Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Real-World Examples of Going Beyond GDPR Compliance to Infuse Transparency into the Customer Experience

“It’s never crowded along the extra mile.”

– Wayne Dyer

The European Union’s General Data Protection Regulation (GDPR) is setting the global standard for increased transparency in data collection and processing. And, while your competition works to avoid regulatory scrutiny by addressing GDPR requirements as a series of system and policy updates, you can win more market share and the trust of your customers by turning transparency into a pillar of a great digital experience.

This was a key takeaway during a recent International Association of Privacy Professionals (IAPP) webinar I had the privilege of moderating. Far from a high-level, theoretical discussion, the two panelists and I explored real-world examples of how delivering real transparency in today’s consumer privacy-focused environment takes a village to get right, and is a cornerstone of customer trust.

To show you what I mean, let’s take a closer look at these real-world examples.

Taking the Time to Ask Is Worth It

Rita Heimes, Research Director and Data Protection Officer, IAPP, took the audience behind the scenes and described some of the tough choices her team faced during its GDPR readiness experience. Specifically, she described  the roll out of new lead generation forms that required users to explicitly consent to receive marketing messages.

“I think it just gives you a better relationship with [your customers] because you took the time to ask in advance and get a clear expression of interest. You’re not relying on the soft opt-in assumption as you were before.”

In addition, the IAPP didn’t limit the new forms to their European Union audience. Instead, they applied the same standard to every region.

“It was tempting [to geographically differentiate users] because then we could continue to comply with the U.S. CAN-SPAM law, which is very liberal and generous toward marketing and not live up to the more explicit consent requirements of the GDPR. But ultimately we decided we wanted one global standard.”

These choices have paid off, according to Rita. For marketing purposes, the prospects who have opted in are better quality.

“Now we know with great confidence that these are super-great leads,” she said. “They’re interested in what we have to say.”

And for the business, she feels their overall data privacy strategy is stronger. They have one global standard of obtaining explicit consent through lead generation forms, as opposed to managing different forms region by region. As governments adopt stricter privacy laws around the globe, having this one standard will serve them well.

“It’s easier on us, for one thing, and if [explicit consent] is where privacy law is heading, then we want to be out in front of it.”

Customers Want the “Why”

Vivek Narayanadas, Associate General Counsel, Privacy, and Data Protection Officer for Shopify, walked the audience through his company’s experience handling the GDPR’s transparency requirements. While articles 13 and 14 of the regulation detail how businesses should be transparent about their data collection and processing practices, Vivek said customers want even more.  

“It became pretty clear to us that after we changed our privacy policy to meet GDPR requirements… that it wasn’t enough… [Customers] wanted to understand why we made certain decisions… And without that ‘why’, they had a lot of questions… often very aggressive questions pushing back on our positions.”

To address this issue, Shopify’s privacy and marketing teams worked in concert to provide customers with white papers and help documents to explain the company’s decision-making about its data collection and processing practices. Soon after the supplemental information was posted, customer inquiries about Shopify’s privacy policy and GDPR posture dropped by half.

“What we took away from this was that customers want to understand your thought process,” Vivek said.  “And once they feel comfortable with [you] and trust you a little bit more, they’ll be okay, generally speaking, with whatever decision you make. It’s really about that trust.”

The Role of Customer Data Management

I discussed the integral role of customer data management in today’s customer relationships. Increasingly, we’re seeing consent-driven, first-party data as the key to:

  • Omni-channel personalization
  • Addressing GDPR requirements for personal data transparency and control
  • Navigating the evolving consumer privacy landscape as new regulations emerge

Taken together, these three elements form the foundation of trusted customer experiences. This means the onus is put squarely on the business to find a solution for collecting first-party data, gaining the consent to process it, ensuring its accuracy at every customer engagement, and giving customers meaningful control of it.

Importantly, these challenges don’t fall into the lap of a single business department. In fact, they are best tackled by a cross-functional approach, including input from compliance, marketing and IT stakeholders. In addition, execution of this approach is best supported by a centralized technology solution that addresses each business’ unique needs while speeding time to market and keeping costs in line.

Rita agreed, saying:

“It’s so helpful when there are technical tools… that have already thought through GDPR compliance for you. Otherwise, you’re having to do everything from scratch and customize it to your own business needs.”

Listen to the Entire Conversation

In addition to the points discussed above, Rita, Vivek and I discussed several other factors for addressing the GDPR and developing a forward-looking, comprehensive data privacy strategy. By the end of the broadcast, it was clear that providing market-differentiating customer experiences in the GDPR era involves a cross-functional approach to consumer privacy, paired with a customer data management strategy built on trust.

To listen to the entire conversation, click here. And be on the lookout for a follow-up blog post where we’ll answer many of the questions we couldn’t get to during the webinar.

SAP Customer Experience Live | Barcelona, Spain | October 10-11

Join innovators, influencers and industry leaders as they explore how trust, connection, and purpose are the core of the intelligent, customer-first enterprise.

Sign up now!

By Ratul Shah

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.