on their region and market). They celebrate the journey, and so should you. Data Protection compliance – whether required by your jurisdiction or not – is a marketing and client attraction/retention blessing. Let’s dive into a few reasons why.

Crunching the numbers on loyalty

Let’s look at a few numbers here. In a study run a number of years ago (2012) by the Denver Post, it came out that 42% of adults will Google a business before doing business with them, and 45% of those adults found something in the online search that made the decide not to do business with them. This was before Data Protection and the web is what it is today. Businesses are more visible online than ever, and I’d hazard that customers don’t really need to be loyal, given the number of options available. Throw in modern data privacy to this loyalty mix, and a recent study on Data Protection and Customer Loyalty shows that 70% of customers will stop doing business with a company following a data breach.

That last number is important! If it was something other than data protection that created a risk of losing 70% of your client base, would you not take it seriously? So why then do we not look at Data Protection in a different light?

Competitor placement

John Giles, of Michalsons Attorneys, is a firm supporter that there is a business case to compliance that’s not necessarily focused on a compliance aspect. He states, “You should always try to leverage your compliance efforts into positive public relations and business benefit.” When engaging around privacy, he and the Michalsons team look at the comparative position you have with your competitors from a customer standpoint. Who is looking after what? Do you have a Privacy Policy? Do THEY have a Privacy Policy?

Something as simple as this approach can result in the yes / no decision being made in the mind of a potential or existing client of yours. I, for one, will hesitate to deal with a company where I cannot see an effort to garner my trust. Wouldn’t you do the same? The fact is, your competitor’s compliance standpoint could be a breaking point for a decision a customer makes about you.

The marketing advantage

We see so many scandals on a weekly basis around privacy. We’ve become almost numb to the fact that there’s likely to be another breach in one big social media company’s back yard soon and that some large search provider is going to get fined in [insert almost any EU country here]. The fact that that I don’t need to mention names and you’ve already filled in the blanks on that last sentence means that there is a marketing danger and a marketing opportunity for data protection.

Take Apple as an example of taking the advantage; they have pivoted and are actively talking about privacy as a key pillar of their products. It’s worked on me, that’s for sure. I use Apple products partially for their dedication to privacy and control. From the words of Tim Cook, “The truth is, we could make a ton of money if we monetized our customer — if our customer was our product,” Cook said. “We’ve elected not to do that.”

Yes, it’s a marketing approach, and yes, it’s a strategic business decision to do so, which does add an aspect of the big-cold-machine to it, however, it is workingAre there flaws in their approach, most certainly, but look up any comparison between the big players in the news of late and you will see a distinct focus on Apple’s side to protect the data of their consumers, and up their sales in the process. You’ll never get a perfect score on privacy, but if you manage it correctly you can definitely draw the advantage on marketing.

Smooth operations and Standard Operating Procedures

A few weeks ago I published an article on the importance of Standard Operating Procedures in your business. Part of any good compliance exercise involves really being aware of how your processes, policies and procedures work inside your business. This is not something that is specific to data protection, it is incidental that it helps data protection. As a business, and from a strategic management point of view, you should know the direction that your business is running in and your teams should be aware of how to keep in the same direction. SOPs drive efficiencies.

If we exclude Data Protection from the mix, having SOPs give you four key benefits:

  • Precision – being able to see the value in each process
  • Modularity – allowing others to take over a process with minimal changeover or retraining
  • Antifragility – “slip ups” can be managed and maintained objectively
  • Productivity – there is less mental energy expended by teams in completing a task that doesn’t need to be recalled from memory

The above are all beneficial, and not one is specific to data protection, yet they all help data protection and get you closer to compliance! Who wouldn’t want improved efficiencies while simultaneously complying?

It comes down to trust

Compliance to a law aside, much of what I’ve said above comes down to trust. Regardless of whether you feel you need to comply with a particular law or regulation, your customers will expect you to be looking after their data. We may feel as though our hands are tied as far as data protection and gathering data goes, but in reality we’re not that restricted. A recent study from Columbia Business School of over 8000 millennials, Gen X’ers and others, talks about the future of data sharing. In this study, it shows that 75% of people would still share their data with companies in exchange for a product or service, providing it’s from a brand they trust. I propose that we should stop worrying about which four-letter-law we try and comply with, and start worrying about how we build trust with our future customer bases in a world where data protection is a key expectation, not a regulatory check box.

Ross G Saunders Consulting is a niche data protection consultancy, working with a number of professional partners in order to help you as a business comply with data protection regulation. They help with business process, compliance, documentation and more, and can offer a full range of services to take the hassle out of data protection. Why not reach out to find out how they can help you gain a competitive advantage while simultaneously garnering support from your existing and potential customers.

Share This

Share this post with your friends!