At this point, nearly every CMO is somewhat familiar with the requirements set forth by GDPR, CCPA, and other pertinent data privacy regulations. And yet, in too many cases, marketing leaders have done little more than meet the letter of the law—they have put cookie banners in place, added consent checkboxes where required, and nixed advertising concepts that could be perceived as "creepy."
Once the box was seemingly checked on data privacy compliance, many CMOs and their teams moved on. That is a missed opportunity: The evidence for supporting clear and actionable data rights is just too overwhelming.
New laws in California, Colorado, and Virginia will come into force in 2023, so it's clear that data privacy regulations are here to stay, and they will likely continue to proliferate on a state-by-state basis until there is a federal mandate. Accordingly, marketing leaders and their organizations need to quickly shift their thinking about data privacy away from pure compliance and toward a customer experience trend.
And if you think I'm referring to consumer-facing companies only, consider the following.
Data Rights Are a B2B Issue
B2B companies act not just as data controllers but as data processors, which means data processing agreements (DPAs) with customers are complex. The agreements and requirements vary based on the customer's company profile and the type of data the company (including B2Cs) owns but you (as a B2B processor) hold. That can quickly snowball in complexity by creating different workflows, and the data infrastructure to support those, at scale.
In a fiercely competitive market where brand perception rules, the enterprise customers you most want to attract are evaluating your company against competitors to look for partners that match their privacy stance and take privacy just as seriously as they do. (Zoom's privacy woes in 2020 after a pandemic growth surge is a master class in how ignoring privacy can backfire.)
End-user data privacy requests can ping pong between you as the data processor and your customer as the controller. In many cases, end users may come to you directly, and the resulting efforts to triage and field those requests through different systems at different companies can create a cumbersome, poor user experience. It can also push your internal teams' struggle with manual processes to breaking point.
As a B2B company, your reputation is often affected by your customers' (B2C) reputation via a trickle-down effect. Reputationally, you can benefit from their strong choices and positive brand reputations, but you also can be held accountable for their less-than-stellar decisions. Although that is to be expected on some level, it adds a layer of complexity and nuance.
Moreover, you serve customers of different sizes, in different regions, and with different industry-specific regulatory requirements. It's a lot to reconcile. As a data processor, taking the highest road possible with user data provides a level of protection against any future issues related to data privacy.
What Can Marketers Do Today?
Based on my experience running both global and regional marketing programs for more than 10 years, there are four actions I believe every marketing leader can take to align with data rights.
1. Take ownership over personal data
Marketing doesn't need to be on its heels, taking heat from legal or compliance and hoping to fly under the radar. Instead, Marketing can take a forward-looking position within the organization.
Work hand-in-hand with your legal and compliance leaders, as well as the individual lines of business. Encourage the entire organization to prioritize data privacy—from product ideation to development to product delivery and marketing.
By taking a leadership role and elevating data privacy, you can improve your company's reputation among potential buyers, and even among its end users. It is a virtuous circle where doing the right thing reaps rewards. Now is the time to move from a defensive stance to a growth mindset.
2. Map your marketing data trails
Although all CMOs are familiar with a "user" journey map, consider creating a data journey map. We need to understand the data footprint of our own organizations. Just because your primary focus might be on your data processor responsibilities doesn't mean you can ignore your controller responsibilities from your company's own sales and marketing activities. You also need to clearly map data and understand where it lives within your organization.
A data journey map will highlight how your organization is using personal data across your marketing (and sales) activities, and it can answer questions such as...
- Where are we storing personal data—from lead generation to outbound sales motions, and more?
- How many of our marketing vendors have access to that data?
- Is the data easy to access and delete from vendor systems, if required?
- Are we purchasing prospect data for sales or marketing purposes?
- For each marketing campaign, is it immediately clear what types of data we're using, sharing, and collecting?
3. Make your brand walk the walk
Enterprise customers want to know that you have sound processes and policies in place. Don't rely on hand-waving or false promises—ensure you are truly delivering what they're looking for:
- Do you have an API for data access and deletion?
- What are your security protocols, and how do you safeguard the end user?
- Remember SolarWinds? Are your partners in a position to inadvertently compromise your security postures?
Work with your executive team to explore the above, and highlight the merits of strong choices with supporting data, such as insights related to reputation/brand favorability and reduced security risk by collecting only necessary data.
4. Broadcast your decisions—be transparent
As an industry we've often (perhaps inadvertently) rewarded designs that obscure what we're up to behind the scenes. Bring your choices into the light. When you've made the right investments here, then you can feel confident to highlight your investments to prospective customers as a point of not only reassurance but also privacy differentiation.
Part of the decision to share your data privacy policies publicly is practical: You're making those decisions as a response to an increased focus on consumer data rights. Therefore, it is important that your business customers—and their customers—know where you stand.
Make how you use data clear, visible and accessible. Also, make it clear how you don't use personal data. Your customers will reward the transparency, and your organization will appreciate the reputational lift.
Turning Risk Mitigation Into Brand Differentiation
2022 is an opportunity for your leadership team to align on a vision for the future of data rights and your long-term data privacy strategy—and Marketing should be leading the way.
The benefits you'll see will far outweigh any perceived initial challenges as you move toward a more respectful, reasonable, and contemporary relationship with your user data.
More Resources on Data Rights and Privacy Regulations
Transparency and Trust: The Key Links Between Data Regulation and Customer Experience
Customer Analytics and Data Privacy Laws: On a Collision Course?
