Written by Felix Marx, CEO, Trūata.
Analytics fuelled by customer data has revolutionized the products and services available to customers. But at a price. The use of personal data by companies is killing consumer trust.
People are concerned by the volume of personal information being collected, how it is used and who their data is being shared with. Not surprisingly, these concerns are having a dramatic effect on customers’ behaviour, exposing businesses that fail to handle their customers’ data correctly to severe reputational damage – and potentially desertion by their customers.
Trūata’s recent Customer State of Mind Survey highlights the magnitude of this problem. Of the 2,000 UK participants surveyed, 60% were uneasy with companies using their personal data for analytics and 71% were worried they may suffer fraud if their personal details were stolen or breached.
And customers are not alone in their concerns. The Information Commissioner’s Office (ICO), the UK’s data privacy watchdog, has warned businesses that customers don’t trust them with personal data and it’s up to businesses to prove such fears groundless.
In this context, adherence to GDPR and proper data handling is not just the right thing to do, it’s the business-savvy thing to do. But given the critical importance of data-driven analytics for operations, product development and marketing purposes, companies must nonetheless continue to leverage their data.
This leaves businesses with a conundrum. Do they build a reputation for data privacy and trade on it? Or do they focus on data-driven innovation at all costs, risking the ire of both their customers and their regulators?
The answer is to become a leader in both trustworthiness and innovation when it comes to data usage. By taking the person out of personal data.
Trust and innovation are not mutually exclusive, but true leadership requires bravery and the ability to turn challenges into opportunities. Data usage in the modern age is no different. In this case, it’s essential to embrace new technologies to enable such leadership – data anonymization being the critical technology in this case.
By intelligently anonymizing their data, companies can successfully gain value from the personal data they hold, while respecting the trust their customers place in them. The key is of course that such anonymization needs to be handled intelligently. This means avoiding over-anonymization of data at the expense of analytical utility (as risk-sensitive organisations are prone to do) but also avoiding under-anonymization of data at the expense of safety and compliance (as many innovative companies are prone to do in the hunt to leverage their data successfully).
At Trūata we know that it is possible to thoroughly anonymize data while at the same time unlocking the value in that data. Doing so allows companies to obtain transformative levels of insights to drive customer growth, gain operational efficiencies and surface data monetization opportunities, all without compromising customer privacy. From omni-channel dynamics to recommendation engines and analysing customer behaviour, the application of accurate, privacy-enhanced analytics has the capability to drive business forward. And, by removing the person from your personal data first, this can all be accomplished within the bounds of the toughest data privacy regulation.
The key concept to grasp is that anonymised datasets fall outside the scope of ‘personal data’ as defined in the GDPR. Therefore, by generating anonymised versions of their customer datasets, organisations can conduct analytics on unrestricted by the requirements of the GDPR or other data protection laws, such as the requirement to have valid consent or other lawful basis of processing and the requirement to only lawfully re-purpose customer data for purposes compatible with the original purpose of collection, two of the most difficult barriers to lawful repurposing of existing customer data for analytics and data monetisation. The difficulty arises because the anonymisation processes undertaken are frequently inadequate as those organisations don’t fully understand or appreciate what both the GDPR and supervisory authorities expect for personal data to achieve an adequate level of anonymisation. In order to establish if adequate, organisations need to objectively consider all means “reasonably likely” to be used to identify someone. If re-identification is conceivable within the parameters of the test set out in Recital 26 GDPR, then the anonymisation techniques have proven inadequate, through a lack of expertise, misunderstanding of the requirements of the law or even negligence. In this situation there is a potentially high exposure given the number of data subjects in most large organisation’s customer datasets whose personal data is therefore being processed in a manner that fails to comply with the GDPR.
But why should you care? Well, the future belongs to brands who can unlock the value of their data while upholding the values of privacy and integrity in doing so. It belongs to those companies who are forward-thinking enough to gain that competitive advantage relative to their peers by simply taking the person out of personal data.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/