A recent report conducted by Siteimprove and IDG found that one quarter of respondents cannot confirm that their websites are GDPR compliant, more than a year after the regulation came into effect.

While that might seem merely like a legal compliance issue—it’s actually a major problem for business survival and growth.

In 2017, The Economist ran an article titled The world’s most valuable resource is no longer oil, but data. Protecting that data from security threats is critical for businesses to succeed.

But more than that, being GDPR compliant and thoroughly protecting customer data will become a significant competitive advantage, as consumers are becoming acutely aware of what the misuse of their data means for their personal and professional lives. “Consumer trust has become the new battleground for digital success,” according to Cognizant.

To that point 91% of consumers are “concerned” or “very concerned” about the privacy of their data online. In order to win the trust of those customers (and their business), companies will have to redefine how they approach not only their data privacy and security, but their company culture, ethics, products, and more.

Graphic that says: point 91% of consumers are “concerned” or “very concerned” about the privacy of their data online

Earning and keeping customer trust isn’t simply ensuring your business has secure data storage—it’s a shift in strategy. Manish Bahl, a Senior Director at the Cognizant Center for the Future of Work, wrote, “Trust is not limited to just privacy, security or technology issues, but is the new consumer-provider pact that will increasingly drive business success.”

Below, we’ll cover the cost of losing customer trust and what businesses can do to ensure trust and security are at the heart of their strategy and competitive edge.

Why is customer trust important for competitiveness?

It’s not a surprise that customer trust is an important part of being a successful business, but what might come as a surprise is how customer trust is now interchangeable with data security and how upholding those values is truly what makes your business competitive.  

Well over half (57%) of consumers will stop doing business with a company they believe has broken their trust by using personal data irresponsibly. And on top of that, 50% of consumers are willing to pay a premium for products/services that protect personal information.

Graphic that says: Graphic: 57% of consumers will stop doing business with a company that has used their personal data irresponsibly

“There is a gap between what consumers want – openness and knowledge about the use of their data – and what they see businesses doing,” write Gry Hasselbalch and Pernille Tranberg for Data Ethics. 

Consumers care about their data and how it’s used. If they think a company is mishandling their data, they’re more than willing to stop doing business with that company.

Simply put, data breaches and abuse of customer trust cost businesses serious money. Take two American retailers as examples: Target and Home Depot.

After Target’s epic data breach in 2013, their sales fell by 46% year-on-year in the fourth quarter of 2013 and their stock dropped by 10%. Home Depot’s 2014 breach cost them $62 million in related costs.

While both of the retailers eventually recovered financially, the reputational impacts have been long-lasting, according to a Forbes Insights report, which found that 46% of companies have suffered reputational damage as a result of a breach. 

Graphic that says: 46% of companies have suffered reputational damage as a result of a data breach

It’s clear that gaining and keeping customer trust by protecting their data is vital to the competitiveness of a business and its ongoing success. But how can companies begin to do that? Below, we’ll dive into actionable steps you can take to get started.  

1. Establish a reputation for protecting customer privacy

To truly turn customer trust into your competitive edge, your organization first needs to establish a reputation for protecting customer data and privacy. The following steps will dive into more detail on how to actually build a more security driven culture and product, but that will only get your company so far. The other part of winning customer trust is to position yourself as a leader in your space on privacy and security.

Start by communicating, in detail, the steps your company is taking to keep customer information secure. Be transparent and thorough in your communication. As part of this process, educate consumers on how to use your product or service with cybersecurity best-practices. Two examples of brands doing this and taking a stand as data privacy advocates are Apple and Mozilla.

Apple

Apple’s CEO, Tim Cook addressed the European Parliament in 2018 to say, “We at Apple believe that privacy is a fundamental human right, but we also recognize that not everyone sees things as we do. This surveillance and these stockpiles of personal data serve only to enrich the companies that collect them.” 

This was not the first time Cook has taken a stand for data privacy. In 2015, he made a speech that heavily criticized Facebook and Google:

"I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information," Cook said.

"They're gobbling up everything they can learn about you and trying to monetize it. We think that's wrong. And it's not the kind of company that Apple wants to be," he continued.

As the leader of Apple, Cook has made it his personal mission to build a brand founded on privacy and user rights. But it’s not just Cook’s speeches that have securely established Apple as a data privacy thought leader—it’s also their products.

In 2019, Apple announced a single-sign-on (SSO) service called “Sign in with Apple.” Single-sign-on is when you can log in to apps or accounts using your Facebook or Gmail credentials—it’s quick and easy for consumers.

However, Apple’s SSO uses highly secure authentication, like Face ID or Touch ID, to sign into an account, which is already more secure than using Facebook or Google credentials. But on top of that, Apple will hide your email address from third-party services by creating random email addresses for you.  

Mozilla

Mozilla has also long been a thought leader in internet and data privacy. One of the ten principles in the Mozilla Manifesto is “Individuals’ security and privacy on the internet are fundamental and must not be treated as optional.”

More specifically, they’ve also argued that “we should all be able to choose – with clarity and confidence – what information we share with what companies, understanding the tradeoffs we’re making when we do.”

Beyond that, Mozilla produces easy-to-understand content for users on how they can best protect themselves from government surveillance, bad actors on the internet, and generally use cybersecurity best practices.

Mozilla doesn’t stop at educating users, they also develop products specifically for privacy, as well as lobby lawmakers to rein in mass surveillance.

Their private browser for iOS, Firefox Focus, “automatically blocks a wide range of online trackers — from the moment you launch it to the second you leave it. Easily erase your history, passwords and cookies, so you won’t get followed by things like unwanted ads.” 

2. Ensure you handle privacy by design

Privacy by design is a foundational element of developing customer trust, because it will put data protection and privacy at the center of your entire business operation.

The privacy by design framework was established in 2009 and calls for data and user privacy to be taken into account through the entire product development process. But privacy by design really came into the spotlight as part of the EU General Data Protection Regulation (GDPR).  

According to the Information Commissioner’s Office of the UK, “GDPR requires you to put in place appropriate technical and organizational measures to implement the data protection principles and safeguard individual rights. This means you have to integrate or ‘bake in’ data protection into your processing activities and business practices, from the design stage right through the lifecycle.”

When you rethink your company’s processes and systems from top to bottom with data privacy in mind, you’ll ensure a much more private experience for users. But while “baking in” data protection into your business practices sounds like a great idea, what does it actually look like?  

Below, we’ll cover the seven principles of privacy by design and what you can do to implement them.  

  1. Proactive not reactive; preventative not remedial

Laws and regulations will likely always be one (if not more) steps behind technology and will usually reactively address data protection issues. Instead, be proactive about protecting user privacy and adhere to the highest standards of best practice.  

  1. Privacy as the default setting

Collect as little data as possible and only what is absolutely necessary. On top of that, make the highest privacy settings the default for every user. For example, for social sharing apps, the strictest privacy and sharing settings should be the default.

  1. Privacy embedded into design

Privacy frameworks should be built into your processes from the beginning—never added as an afterthought. This ensures privacy becomes a core part of your business and customer offering.  

  1. Full functionality – positive-sum, not zero-sum

Commit to offering full functionality with a secure experience. You shouldn’t have to limit your product or selection because they aren’t secure or private enough. Don’t make tradeoffs that sacrifice privacy.   

  1. End-to-end security – full lifecycle protection

Your product or website experience should be fully protected and secure. From the moment you collect data to storing it, you should have security and privacy in mind—including confidentiality, encryption, etc. 

  1. Visibility and transparency – keep it open

Be transparent with customers. Let them know how exactly their data is being used and when it’s collected. Make sure you internally document processes, decisions, and frameworks to ensure everything is transparent and tracked.  

  1. Respect for user privacy – keep it user-centric

Put users’ interests and privacy above the needs of your business. Get free and specific consent for using their data, don’t pre-check boxes, don’t bundle all consent into one check box, etc.  

3. Be proactively transparent

When it comes to gaining a competitive edge in data privacy, transparency is key in earning and keeping customer trust. Don’t wait for laws and regulations to drag the truth out about how you process and store data. Instead, embrace transparency as a way to win customer loyalty.

“We should be 'privacy optimists' and see privacy as a way to build trust. The way we approach and handle personal data and privacy is a core trust indicator,” say the authors of Data Ethics, The New Competitive Advantage.

Don’t be passive in how you communicate your data practices by relying on your privacy policy to do all the communicating for you. The Eurobarometer survey, which surveys 28,000 Europeans found that only around one in five respondents read privacy policies thoroughly and one third never read them.

Graphic that says: only 1 in 5 consumers read privacy policies. 1/3 never read privacy policies

Instead, be proactive in how you communicate your data policies. Provide customers with a complete overview of the data you hold on them, where it comes from, how it’s collected, and how it’s used in a user-friendly way. An example of one brand doing this and using data privacy as its competitive edge is StartMail. 

StartMail

Ole Kjeldsen, who sits on the board of the Danish Digital Security Council, told Danish publication DR that, “When you pay for an app, it's a good indication that the app has a different business model than making money by sharing your data.”

It follows, then, that because users don’t pay for Google’s Gmail with a credit card, they most likely pay with their data.  

From 2004-2017 Google scanned personal emails for data that allowed them to serve up more personal ads to users. While Google itself stopped scanning users’ personal emails in 2017, they still allow third party apps to do so. According to the Wall Street Journal:

“Using software tools provided by Gmail and other email services, outside app developers can access information about what products people buy, where they travel and which friends and colleagues they interact with the most. In some cases, employees at these app companies have read people’s actual emails in order to improve their software algorithms.”

Enter StartMail. They’re very transparent about when they collect and process user data, and they’ve turned that transparency into their competitive edge. On their homepage, they clearly state, “We never read your email. We believe that your privacy is a basic human right worth fighting for.”

StartMail also allows users to use one-click encryption, has no tracking or advertising, and anonymizes all data they use. Their privacy policy is very easy to read and understand, as are their technical whitepapers on data privacy. By being so transparent about how they protect user data and limit data collection, StartMail gains a serious competitive edge over Gmail.

4. Create a culture of privacy ethics

One of the most foundational steps in truly turning customer trust into your competitive edge is establishing a culture of data privacy ethics within your organization. For data privacy to sit at the core of your business, your employees must be thoroughly bought into data ethics and data privacy.   

Already in 2015, Gartner said that by 2018, half of business ethics violations would occur through improper use of big data analytics. Part of why data ethics violations have grown (and will continue to grow) is because data is seen as a business necessity, while the protection and privacy of that data isn’t seen as a consumer right. When businesses do decide to protect user data, it’s seen more as a legal compliance issue or business necessity—not as a matter of user rights and ethics.  

Graphic with the text: 1/2 of business ethics violations  occur through improper use of big data analytics

The authors of Data Ethics, The  New Competitive Advantage wrote that “problems arise when a business only sees its handling of user data and privacy as good business and not as a core ethical choice.”

They continued by saying,

“A company sustains ethical data values by asking: Is this something I myself would accept as a consumer? Is this something I want my children to grow up with?”

When companies reposition their stance on data privacy into an ethical matter, it can radically change how the company approaches users and their competitors. Below, we’ll go through six steps to creating a culture of privacy ethics. 

  1. Write down the data ethics code of conduct

Whenever a business adopts new principles or values, they should be written down and widely distributed. A data ethics code of conduct is no different. Clearly and explicitly outline the expectations for compliance, integrity, and values. Make sure it’s clear what the penalties will be for violations, as well as how data ethics speak to wider company goals. 

  1. Focus on hiring and training

According to The Harvard Business Review, “interviews begin the  acculturation process,” meaning that future employees begin to understand a company’s culture and values already during the interview process. It’s important to discuss data privacy ethics early on in the hiring process, as well as make data ethics training mandatory for all new (and existing) employees. Don’t approach data ethics training as a box to be checked, but rather an integral part of becoming a contributing member of the company mission.  

  1. Bake privacy into the org chart

No company values will be fully adopted unless they’re high on the C-level agenda. If you look back to some of the examples we discussed earlier, Apple, StartMail, and Mozilla, you’ll notice that their leadership teams are heavily involved in their data ethics efforts.  

Beyond management advocating for data ethics, make sure there is a clearly defined data ethics/management team within your organization. Identify one person responsible for data operations, as well as a clear process for reporting data ethics violations.

  1. Appoint privacy advocates

Beyond formalizing a data ethics/management team, ensure there are data privacy advocates throughout the organization. At Apple, all product teams have a privacy expert, who is involved from the very beginning of all processes. Appointing privacy advocates better ensures that privacy by design is thought of early and often. 

  1. Emphasize transparency and communication

For data ethics to be part of your company culture, it’s important that you communicate an anonymous and secure way for employees to report data ethics violations. This gives employees the confidence they need to report any issues or violations.  

Employees should also have direct access to the person responsible for data ethics. Make that process accessible and transparent by creating an open-door policy for reporting violations. It’s important that the company’s stance on data ethics is communicated clearly and often, while the process for reporting violations is transparent and secure.

  1. Be consistent

While writing down a code of data ethics conduct, getting management to participate, and being transparent about how to report violations is a solid start to creating a culture of data ethics, if you aren’t consistent with how you handle and follow up with concerns, then the culture will fall apart.

Don’t ignore reports from employees on violations—no matter how high up the org chart they go. Take reports, concerns, and feedback seriously and handle them consistently.

Learn more    

It’s clear that gaining and keeping customer trust by protecting their data is vital to the competitiveness of a business and its ongoing success.

If you’re one of the 25% of businesses that cannot confirm if your website is GDPR-compliant or one of the 57% of companies who has experienced a data breach in the last three years, see how Siteimprove can help your team.

Manually searching for data across your digital assets is a tedious task. With Siteimprove Data Privacy, you save that time by automatically locating the personal data you handle online—think names, ID numbers, cookies, and more.

Now you have the power to pinpoint and remove that data across your website, minimizing the risk of potential legal consequences, and adopt better data privacy practices. Learn more by booking a 1-1 consultation.

Book a 1-1 consultation now