Credit: Dennis Kummer

The business case for stricter data practices: Why businesses aren’t waiting for the rules to change

Consumer data privacy continues to be a hotly debated topic; especially in countries like Australia where we are yet to introduce updated laws to regulate this area. And while stricter data laws have been met with much resistance from businesses in the past, a new pattern is emerging of companies now advocating for greater regulation.

In regions where strong data laws have been enforced, like the EU with its General Data Protection Regulation (GDPR), businesses have demonstrated improved digital marketing results such as increases in ROI, and greater customer engagement and trust. In fact, for marketers everywhere, GDPR has been an unlikely lesson in the commercial benefits tighter regulations can bring.

With companies now realising there’s much to be gained from ethical data practices, (regardless of whether they’re required to by law or not), many are forging ahead and implementing their own strict rules in line with consumer expectations.

A look at GDPR

In 2018, when GDPR came into force, organisations across the EU were worried they would not be able to successfully operate under the new regulations. A major concern in particular was that their valuable email contact lists which they had taken years to establish, would be jeopardised. And this certainly was the case for many initially.

GDPR enforces a requirement for users of personal data to select a legal basis for doing so. Marketers generally had to choose whether to use “consent” or “legitimate interest” as their legal basis. Legitimate interest tended to be used when a customer relationship already existed, but where “consent” was relied upon we saw many marketers having to remove sizeable chunks of the lists they had built up over a long time. This is because consent had to be refreshed if the previous permission model had not met GDPR standards, for example a pre-checked box, and resulted in many marketers effectively starting their lists from scratch.

From enemy to ally

Despite their initial concerns however, businesses saw their email marketing initiatives receive a host of benefits just one year after GDPR was introduced. In fact, the Data and Marketing Association’s (DMA’s) Data Privacy report found that GDPR offered broader business benefits with almost half (49 per cent) of marketers stating that consumer trust in the handling of their data had improved, as well as nearly a quarter (22 per cent) saying customer relationships had been bolstered.

On top of this, the DMA’s Marketer Email Tracker report noted an uplift against all major KPIs: increased deliverability (67 per cent of respondents), open rates (74 per cent), click-through rates (75 per cent) and conversion rates (67 per cent). These improvements were reflected in Validity Inc.’s Deliverability Benchmark Report, which showed that in the UK alone, deliverability showed a 5 per cent YoY increase from 84 per cent to 89 per cent after GDPR was introduced. Negative metrics that marketers want to avoid also reduced, with 55 per cent of respondent reporting less spam complaints and 41 per cent citing less opt-outs.

GDPR has provided the blueprint for global data privacy regulations, with many other countries having either introduced, or planning to introduce, their own version. California and Brazil are two such examples; with California’s Consumer Privacy Act (CCPA) recently coming into effect in the US and paving the wave for more than 30 other states to take similar action, and Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) having gone live recently too.

In countries where new regulations haven’t yet been introduced, the influence of GDPR has still been felt — with many companies in these locations taking a proactive stance in protecting consumer data. A great example of a country with businesses who champion data privacy of their own volition is Australia.

Australian companies: champions of ethical data practices

In contrast to the recent introduction of GDPR, Australia’s privacy laws date back to the 1988 Privacy Act and have remained largely unchanged since this time — outside of some specific legislation such as the Spam Act 2003. And while the Australian Government is set to conduct a review of the Privacy Act (including a potential right for consumers to have personal information deleted as is the case under GDPR) this won’t take place for a number of years. As a result, Australia’s laws are currently less prescriptive than is the case in Europe.

Despite this, Australia is a great case study in what can be gained by proactively implementing good data governance. According to Validity Inc.’s 2020 Email Deliverability Benchmark report, Australia benefits from one of the highest global email deliverability rates, similar to that of Europe and Canada. These impressive metrics can in part be attributed to Australian companies’ proactive approach to best data practice.

What best practice companies are doing

Key to strong data governance is developing a data governance framework that outlines how an organisation’s data is defined, who has control over it, how it is protected and how it will be used.

A good starting point is the creation of a risk register, where companies evaluate all potential risks against likelihood vs impact. In preparing the register, data should be considered through the lenses of confidentiality (is it secure?), integrity (is it in good condition?), and availability (what if the system the data supports were to fail?).

This should be the starting point for working towards Privacy By Design (PBD), a concept that calls for privacy to be taken into account throughout the whole data process. In this way, privacy is established as the default, by proactively embedding it into system design in a way that provides end-to-end security while maintaining full functionality, visibility, transparency and respect for user privacy.

Once a data governance framework has been implemented, it’s important that it’s monitored and regularly reassessed. It will likely need to be updated over time to ensure it remains robust and to not risk losing customer trust through privacy breaches or data being used or shared inappropriately.

Other practices that successful Australian companies have implemented to increase trust include asking customers for specific permissions around how their data is used, shared, and under what circumstances they can be contacted, implementing time limits on how long customer data can be stored, not using pre-selected boxes in online forms, and offering consumers the right to be forgotten.

The business case for good data governance

With the disruption and uncertainty caused by the global pandemic, engendering consumer trust has never been more critical.With many of the world’s population now conducting everyday life online, for both business and pleasure, people want extra assurance that the products and services they use take their privacy seriously. A recent report by Cheetah Digital found that in light of privacy breaches, many consumers have changed their online behaviour and are upping their own safety measures including disabling location tracking, installing ad blocking tech, and deleting cookies regularly. Therefore, if consumers feel compromised at all, they are quicker than ever to take their business elsewhere.

Despite what some may have thought, adhering to good data governance does not mean sacrificing valuable insights or innovation. As demonstrated by Australian companies and GDPR, implementing more thorough data practices results in greater engagement, consumer trust, and more accurate customer insights. This in turn helps businesses to innovate faster and establish greater loyalty with their subscriber base — benefits that will endure well into the future.

Keep up to date with our stories on LinkedInTwitterFacebook and Instagram.

Related Stories