Customer data protection should be prioritized more than ever in 2021.

With data breaches on the rise and non-compliance fines ballooning, the time is now for businesses to start paying more attention to securing collected customer data.

But how? To help, Exponea has created six guiding principles that will help your company keep customer data secure and stay out of harm’s way in the eyes of the law.

Without further ado, it’s time to HOLD’EM Secure.

The acronym that illustrates the above six principles will help guide your company with customer data security and help it to avoid any potential consequences with governing laws. Let’s look deeper at each statement.

Honesty

Be clear about what you collect and why. A simple principle that can have severe consequences when not followed.

To be specific, be clear about the personal data you are collecting from your customers, how you are collecting, and why it is necessary for your company to obtain it. Honesty truly is the best policy when collecting customer data.

How can this be done? Maybe most importantly, when asking customers to accept or decline cookies. It is important to clearly communicate the purpose of your website’s cookies, who else you will be sharing the collected information with, and exactly how a customer can opt out of being tracked.

The same principles apply when collecting information for the purpose of taking a next step with your company.

Best practice is to only collect necessary information for the next step to take place. It is also best to be forthright about what steps will happen for customers when they complete the required or suggested actions. 

All in all, it’s just best not to be sneaky. Penalties can be severe if caught.

Google was fined $56.6 million in 2020 because it “should have provided more information to users in consent policies and granted them more control over how their personal data is processed”. A steep price to pay for not being forthright about data collection methods.  

Obedience

Seek your customers’ consent and respect their requests. Online success is all about consent.

The goal is not to figure out ways of tracking, targeting, and marketing to your customers without their knowledge. The goal should be to offer your customers an experience worth giving you all of the necessary consent to get that experience.

Make them love the personalisation and they will be happy to provide the data. Truly a win-win scenario.

Things can be bad for companies who are not obedient. Amazon France was given a $42 million fine in 2020 for tracking users without prior consent. 

Legality

Stay within legal limits.

While the law differs in different corners of the globe, it basically requires the same thing of every company: take precious care of your customers’ data.

Part one of our “Don’t panic: A marketer’s guide to customer data security” gives an in-depth breakdown of five of the world’s most visible laws and guidelines for companies to follow, including the General Data Protection Regulation (GDPR).

One important thing to remember: even though your company is not headquartered or located in the country enforcing a particular law, it can still be held accountable for following that law. This is because the internet connects the entire world with just a few clicks and your company very well may have customers from countries with strict data protection laws.

It’s best to have an understanding of these laws and govern your internal actions accordingly. You can end up receiving a fine like Marriott did if not.

Marriott was fined £99 million for failing to comply with multiple GDPR rules. 

Defense

Defend data from anyone and anything.

To borrow a sports cliche:  “the best offense is a great defense”. True in athletic competition and true in customer data collection as well.

How, exactly? Well, in this case, defense is protecting your customer data and offense is the many marketing campaigns that you can carry out once you have healthy customer data.

The marketing campaigns are useless without ample amounts of legally obtained customer data. Therefore, everything starts with customer data and it must be protected as such.

Protecting customer data is easy with Exponea’s Customer Data and Experience Platform. The CDXP securely compiles siloed customer data from every corner of your company so that you can connect with customers via marketing automation techniques that meet them at whatever stage of the customer journey they are at.

Exponea was the world’s first GDPR certified SaaS company and holds top security certifications to help keep our customers as protected as possible.  Defense of data will always be a priority.

The risks are high if your defense of data is not up to par. British Airways received a £183 million fine for failing to put enough security measures in place. 

Exactness

Maintain data accurately and keep it up to date.

Your company is responsible for the actions that happen after data has been collected. Wrong data can have a wide variety of negative consequences.

For example, a wrong salutation in an email lowers your chances of being a loved brand. But a consent management issue can earn you a multi-million dollar fine by the data protection authorities.

You should sanitize your mailing list regularly, not use unlimited time consents, and assess your data structure before trying a new use case. Testing your website and systems from time to time on your own is also good practice.

According to GDPR, customers have the right to request that companies update their personal data when they believe it might be incorrect. But waiting for a customer to make this specific request is not best practice when you have a hunch that data needs to be corrected.

Italian telecommunications operator TIM was fined €27.8 million in 2020. One of the reasons for the fine was improper management of consent lists. 

Minimization

Keep only what you need.

Customers are going to shop with brands that they can trust. Do not “spy” on your customers by collecting masses of useless data.

Instead, collect the necessary data to personalize their experience and explain to them the reasoning behind why the data needs to be collected.

Knowing that a person is a millennial, likes nice shirts, and makes a new purchase every month has the same value for you as knowing that the person was born on a certain date, takes photos of their nice shirts on their private Instagram, and gets their salary paid on the first day of every month.

But for the customer, keeping the second set of personal information private makes all the difference in the world.

Additionally, there is no reason to keep data once you have no use for it. Not only are you risking a data leak, the data will likely not be as useful for you in the future as you might think.

Customers’ behavior changes quickly so what might have been relevant last year might not be relevant this year. Make some analysis of the data, keep the statistics, and once you are done, dispose of the data in a secure way.

Danish furniture company IDDesign received a fine of nearly €150,000 for possessing the personal data of customers for a longer time than was necessary. Don’t let this happen to your company. 

Protect your data with Exponea

Ready to secure and protect your data with the best customer data platform on the market?

Exponea’s Customer Data and Experience Platform is the highest rated Customer Data Platform according to independent review site G2. The CDXP will allow you to unify all of your customer data and deliver top notch customer experiences, all with a single solution.

Ready to see the CDXP in action? Watch our short demo video to see how you can turn customer data into marketing magic without worrying about security and data privacy. If you’re interested in learning more about data privacy and security, Exponea Academy’s Privacy Fundamentals course is the deep dive you need to master the topic and become an expert.