Take a moment to consider your favorite relationship. What makes it special? Most likely, one of the first qualities that comes to mind is that a strong level of trust has been built. Just like in interpersonal relationships, trust is also a critical component for consumers when deciding how and with which businesses they will interact. This is especially prevalent when it comes to their digital footprint and personal data privacy. Consumers want to have control over the data they share (or don’t share), and more importantly, want to trust that their data is managed responsibly and ethically.
As a company utilizing SAP, what can be done to develop such trust with consumers? Let’s explore.
Above all, it is imperative that companies develop a mature end-to-end data privacy program. A well-defined end-to-end program means that the entity has every phase of the consumer data experience covered: data collection, storage, keeping data secure and confidential and fulfilling consumer data requests. While it may seem obvious, there are several reasons why mature privacy programs are so important.
For starters, there are a number of evolving local and global regulations that require companies to manage consumer data appropriately, including California’s Consumer Privacy Act and the EU’s General Data Protection Regulation. Additionally, there are significant financial and reputational benefits that businesses experience when they build trust with their consumers around how their data is being managed. The key here is trust. Not only do companies need to have the correct data collection mechanisms and privacy policies established from a compliance perspective, but they also need the consumer to know that they are treated as a priority as an individual. So, how exactly can a data privacy program build trust?
While it may seem complex, building trust with consumers can be summarized by three activities:
- Collect consent and preferences transparently
- Manage user data responsibly, ethically and compliantly
- Put customers in control of their data
Let’s discuss each of these activities in a bit more detail, including how systems such as SAP’s end-to-end privacy solution with Customer Data Cloud (CDC) and BigID can help companies realize a mature data privacy practice.
Collecting consent and preferences
Often, the first interaction in a consumer-business relationship involves the business collecting personal information from the consumer. This is a big opportunity for service providers to begin the relationship with trust. Companies should be upfront with their privacy policies and communicate why they are collecting each field of personal information and ask the consumer for their consent to do so. This puts the customer in control and makes them feel valued. Additionally, consumers should have the ability to update their preferences over time for how their personal information is being used.
It can be difficult to track and manage consent. That’s why it is important to have a system or mechanism, such as SAP’s Customer Data Cloud (CDC), dedicated to consent management. CDC acts as a centralized preference repository that allows for customers to self-service their consent and preferences. CDC integrates seamlessly with other solutions such as SAP’s BigID, a data discovery and privacy system.
Manage data responsibly, ethically and compliantly
Once personal data is collected, the next challenge for the company is to manage the data in a secure, responsible and ethical manner. To do this, the company needs to understand where all of an individual’s data resides across their entire data landscape. In addition to compliance with data privacy law, the company should do the right things with user data, considering the human impact. This includes making decisions to share or not share customer data with third parties.
BigID is a data intelligence platform with apps for privacy, security, and governance. On the privacy side, there are apps to help with end-to-end privacy management: from data rights to privacy impact assessments to privacy portals and more – all specializing in the management of consumer, employee, and personal data. BigID uses machine learning technology and artificial intelligence to scan for data across an entire landscape of data sources, creating an inventory of data that can accurately detail where all data resides – and whose data it is. This is especially helpful when it comes to responding to requests from consumers to update, delete or share copies of their data.
Putting customers in control of their data
Consumers should be empowered to have a stake in the use of their personal data. Thanks to some of the regulations mentioned previously, consumers often have legal rights to their data as well, known as data subject rights. As a best practice for data collection, a company should make it easy for consumers to make requests on their data.
BigID’s privacy apps enable organizations to easily manage data rights: from the front end where consumers can make data requests (through a customizable privacy portal), to behind the scenes – so that the organization can automatically fulfill those requests – whether it’s reporting on what data they hold or verifying deletion and right to be forgotten. BigID scans all the connected data sources and correlates an individual to all their data to fulfill their request. The ability to respond to consumer requests efficiently and accurately is key to maintaining trust.
Now more than ever, service providers should place data protection at the forefront of your information technology program. Take steps today to build trust by enhancing consumer privacy. By placing consumer protection at the forefront and focusing on the three trust-building activities, along with the support of tools like CDC and BigID, the consumer-business relationship can be a long-term and mutually rewarding one.
To learn more about our SAP capabilities, contact us or visit Protiviti’s SAP consulting services.