Incorporating Privacy by Design’s Positive-Sum Approach into Your Smart Data Business Strategy

AdminAdmin - 7 de April de 2021.

How an effective privacy program combined with smart data capabilities can overcome customer concerns while opening the door to maximum service personalization and revenue growth.

By Pedro Nunes, Chief Legal Officer and Data Protection Officer at Zoox Smart Data  and Daniela Cabella, Head of Privacy and Data Compliance and Data Protection Officer at Zoox Smart Data

Consumer-facing industries are seemingly at a crossroads where their customers expect to have products and services instantly personalized while zealously guarding their personal data that makes such custom-tailored experiences even possible. This concern understandably comes from countless reports of data theft from across multiple industries over the years and the consumer wish to keep personal information confidential. But what can businesses do to gain a competitive edge in the era of experience personalization while minimizing such fears? 

With ongoing advances in the field of smart data and customer profile technology, the answer fortunately is quite a lot. By adopting a smart data platform and working with a reputable provider, businesses can gain crucial insight into the unique interests of each and every customer. Just as importantly, they can also implement a data privacy program that not only adheres to the latest legal requirements but that ensures customers truly feel safe with the sharing and use of their data. Included in this article are four key data privacy steps that should be a part of any business’s smart data initiatives as they seek to earn customer trust while creating the ultimate in personalized service.


Step 1: Ensure a seamless data privacy chain of command

Updates or other issues related to data privacy can occur suddenly and with little if any notice, so the first priority in setting up an effective privacy program is to ensure the ability to respond and adapt quickly. This requires seamless and direct communication between relevant employees and business decision makers. Ideally, there should be no filter between staff tasked with data privacy and an organization’s leadership which could lead to delayed response times, an increased potential for error and reduced security effectiveness. 

There should also be either a Data Protection Officer (DPO) or Chief Privacy Officer (CPO) supported by a team of experienced employees who are solely dedicated to upholding data privacy rules. Such employees would report any data privacy matters to the DPO or CPO, who in turn serves as the main point of contact with an organization’s CEO. To ensure that customer information is always fully protected, a business’ data privacy team should also be given complete autonomy over how a privacy program is managed and should be made exempt from any company policies that may conflict with data privacy priorities. 


Step 2: Build your company’s privacy program from the ground up

Sensitive customer information can be found throughout most company operations so it is vital to adopt a privacy program that penetrates all areas of an organization. To start, customer privacy and data security should always be a visible and routinely communicated value across a business. It should be listed as a core component of an organization’s ethics and conduct code, and should always be a central aspect of any strategic planning. 

But as with any other organizational initiative, ensuring an effective privacy program requires determining what financial and labor resources are sufficient to maintain the highest level of security at all times. A team should be large enough to adequately handle privacy-related matters and requests that can come from any part of an organization on a daily basis. 

With data privacy-related tasks capable of multiplying rapidly, businesses should further adopt one-week sprint approaches along with adapted RUT and RICE matrices that assist with task prioritization. To streamline data privacy needs across a company’s various departments, a Privacy and Data Protection Interdepartmental Committee should be established to ensure collective, yet swift decision-making abilities in relevant cases. 

Managing sensitive customer data always comes with some form of risk, so it is prudent for any business to also establish a risk management program alongside their data privacy initiative. A risk management program should involve ethical assessment of processing customer data as an extra step to maintaining the trust and confidence of customers. Businesses further need to determine if cyber insurance is something that is relevant for their operations and should select the most appropriate one that can minimize liability.    


Step 3: Guaranteeing data privacy compliance 

The amount of new legislation being enacted across different regions can quickly unravel a company’s data privacy compliance if not appropriately addressed in a timely manner. To sidestep this challenge, businesses should first map out all personal data processing operations for customers as well as other individuals such as employees, customer representatives and third-party vendors.  Drawing out the operational flow can assist with this task and can be done using the ISO 29134 template. Next comes mapping out applicable legislation and determining the level of compliance necessary for each data privacy procedure, also known as legal compliance control. Legal compliance control can be seamlessly monitored and updated using specifically designed software or by using tools such as spreadsheets. This allows data privacy personnel to swiftly match up and determine if existing practices are in line with new requirements or if any revisions are needed. It can also result in a far more effective and speedier decision-making process, with relevant data privacy regulations instantly available at the push of a button.   

As data privacy needs continue to evolve, plans should be developed that provide team members with continuous learning opportunities in order to stay ahead of the latest procedures and requirements. Efforts should also be made to ensure that any employees working with data privacy matters hold valid certification. 


Step 4: Partnering with a smart data provider that knows the ins and outs of data privacy

With a robust and adaptable privacy program in place, businesses should next look for a smart data provider with proven experience in tailoring solutions to meet specific regional and/or business data privacy needs. The ideal provider should further be able to assist organizations in creating a communications and workplace culture that always places a top priority on safeguarding customer information. Lastly, data privacy should always be built into any solution being considered. This includes providing customers with full transparency on the type of data being collected, why it is being collected and how it is used. Most vital of all, a solution should always provide customers with the option to opt out at any point in time if desired and when the consent is the lawful basis for processing the customer’s personal data. 

With the implementing of the procedures outlined in this article, businesses will find that more customers feel at ease in sharing their data if they verify it is safe and used to enhance their own experiences. From there, the possibilities presented by a smart data solution become limited only by an organization’s imagination. With instant access to detailed analytics on each customer, a smart data solution serves as the ultimate tool to tailoring promotional campaigns and service recommendations in a way that always meets with customer expectations. 

According to Dr. Ann Cavoukian, Ph.D., “privacy by design seeks to accommodate all legitimate interests and objectives in a positive-sum ‘win-win’ manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made.” Taking this approach into account, and backed by a reputable provider, an advanced smart data platform can consequently ensure that data privacy concerns are fully addressed while providing each customer with the ideal experience that they have sought out for so long. From the perspective of a business’ decision-makers, such abilities can only lead to more satisfied and loyal customers along with a reliable and consistent increase in company revenues. This way, the customer wins (with their privacy effectively protected and managed), the business wins (increases revenues) and Privacy by Design’s positive-sum approach is indeed incorporated into the smart data business strategy. Everybody wins.


About the authors:

Pedro Nunes acts as Chief Legal Officer and Data Protection Officer for Zoox Smart Data and Zoox Media, and is in charge of overseeing all legal matters of the company in Brazil and abroad. Pedro has more than 25 years of experience working in some of the most prestigious Firms in Brazil and New York and has been advising both domestic and international clients on a wide variety of Brazilian law corporate transactions, with a focus on data protection matters in the last few years.

Daniela Cabella is Head of Privacy & Data Compliance and Data Protection Officer at Zoox Smart Data. She is also Co-Founder of Complete Privacy, a Professor at the Global Institute for Law & Innovation, and a lawyer post-graduated in Innovation Management and Digital Law. Daniela further holds CIPM certification, is a member of the International Association of Privacy Professionals (IAPP) and is the first person to be certified as a Data Protection Officer by Exin in the Americas. 



Free Materials