// . //  Insights //  Debunking Data Privacy Myths

New data privacy legislation is being introduced everywhere from California to Brazil, Thailand, India and Indonesia, as customers around the world become more discerning and skeptical about how their personal data is collected and used. Ever since the introduction of the General Data Protection legislation (GDPR) in 2018, many organizations anchor their data privacy policies and actions in legal frameworks, shaping their strategies largely around compliance.

The problem is that by focusing too much on compliance, organizations are missing out on the opportunity to attract more customers by deepening their relationships with them. The more customers feel comfortable sharing personal data with companies, the more likely it is that they will use their products and services.

In our work, we’re seeing many businesses allow their data privacy strategies to be shaped by several misconceptions or myths, usually grounded in compliance. This is clouding their judgement about what customers really want or need. Below, we explore the three most common data privacy myths that we find hold companies back from turning their data privacy policies into a competitive advantage instead:

Myth One: Data Protection Trumps Data Privacy

There’s a common misconception that consumers care more about being safeguarded against hackers (data protection) and less about having control over their personal private data (data privacy). It is true that consumers are increasingly wary about entrusting their data to third parties particularly if they believe their data is vulnerable to breaches. But how companies store and handle personal data is also a major driver of behavior and loyalty, particularly if consumers believe it is being given away without permission.

A recent study by Oliver Wyman revealed that consumers are concerned about both data protection and data privacy, with around 57 percent of customers expressing concerns about online privacy and 85 percent wanting to know more about what happens to data that companies collect.

Therefore, companies who choose to prioritize data protection over data privacy risk alienating customers who will switch providers if there is ambiguity surrounding how their data is being stored and used.

Instead, companies should aim to identify and fully understand privacy requirements, not as burdensome boxes to tick as part of a compliance-driven agenda, but as a series of windows to connect better with customers. Likewise, data privacy should not be treated as the sole responsibility of the Data Privacy Office but should involve a broader task force of business representatives to jointly define and customize privacy requirements to meet customer expectations.

For example, one Asian bank was able to reposition and elevate their Data Privacy Officer as a business partner by conducting a series of workshops with stakeholders from across the entire bank. These examined operational and customer concerns, with participants discussing ways of embedding data privacy into the entire customer journey, but also using the opportunity to create a more seamless experience. The workshops also gave useful advice on how to engage frontline staff (such as in call centers) in supporting data privacy frameworks to maximize opportunities to gather customer data.

Myth Two: Data Privacy Regulations Are Restrictive

Another fallacy is that data privacy regulations restrict data-driven business models because customers will no longer allow firms to collect and process their personal data. Although adhering to privacy regulations presents challenges, organizations that take a proactive approach can see a positive impact.

Experience shows that consumers are still willing to have their data stored and collected, but only if there is a clear indication of how this benefits them, such personalized apps for greater convenience. Companies who articulate clear benefits and reinforce how personal data is collected and protected will continue to have access to customer personal data.

The real difference may lie in building data analytics capabilities to better understand consumers’ lives and habits, which lets them be more selective about which products and services are promoted to people.

Financial services providers, in particular, are now combining data and artificial intelligence to tailor campaigns and drive sales. Here, data can help them drastically reduce decision times from days to hours when customers apply for new products. One Italian insurer collated insights on every customer interaction (such as customer portfolio data, customer banking data, customer engagement data, and trigger events). They used AI to predict customer behaviors and provide more personalized and targeted offers, which were placed consistently across all channels (such as apps, internet banking, and phone banking). As a result, the insurer was able to achieve a three-fold uplift in campaign success rates and a return-on-investment rate of around 300 percent on the tool driving their customer base transformation.

The need to maximize data sharing by customers to enable data analytics is clear, and it begins with conducting a full review of the customer journey and embedding data privacy in an intuitive manner. Customers should receive clear prompts and explanations of what they are allowing companies to do if they consent to the collection and sharing of personal data, so they can conveniently exercise their data subject rights.

Privacy notices, for example, should be customer friendly, using simple language and avoiding legal jargon. There should be clear ways to provide consent and prompts where the processing of personal data is mandatory (such as the sharing personal data to a credit bureau service). Likewise, businesses need to provide logical channels and platforms where consumers can update their consent preferences.

Myth Three: Data Privacy Just Involves Notices

Successful data privacy goes way beyond privacy notices – it relates to the usage and management of personal data and fulfilling data subject rights. To do so, companies need to develop broad data management capabilities across the whole business that allow functions to collaborate better on all aspects of data privacy, moving away from the perception of it merely concerning compliance teams. but one that can offer a tactical advantage.

Likewise, data privacy should be embedded into the entire customer journey, from marketing to sales, servicing clients to retention – and even termination. Where there are customer interaction points, such as physical retail outlets, websites, mobile applications, and call centers, it’s important to give customers consistent experiences and messaging. 

Embedding Data Privacy Into The Customer Journey

Enterprise privacy capabilities should be created on solid privacy foundations, such as by creating a Data Privacy Office that is tasked not only with minimizing exposure, but partners proactively across the business.

Leaders should also embed principles of “privacy by design” into their technology set-up and operational processes, to create an enterprise-wide view of how the capabilities link together to fulfil both regulatory and customer expectations

Opportunities – and responsibility

Consumers will increasingly use digital technology to interact with companies and the data this generates brings both opportunities to deepen engagement, but also an increased responsibility to keep the data safe. Keeping up with changing data privacy legislation will continue to be challenging, but this should not stop businesses from constantly questioning how they can use their data in smarter and more actionable ways. After all, personalization offers benefits for both consumers and businesses.