en DE RU
Request Demo
Bloomreach Acquires Exponea. Learn more

How Exponea Protects Your Data

A Comprehensive Overview of Exponea Security Features

Listen this article on:

What are six guiding principles that will help me keep customer data secure?

Mar 28, 2021 Carl Bleich 6 min read

Author’s note: You’ve done all of your research, spent hours going through different options, seen an amazing demo, and are finally ready to purchase your customer data platform. But one last step looms…final approval. Make sure that you are armed with information you need to prove that your CDP is safe and secure. This is the eighth article in Exponea’s series “Don’t panic: A marketer’s guide to customer data security”. This series will help educate marketers on why security is so important right now and give them the proper tools to help ease the nerves of risk-averse colleagues who may not fully understand the benefits of a CDP.

Customer data protection should be prioritized more than ever in 2021.

With data breaches on the rise and non-compliance fines ballooning, the time is now for businesses to start paying more attention to securing collected customer data.

But how? To help, Exponea has created six guiding principles that will help your company keep customer data secure and stay out of harm’s way in the eyes of the law.

Without further ado, it’s time to HOLD’EM Secure.

security marketing - 6 privacy principles

The acronym that illustrates the above six principles will help guide your company with customer data security and help it to avoid any potential consequences with governing laws. Let’s look deeper at each statement.


Be clear about what you collect and why. A simple principle that can have severe consequences when not followed.

To be specific, be clear about the personal data you are collecting from your customers, how you are collecting, and why it is necessary for your company to obtain it. Honesty truly is the best policy when collecting customer data.

How can this be done? Maybe most importantly, when asking customers to accept or decline cookies. It is important to clearly communicate the purpose of your website’s cookies, who else you will be sharing the collected information with, and exactly how a customer can opt out of being tracked.

security marketing - cookie consent

The same principles apply when collecting information for the purpose of taking a next step with your company.

security marketing - honesty

Best practice is to only collect necessary information for the next step to take place. It is also best to be forthright about what steps will happen for customers when they complete the required or suggested actions. 

All in all, it’s just best not to be sneaky. Penalties can be severe if caught.

Google was fined $56.6 million in 2020 because it “should have provided more information to users in consent policies and granted them more control over how their personal data is processed”. A steep price to pay for not being forthright about data collection methods.  


Seek your customers’ consent and respect their requests. Online success is all about consent.

The goal is not to figure out ways of tracking, targeting, and marketing to your customers without their knowledge. The goal should be to offer your customers an experience worth giving you all of the necessary consent to get that experience.

Make them love the personalisation and they will be happy to provide the data. Truly a win-win scenario.

Things can be bad for companies who are not obedient. Amazon France was given a $42 million fine in 2020 for tracking users without prior consent. 


Stay within legal limits.

While the law differs in different corners of the globe, it basically requires the same thing of every company: take precious care of your customers’ data.

Part one of our “Don’t panic: A marketer’s guide to customer data security” gives an in-depth breakdown of five of the world’s most visible laws and guidelines for companies to follow, including the General Data Protection Regulation (GDPR).

One important thing to remember: even though your company is not headquartered or located in the country enforcing a particular law, it can still be held accountable for following that law. This is because the internet connects the entire world with just a few clicks and your company very well may have customers from countries with strict data protection laws.

It’s best to have an understanding of these laws and govern your internal actions accordingly. You can end up receiving a fine like Marriott did if not.

Marriott was fined £99 million for failing to comply with multiple GDPR rules. 


Defend data from anyone and anything.

To borrow a sports cliche:  “the best offense is a great defense”. True in athletic competition and true in customer data collection as well.

How, exactly? Well, in this case, defense is protecting your customer data and offense is the many marketing campaigns that you can carry out once you have healthy customer data.

The marketing campaigns are useless without ample amounts of legally obtained customer data. Therefore, everything starts with customer data and it must be protected as such.

Protecting customer data is easy with Exponea’s Customer Data and Experience Platform. The CDXP securely compiles siloed customer data from every corner of your company so that you can connect with customers via marketing automation techniques that meet them at whatever stage of the customer journey they are at.

Exponea was the world’s first GDPR certified SaaS company and holds top security certifications to help keep our customers as protected as possible.  Defense of data will always be a priority.

The risks are high if your defense of data is not up to par. British Airways received a £183 million fine for failing to put enough security measures in place. 


Maintain data accurately and keep it up to date.

Your company is responsible for the actions that happen after data has been collected. Wrong data can have a wide variety of negative consequences.

For example, a wrong salutation in an email lowers your chances of being a loved brand. But a consent management issue can earn you a multi-million dollar fine by the data protection authorities.

You should sanitize your mailing list regularly, not use unlimited time consents, and assess your data structure before trying a new use case. Testing your website and systems from time to time on your own is also good practice.

According to GDPR, customers have the right to request that companies update their personal data when they believe it might be incorrect. But waiting for a customer to make this specific request is not best practice when you have a hunch that data needs to be corrected.

Italian telecommunications operator TIM was fined €27.8 million in 2020. One of the reasons for the fine was improper management of consent lists. 


Keep only what you need.

Customers are going to shop with brands that they can trust. Do not “spy” on your customers by collecting masses of useless data.

Instead, collect the necessary data to personalize their experience and explain to them the reasoning behind why the data needs to be collected.

Knowing that a person is a millennial, likes nice shirts, and makes a new purchase every month has the same value for you as knowing that the person was born on a certain date, takes photos of their nice shirts on their private Instagram, and gets their salary paid on the first day of every month.

But for the customer, keeping the second set of personal information private makes all the difference in the world.

Additionally, there is no reason to keep data once you have no use for it. Not only are you risking a data leak, the data will likely not be as useful for you in the future as you might think.

Customers’ behavior changes quickly so what might have been relevant last year might not be relevant this year. Make some analysis of the data, keep the statistics, and once you are done, dispose of the data in a secure way.

Danish furniture company IDDesign received a fine of nearly 150,000 for possessing the personal data of customers for a longer time than was necessary. Don’t let this happen to your company. 

Protect your data with Exponea

Ready to secure and protect your data with the best customer data platform on the market?

Exponea’s Customer Data and Experience Platform is the highest rated Customer Data Platform according to independent review site G2. The CDXP will allow you to unify all of your customer data and deliver top notch customer experiences, all with a single solution.

Ready to see the CDXP in action? Watch our short demo video to see how you can turn customer data into marketing magic without worrying about security and data privacy. If you’re interested in learning more about data privacy and security, Exponea Academy’s Privacy Fundamentals course is the deep dive you need to master the topic and become an expert. 


How Exponea Protects Your Data

A Comprehensive Overview of Exponea Security Features

meet the author
Carl Bleich
Content Marketing Manager
Carl works with Exponea experts to produce valuable, customer-centric content. A trusted expert with over 15 years of experience, Carl loves exploring unique ways to turn problems into solutions in the martech space.  

Watch Exponea demo video!
Explore the Customer Data & Experience Platform B2C Leaders Love to Use

MISSGUIDED Victoria Beckham Desigual
ebuyer River Island

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.