Nearly a year after the GDPR compliance deadline of May 25, 2018, global brands and agencies continue to discuss the best practices for winning and retaining trust in a post-GDPR world and what we've learned along the way.

One of those discussions took place at Sitecore Experience 2019, held in London, between a roundtable consisting of:

  1. Amir Dehnad, CX Strategist at Avanade
  2. Julian Archer, Senior Research Director of Marketing Operations Strategies at Sirius Decisions
  3. Cennydd Bowles, Author of Future Ethics, published in 2018.

Hosting the discussion was Sitecore’s Alison Sainsbury, Sr. SBOS Marketing Consultant, who kicked off the session with some insights into the post-GDPR landscape – stating that customer loyalty still exists, for those brands willing to work for it.   

Customer loyalty can still be won

“Today consumers are loyal to Tesla not because they believed they [have] great cars but because they believe they're saving the Earth. They are loyal to Nike because Nike tells you that if you have a body, you are an athlete. And Apple's purpose in your life is to give you an outlet for your creativity,” Sainsbury said.

“Trust is earned over time through a number of trust-building moments.” — Alison Sainsbury, Sitecore

She also highlighted that, while it’s true that 88% of consumers would pay more for a good experience, the issue of brand trust needs more attention.

In the last year, Sainsbury stated, 1.8 billion consumers across the world fell victim to a data security breach. Additionally, we saw Facebook defending themselves in the midst of Cambridge-gate, third-party data sharing, and the platform’s role in influencing politics. And yet, 90% of consumers are willing to provide their information if the companies show clear signs of committing to data protection. The takeaway here – trust is earned over time through a number of trust-building moments.

Should brands fear GDPR?

The short answer, according to Archer, is no.

“[GDPR] is actually forcing us to become better citizens and better businesses …” — Julian Archer

GDPR should be seen as an opportunity. From a B2B perspective, GDPR can be viewed as a framework to enable brands to demonstrate competency, honesty, and integrity. GDPR is not a “business prevention regulation,” it’s there to ensure both consumers and businesses are happy and confident and trust the idea of working within digital experiences.

GDPR represents the starting point for consumers to understand what personal data is being collected, and why, and to understand how that data is going to be processed and stored.

“[GDPR] is actually forcing us to become better citizens and better businesses so we can build that trust from the beginning,” Archer explained.

Approaching GDPR in a global context

Sainsbury mentioned that global organizations face some “very interesting challenges” due to operating in multiple countries and regions with varying data protection and usage regulations. Dehnad then explained how global brands can manage privacy and compliance.

According to Dehnad, managing privacy and compliance at a global level is one of the “biggest challenges” that these companies face, and at this moment, there is “no silver bullet” to the problem.

However, Dehnad advised brands to create a roadmap which starts with each country’s privacy standards at a local and regional level. Then, brands should familiarize themselves with how they capture and process the data as well as the technology they use. From there, brands can look out for common patterns across each of those regions so they can implement specific solutions for each country’s requirements.

Another area where brands are struggling, as Dehnad pointed out, is being able to search for data across the multitude of systems used in each region. The solution here is to identify the tools that will assist you in performing your data searches and implement a holistic assessment that helps brands retrieve the most relevant data and prevent any uncertain data from filtering through.

How GDPR is driving competitive advantage

Care of customer data is becoming an increasing competitive advantage for brands, as is empathy within customer experience design. Sainsbury asked Bowles how brands can bake ethics and empathy into their campaigns — and into their company-wide ethos.

Bowles distilled his response into three points of intervention:

  • Define your stakeholder: When defining stakeholders, many brands have made the mistake of focusing only on internal stakeholders, such as the C-suite, senior employees, and partners. Bowles made the imperative point that brands should instead label the customer as the key stakeholder.
  • Look at the global impact of your product or service: Besides focusing on your customers, brands need to know how their actions impact society on a global scale. Brands should have more ethical conversations during the development process. Bowles shared the example of Airbnb and how the service was originally designed for two groups of people, “people who buy properties and people who want to borrow them.” The wider impact that their service would have on the broader property market, or on the neighborhoods within which their service operates, was not anticipated.
  • Never underestimate the value of qualitative methods: While technology and humans “sort of coexist,” many of the dangers of technology fall on society’s most vulnerable people. Brands must be proactive, reaching out to and engaging these communities to understand what helps and what hurts them.

The time for transparency is now

With data breaches occurring more regularly, Sainsbury asked Dehnad how brands can keep consumer trust alive. In his response, he urged brands to practice transparency, and pair that approach with robust processes.

“Companies need to develop processes to be able to report breaches within 72 hours. [Brands] also need to have processes in place that can document what information is being stored and make it available both to the individual and the regulatory body that is overseeing them,” said Dehnad.

“Companies need to develop processes to be able to report breaches within 72 hours.” — Amir Dehnad

The panel went on to discuss various brands’ efforts toward transparent GDPR and broader data usage strategies.

GDPR is a company-wide challenge – with company-wide benefits

Archer pointed out that GDPR is not just a concern for those who handle data, which includes information officers and marketers. Instead, GDPR should impact everyone in the company, “including those who don’t deal with customers face-to-face.”

“Following GDPR regulation can help to reduce risk, both reputationally and legally…” — Cennydd Bowles

Brands need to ensure each internal stakeholder takes the responsibility to adhere to GDPR and ensure the customer has given their consent before the company can process their data.

Bowles wrapped up the roundtable discussion by touching on the benefits brought about by the GDPR.

“Following GDPR regulation can help to reduce risk, both reputationally and legally, as well as improved revenue via customer retention through data privacy and transparency,” Bowles said. He added that, while hefty fines have caused change in various industries, it’s too early to know and judge how long-lasting the impact of the GDPR will be.

Interested in learning more about GDPR and how Sitecore’s platform helps brands stay compliant? Check out our whitepaper: “Sitecore® and GDPR: How the Sitecore® Experience Platform™ supports your compliance.”