The Case for Privacy Compliance


The importance of approaching customer consent and privacy requests holistically 


By Eric V. Holtzclaw


Rooted in increased regulation such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and general customer backlash, there is a growing emphasis on collecting consent and ensuring the privacy of customer data. In this environment, compliance is a top of mind factor for companies, but how cost is managed varies from organization to organization.


Some companies focus on the cost of introducing technology to collect, track, store, and report customer consent and privacy across their enterprise systems. They focus on making a solution-based, cost benefit decision, seeing the compliance problem simply as an item to check off their to do list. Others focus on quantifying the cost of potential fines associated with non-compliance. Their focus is risk-reward and decisions are based on the risk and associated cost to the organization in the case of a complaint. 


Without approaching compliance holistically, what is being collected on a customer becomes a grain of sand in the gears of the company. As the request moves through the organization from department to department, the cost to address a compliance inquiry grows exponentially and this expense grows as the number of requests grow.



Cost to customer service


In most cases, the information needed to answer common customer requests–such as tracking whether their product shipped or learning the status on their account–is relatively easy. That’s because they’ve spent years and lots of money building out their core CRM systems. 


This is not true for consent and privacy data. This data stored across many different systems and tools within the enterprise. Additionally, accomplishing a consolidated view requires a proper data map to what and where information is stored.  


By allowing customers to complete consent and privacy requests via self-service or providing customer service representatives easy access to customer data across the enterprise, customer inquiries can be handled effectively before they become a larger problem. 


Without an overall understanding of where data is stored, how to access it and, more importantly, how to make a change, no request for consent or privacy data can be easily addressed. This results in significant time and effort by the customer service representative and others across the organization as well as multiple communications with the customer regarding the status of their request. 



Cost to marketing


Good marketing presents a well thought-out brand and makes the customer take notice. However, in order to fulfill compliance requirements, many companies deploy tactics that result in less than ideal messaging to customers regarding the use of their data. These messages only confuse, frustrate and certainly don’t convert customers.


In other cases, an attempt to quickly address consent and privacy risks, organizations turn to band aid fixes such as the implementation of complete opt-out versus opt-down or the decision to not send outbound communications at all.  


The loss of customer communication, either because of overly stringent adherence to compliance laws and regulations or due to confusing compliance language impacts the effectiveness of marketing and decreases ROI on marketing efforts. Well thought out consent collection and data privacy access at key moments in the customer journey is key to converting compliance from a cost to marketing to a marketing advantage.



Cost to compliance


Without a proper governance approach, the compliance department finds itself stuck in a cycle of one-off responses to complaints and addressing compliance requests that arise. Consent and privacy management is not a technology and it is not a project.  


To address these correctly, it requires an overarching practice, a general shift in the way the organization views the customer and works internally. Fully addressing consent and privacy requests requires input from all departments to stand up a well thought out approach and continually update it as technology, business, and compliance environment changes. The compliance department must be strategic about its approach in order to be successful.



Cost to the customer experience


Finally, the most impacted aspect of an organization is the customer experience. This includes how the customer views the organization as a steward of their data, their experience of receiving communications across many channels, as well as their experience when they interact with digital properties.


Collection of consent and responding to data privacy requests must be thought through as strategically as any marketing campaign to drive traffic, shopping cart experience to increase conversion, or supply chain assessment to drive down costs and increase customer satisfaction. It can’t simply be bolted on as an afterthought.



As regulations and requirements increase as a result of increased scrutiny through laws such as GDPR and CCPA, the cost of complying with customer requests eats away at top- and bottom-line profits. Topline, because the customer can exercise the choice to work with companies that honor their consent and privacy wishes strategically and proactively; bottom line, because of the internal impact to ill-prepared organizations as they react to inquiries from customers. 


To be successful, organizations must think through the ramifications beyond the implementation of a singular technology or in preparation for potential fines.



About the Author


Eric V. Holtzclaw is Chief Strategist of PossibleNOW. He’s a researcher, writer, serial entrepreneur and challenger-of-conventional wisdom. Check out his book with Wiley Publishing on consumer behavior: Laddering: Unlocking the Potential of Consumer Behavior. Eric helps strategically guide companies with the implementation of enterprise-wide consent and preference management solutions.


Email This Post Email This Post

Review overview

Sorry, the comment form is closed at this time.