LAPORAN RESMI

How to manage customer data in an era of privacy concerns

The world runs on customer data. In fact, many thought leaders call data “the new oil” because of its value and potential. But customer data management comes with a growing number of risks and challenges.

As data breaches become more common, worried consumers are more discerning about who they share their information with. McKinsey research suggests 87 percent of consumers won’t conduct business with an organization if they have concerns about its data privacy management. Many consumers are also switching to privacy-first browsers and search engines like DuckDuckGo and Brave.

Mereka tidak sendirian dalam kekhawatiran mereka: Organisasi hak privasi akar rumput dan nirlaba meningkatkan kesadaran dan melobi pemerintah untuk perlindungan yang lebih baik. Organisasi keadilan sosial lama seperti American Civil Liberties Union juga berfokus pada data konsumen karena muncul sebagai isu hak sipil.

Eropa dulunya berdiri sendiri sebagai pemimpin dalam menegakkan kebijakan perlindungan data, tetapi sekarang Australia dan negara-negara lain telah meningkatkan upaya mereka. AS terutama mengambil tindakan di tingkat negara bagian, dan para pembuat kebijakan di California terus menyempurnakan peraturan mereka.

To reduce risk and increase trust, you need a comprehensive, three-pronged approach to data: educate employees about regional and global laws, create a technology and data management strategy, and foster a customer-first mentality. Over the next few chapters, we’ll provide an overview of how to do this and share best practices for implementing technology to make the most of the data you collect.

The current landscape of data privacy

Beberapa negara tergolong baru dalam menangani privasi data, sementara yang lain merupakan pelopor. Swedia mengesahkan undang-undang data pada tahun 1973, yang mengkriminalisasi pencurian informasi komputer dan digital serta memberikan hak kepada subjek data untuk mengakses data mereka. AS tidak memiliki kebijakan yang berkaitan secara khusus dengan hak data hingga Undang-Undang Perlindungan Privasi Online Anak (COPPA) pada tahun 1998.

Kini, peraturan privasi data berbeda-beda di seluruh dunia, sehingga menciptakan lanskap yang tidak merata bagi organisasi untuk bernavigasi dalam ekonomi global yang terus berkembang. Ditambah lagi, peraturan berubah berdasarkan industri atau jenis informasi yang dikumpulkan. Beberapa undang-undang nasional bahkan memperluas perlindung kepada penduduk di mana pun organisasi tersebut berada.

Saat ini, Uni Eropa memiliki beberapa perlindungan data terkuat dan terlengkap di dunia. Dewan Uni Eropa dan Parlemen Eropa mulai memberlakukan Peraturan Perlindungan Data Umum (GDPR) pada tahun 2018, dua tahun setelah disetujui. Peraturan tersebut membatasi jumlah data yang dapat dikumpulkan organisasi hingga jumlah yang diperlukan untuk menjalankan bisnis dan memberikan kewenangan kepada individu untuk meminta semua data mereka. Dalam beberapa kasus, konsumen bahkan dapat meminta agar informasi mereka dihapus.

In contrast, the U.S. has no one law governing data protection — but individual privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), and the previously mentioned COPPA combine to create a patchwork of federal oversight.

Beberapa negara bagian memiliki undang-undang privasi data mereka sendiri, dan semakin banyak negara bagian yang mengikutinya. California Consumer Privacy Act (CCPA) tahun 2018 memberikan penduduk beberapa hak dan perlindungan yang sama seperti GDPR. Organisasi harus mengungkapkan cara mereka menggunakan dan membagikan data pelanggan dan memberi pelanggan kesempatan untuk mencegah penjualan data mereka atau menghapusnya sama sekali.

In March 2022, Utah became the fifth state to sign a consumer privacy act into law, joining California, Nevada, Virginia, and Colorado. Michigan, New Jersey, Ohio, and Pennsylvania have introduced similar laws.

Beberapa organisasi berpengaruh membentuk kebijakan perlindungan data mereka sendiri untuk tetap menjadi yang terdepan. Pada tahun 2021, Apple merilis serangkaian peningkatan privasi yang mengharuskan pengembang untuk meminta izin kepada pengguna sebelum melacak aktivitas mereka di aplikasi dan situs web pihak ketiga dan menjelaskan informasi apa yang dikumpulkan aplikasi mereka dan bagaimana informasi tersebut digunakan. Baru-baru ini, Google mengumumkan bahwa mereka menawarkan lebih banyak perlindungan terkait informasi perawatan kesehatan yang sensitif, dan lebih banyak organisasi diharapkan untuk mengikutinya.

Global cybercrime costs are expected to reach $10.5 trillion USD annually by 2025.

As data privacy management concerns mount among both consumers and legislators, it’s imperative that organizations be proactive about their data collection and management policies. Cybersecurity Ventures, a leading researcher of the global cyber economy, expects global cybercrime costs to grow to $10.5 trillion annually by 2025. In spite of these risks, a World Economic Forum survey found that 59 percent of organizations may find it challenging to manage cybersecurity incidents because of a shortage of technical skills on staff.

How to future-proof your organization’s customer data management policies

Most organizations already have policies and solutions to safely store, report on, and erase customer data in compliance with regulations. But since regulations constantly evolve, you need a strategy to mitigate future risks.

Responding to changes as they come up will be more time-consuming than staying ahead of them. Ensuring your customer data privacy system is future-proof saves time and money and makes it easier to navigate the changing data landscape. But revamping your existing policy, or building a new one from scratch, requires careful research and planning.

What do futureproof customer data management policies look like?

Many organizations have already overcome the strategy hurdles that defined the early days of customer data governance, including identifying what information they need, how to get it, and how to store it. Next, organizations focused on improving accuracy and eliminating data silos and storage of unnecessary information to maximize and streamline the use of customer data. Now, compliance with data privacy regulations and consumer trust are becoming issues that impact profitability.

Here’s what a future-proof policy looks like.

Designed for global standards

Even if your organization operates in a limited market, you should design your policy to match the highest standards in the world. Many municipalities look to others for guidance on how to draft their own data privacy legislation, so the laws of one land could soon become the laws of yours.

Failure to adopt a global mindset could also hinder your organizational growth. You may decide to expand into a new market or additional regions. If those new areas are governed by data privacy regulations you neglected to incorporate into your policy, your organization will have to start from square one.

All-encompassing

Kebijakan pengelolaan data modern memerlukan lebih dari sekedar masukan dari bagian umum dan TI — kebijakan tersebut juga perlu melibatkan pemangku kepentingan dan menyatukan berbagai departemen untuk menegakkan kepatuhan. Data pelanggan dapat berakhir di tangan bagian pemasaran, penjualan, layanan pelanggan, akuntansi, dan departemen lainnya. Berbagi data antar departemen ini membantu memberikan pengalaman pelanggan yang lebih baik, tetapi juga menimbulkan lebih banyak risiko. Dengan kebijakan privasi data yang semakin memengaruhi perilaku konsumen, berbagai organisasi perlu memperlakukan tanggung jawab mereka atas perlindungan data sebagai pendorong pendapatan, bukan sebagai beban.

Uniform

A future-proof data management policy is the same for each department and employee. Uniformity streamlines training. If an employee moves from one department to another, they won’t have to learn a new set of data privacy policies to function in their new role. Having one universal policy may even allow you to create organization-wide data management training.

Transparan

Consumers want to know exactly what information an organization collects and why. A future-proof customer data management policy details exactly when and how to share this information with customers. Transparency is not a one-time action but an ongoing practice that needs to be enshrined in protocol.

Flexible and scalable

A future-proof customer data management policy adapts to changing regulations, as well as the needs of a growing organization. Every aspect of the policy is expandable without making drastic, structural changes, even when new laws go into effect. You can update your data management policy seamlessly when it’s powered by the right software.

Developing a future-proof data management policy

The guidelines above clarify the goals of your customer data management policy, but putting them into action is a different matter.

Developing a new policy begins with researching current data privacy laws. Find the laws that govern your market and the regulations influencing the global business community. Search government web pages for the full texts of their compliance rules or other resources that simplify the language. The European Union has a checklist for how to establish GDPR compliance. Organizations like Digital Impact offer toolkits to help nonprofits improve their data privacy compliance.

The next step is auditing your organization’s current policy to identify how it fails to comply with global standards. List everything you need to change and how you’ll update it.

This audit is also an opportunity for stakeholders to flag any potential challenges of enforcing global standards. Get input on drafts of the policy from experts in the department involved in customer data management. They will have more insight into challenges than IT or legal. Partnering with them early in the process will improve buy-in and aid rollout and implementation.

Finally, train all employees who handle sensitive customer data on your organization’s new policy. This training should educate employees on the following:

The protocols they should follow to comply with the new policy. Highlight the changes from your previous policy.
The dangers of data breaches. Mention fines that result from non-compliance and the impact data leaks could have on customers.

Create an internal chain of command that outlines who enforces the customer data management policy, as well as who will amend it as regulations evolve. Establish a line of communication for employees who may have questions after training.

Throughout this process, leverage data privacy consultants, lawyers, or other experts to ensure your policy is compliant and easy to update. No organization has to handle this challenge alone.

The importance of a scalable customer data management system

Customer data management policies are useless unless enforced. A customer data management system or platform serves as a dashboard for all your customer information and the central tool of privacy policy enforcement. This technology needs to be as scalable and future-proof as your policy.

A data management system should enable your organization to follow whatever privacy policy you want. Beyond your policy, the management platform you choose needs to follow specific compliance protocols on the backend. For example, even if you draft a policy that doesn’t fully comply with GDPR, your platform should comply with it in case you want to expand into Europe later. Otherwise, you will have to find a new technology solution in addition to updating your policy.

Using globally compliant technology right off the bat reduces the risk of compliance gaps and helps your organization align with your industry’s highest standards. This lays the foundation for trust with your community, customers, and prospects, as we’ll cover in the next chapter.

Trust is the #2 most important factor in the decision to buy from a new brand.

Source: Edelman

TRUST SECOND ONLY TO PRICE
FOR PURCHASE AND LOYALTY

Percent who say they focus most on each brand attribute

Source: Edelman

How to take ownership of customer data

In many ways, new data privacy regulations are forming at the perfect time. Organizations have never been more vulnerable to data leaks. Tightening regulations and organizational compliance is the perfect way to protect customers, restore trust, and safeguard the future of the digital economy.

However, more complex privacy policies also put organizations at higher risk of compliance breaches — a major liability, even if it doesn’t result in a data leak. Compliance breaches have three primary causes:

Human error. Sometimes, employees entrusted with sensitive customer information make mistakes that result in a breach, exposing your organization to fines. Examples include storing information incorrectly or accidentally sharing information with unauthorized parties.
Pekerjaan jarak jauh/hybrid. Kebocoran data meningkat sebesar 17 persen pada tahun 2021 karena meningkatnya pekerjaan jarak jauh. Karyawan jarak jauh dapat memaparkan informasi kepada peretas jika mereka tidak mengikuti protokol keamanan yang tepat — terutama jika mereka terhubung ke jaringan Wi-Fi terbuka di kedai kopi atau kafe. Selain itu, kerja jarak jauh sebenarnya meningkatkan dampak pelanggaran data.
Using non-compliant, third-party software. To be more productive, many workers use third-party software to manage information. If your employee uploads sensitive customer data to an unsafe app or software, your organization is liable for the risk, even if it’s not sanctioned by your organization.

Workers need to know the difference between compliant and non-compliant third-party apps, and your organization needs to educate them on the difference.

Taking a proactive approach to customer data management

Without proper guidance or support, your employees will inevitably do something to put customer data at risk. Facing this reality is the only way to protect your organization and your customers.

Educate employees about data privacy compliance, and support them with compliant third-party solutions. A comprehensive data management strategy also improves their customer experience delivery.

Deloitte’s 2022 Global Marketing Trends report overwhelmingly promotes one message: Put your customers first. With access to so many apps and digital services, consumers are used to a highly personalized customer experience and expect it from any organization. Marrying customer experience with a data management policy is the perfect way to put customers first. But doing so requires full control of your organization’s data.

Becoming a first-party data organization

For the past few decades, organizations have learned about their customers through cookies that track people across websites and social platforms. But in the wake of scandals like Cambridge Analytica, consumers are increasingly wary of companies tracking their web activities. Companies like Google are phasing out cookies entirely, while the GDPR demands that users grant tracking permission to websites that use cookies.

In a cookie-less world, organizations will become increasingly responsible for gathering customer data themselves. Organizations that use first-party data can customize exactly what data is collected — and the channels it’s gathered through — to solidify data privacy compliance.

Surprisingly, business leaders are finding that switching to first-party data is a major driver of growth. In fact, 61 percent of brands in a high-growth phase are moving to first-party data, compared to only 40 percent of shrinking companies. Organizations need a scalable, open API solution to do this effectively and continue growing.

61 percent of high-growth brands are switching to first-party data, compared to only 40 percent of brands on decline.

Customer data management systems to the rescue

The right customer data management system is essential to using first-party data as it can help optimize your use of high volumes of data. So, what are the benefits of a comprehensive data management system?

Deeper analytics

Go beyond merely storing data to actually parsing it for a deeper understanding of customer relationships. Analysts can leverage data for actionable insight into improving customer experience, offering more personalization and launching new products or features.

Dedicated storage for proprietary data

Without cookies, organizations need more storage space for the information they collect. Having a dedicated system and server unifies information to create a single, secure source of truth for all of your customer data.

Integration with first-party apps

A central database makes it easier to create first-party apps. You can design the interface to be compatible with your data management platform, with fewer chances of API or other compatibility issues that arise when using multiple solutions.

Higher security with third-party apps

Just as data management platforms improve compliance, they also improve security with third- party apps they integrate with — including Single Sign-On (SSO) integration capabilities and SOC 2 compliance. Many platforms provide higher visibility into what customer data is being shared with each app, with options to limit sharing. They can also detect and alert users when a third-party app seems dangerous to integrate with.

What to look for in a customer data management system

Finding a comprehensive customer data management system is vital to building a future-proof privacy policy. But data privacy compliance is just one trait to look at when evaluating different options. Here are other parameters and features to consider.

Maintainability

Organizations should prioritize long-term growth over speed when choosing a solution. In fact, an estimated 55 percent of firms will inflate their tech debt if they prioritize speed over maintainability, which could hinder future tech investments.

Sekuritas

Seberapa aman platform tersebut dari peretasan dan serangan keamanan siber? Apakah platform tersebut memenuhi standar keamanan industri dan global untuk penyimpanan data, enkripsi, atau perlindungan lainnya? Seberapa dapat disesuaikan dan tangguh kemampuan berbagi dan pembatasan data?

Customizable

How much can users personalize the platform? Can you tailor the experience to match your brand? Does the platform improve customer experience with conditional logic or prefilled text? Is it possible to remove unnecessary data silos so different departments, like marketing and customer service, can work together more effectively? Can you improve shareability without increasing the risk of compliance breaches?

No code

Employees should be able to use and customize the platform without any coding skills. No-code solutions maximize user experience, both on the backend and the front end.

Mobile/cloud-based

In a hybrid workplace, employees need to connect to customer data wherever they are without sacrificing security or compliance.

Plug and play

The ideal solution should be ready to go without a complex installation process. Previous generations of office software sometimes required weeks or months for the seller to customize it. Modern data management systems walk users through installation.

End-to-end

The platform should be completely end-to-end, directly enabling the collection, use, and portability of data. Consider solutions that let users survey customers, analyze and share data, and generate external reports. These platforms should also automate communications and management workflows to minimize administrative tasks.

No-Code by the numbers:

41% of organizations used low- or no-code tools in 2019 and 2020, up from 34% the previous years.

Source: Venture Beat

70% of new applications developed by organizations will use low-code or no-code technologies by 2025.

Source: Gartner

48.6% of enterprises surveyed are purchasing low-code or no-code platforms to move innovation in-house.

Source: IDC

95% of new digital workloads are estimated to be deployed on cloudnative platforms by 2025, compared just 30% in 2021.

Source: Gartner

Nearly 60% of all custom apps are built by individuals outside the IT department. 30% of those apps are built by employees with little to no technical development skills.

Source: 451 Research and Filemaker, Inc.

How to become a customer-first organization

With a scalable platform, you have the tools to improve customer experience — including protecting customers’ sensitive data. Gartner predicts that in 2023, more than 60 percent of the world’s population will be able to exercise their privacy rights.

Consumers are more likely to trust companies that limit the use of personal data and respond quickly to security breaches. Any organization that doesn’t offer transparency about the kind of data it collects could lose their competitive edge.

The risks of neglecting customer data security

Adopting a customer-centric approach to data management isn’t just a way to maintain market share — it’s necessary to navigate data privacy changes.

Regulator semakin ketat dalam mengenakan denda atas pelanggaran, dan dendanya pun semakin besar. Pada tahun 2021, Otoritas Perlindungan Data Luksemburg mendenda Amazon sebesar $887 juta atas pelanggaran GDPR. Pada tahun yang sama, WhatsApp didenda $266 juta oleh Komisi Perlindungan Data Irlandia atas pelanggaran serupa.

In 2021, the average cost of data breaches was $4.24 million, but only a fraction of this goes to fines and remediation. Lost business and revenue accounts for one third of the cost, making it the most expensive aspect of any breach. After a major data breach, a tarnished reputation can haunt an organization for years, slowing recovery.

Becoming a customer-centric organization

Using data to improve customer experience begins with a strategy to get more first-party information. This strategy should cover how you gather information, what employees do with it, and how you show customers that you’re listening to their feedback.

Mulailah dengan memulai percakapan dengan pelanggan Anda. Buat survei dan sistem penilaian untuk mengumpulkan umpan balik pelanggan dan mulailah membangun basis data pihak pertama Anda. Pertimbangkan untuk memberikan penghargaan berupa diskon atau promosi lainnya sebagai imbalan atas partisipasi.

Use your customer data management platform to record the feedback, and analyze the data to develop new features, products, services, or customization options. Many organizations already do this to boost revenue, productivity, and customer loyalty.

Trader Joe’s is known to implement customer feedback to optimize inventory and hours, helping it achieve an astounding $1,750 in sales per square foot. Salesforce famously turned its customer feedback forum into an online community called IdeaExchange. Originally started to gather suggestions from customers, it quickly evolved into a way for business owners to connect.

Transparency is another key to improving customer experience — and complying with emerging data privacy regulations. Your organization should explain the reason for gathering or tracking data, highlight the value of doing so, and offer an opportunity to opt out of data collection. Have these messages come from actual leaders at your company. For example, frame an email announcing new data privacy features as a message from the head of your IT department.

Providing more insight into your organization’s culture, leadership processes, and decisionmaking can dramatically improve customer engagement as well — with benefits to the bottom line. When consumers understand an organizations’ purpose, they’re four times more likely to purchase from the company.

Take your customer-centric approach deeper by forming an advisory board for your organization’s most loyal followers. This rewards them with the opportunity to influence decision-making and product development, while helping you learn what they want. Analyze customer data to identify who they are and invite them to participate.

The most important element of becoming a customer-centric organization is to meet customers where they are: online, through digital experiences. A no-code data management platform will create touchpoints with each of your customers while streamlining collaboration as well as data compilation and storage.

Forrester Research predicts that the most innovative leaders in tech will move beyond digital transformation to focus on human-centered transformation that merges customer and employee experience.

Source: Forrester

Putting data privacy concerns to rest

The biggest data challenge lies not in how it’s used but in how it’s kept safe — and how to ensure data safety earns customer trust. Organizations must strike a delicate balance between regulation compliance, customer expectations, and their own data needs. Effectively managing all of this will soon be a leading indicator of whether or not an organization can succeed.

Berpusat pada pelanggan telah menjadi kata kunci selama dekade terakhir, namun organisasi harus menerapkan konsep ini dengan sungguh-sungguh dalam menjaga informasi berharga yang dipercayakan kepada mereka. Untungnya, dalam upaya mereka untuk meningkatkan keamanan dan kepatuhan serta merombak infrastruktur TI, organisasi dapat menjadi sangat transparan dan membangun hubungan baru dengan pelanggannya. Saat organisasi memilih solusi enterprise menyeluruh, mereka memiliki resource yang dibutuhkan untuk tetap mematuhi undang-undang privasi data internasional, serta memperluas skala di pasar yang lebih besar. Dengan solusi enterprise tanpa kode yang dapat disesuaikan, organisasi Anda memiliki sumber daya utama untuk sukses dalam pengelolaan data pelanggan dan pasar Anda masing-masing.