• Why should marketing play a role in managing privacy in an organisation? It’s boring, complex and just stands in the way of promoting our products and services.
  • There is a comprehensive privacy policy in place, and we make sure that customers accept it when signing up with us. That should be enough!
  • Customer data and privacy are complex and puzzling. Because of that they are best managed by Legal or IT departments to ensure compliance.

Well, that was my view a few years ago. I no longer think that way. 

Since then, focus has shifted from managing risks and ensuring legal compliance to its relevance to customer experience, with customer choice and trust at the heart of it. I now strongly believe that marketing and the CX teams are key stakeholders not just in the governance of privacy but play a crucial role in helping customers navigate this exciting and overwhelming world of data driven experience.

Often the first interaction customers have with a brand is through the onboarding journey. You just want to get on with the purchase, but suddenly ‘cookies’ windows pop up, or make you tick a box called Privacy notice and Terms & Conditions. This is the first moment of truth in building brand trust and not only should it be seamless, easy and welcoming, it should be clear, transparent and honest. However, what customers often see is a long, very complex document in a language they often don’t understand and are asked to make choices on how the brand should communicate with them and what should happen with the information provided. Sadly, even if they do agree (knowingly or simply to get to their own desired outcome) they often find that their choice is not respected.

I reckon this is both a missed opportunity to build customer trust and create the foundation for a good experience down the line.

Below are some principles to help you change the conversation from compliance to building customer trust. They helped me to change my view. 

1. Get the compliance right

Compliance is the baseline, and it is the foundation of good business practices. You should know what data you collect and why, where the data is stored and how the data are used, and your organisation should have robust security practices and establish data and privacy governance. It’s not the job of a single department or team but best addressed through a cross-functional and diverse group of decision makers that represent various customer touch points.  

2. Make privacy communication simple

Most customers don’t have legal degrees and don’t expect to have to think about ‘rights and responsibilities’ or make complex decisions when ordering that beautiful handbag. Privacy notices are overly overwhelming, complex documents and most customers do not bother reading them, and even if they do and have queries, it’s not like they are able to discuss it with anyone. They only have the choice of accepting it, if they want that beautiful handbag. 

So why not invest into an easy to understand document? A sincere, on-brand communication that explains to the customers how their data will be used is more effective at building trusted relationships than the long and confusing documents.

The ‘test’ isn’t just if it holds up to legal scrutiny, but if it holds to customer scrutiny. Privacy notices and internal privacy policies need to be written by communication experts who understand the audience it is intended for, supported by the Legal team. The tone of voice needs to reflect your brand and visuals, or video are a great way for most people to understand complex issues. You could even create a Privacy centre - a place for all things privacy and data, telling customers what your brand promise is.

Simplifying the privacy communication is a must day.

In the future, technology could help us manage our choices and data disclosures could be coded to be read by machines, as Geoffrey A. Fowler writes in his article “I tried to read all my app privacy policies. It was 1 million words”. Then your computer could act kind of like a butler, interacting with apps and websites on your behalf.

3. Tell customers how their data is used and what it is in for them

Often customers are told that their data will be used to provide better experiences and analyse their behaviour to inform product and services design without an example that people can relate to. Despite best intentions, this often is interpreted as a blank licence to do whatever the company wants, rather than as a benefit to the customer. 

Customers are more likely to share their data when they trust the brand and understand the value they will get back - so hiding behind ‘better experiences’ is way too generic to create such a relationship.

It’s all about the value exchange. If a customer believes that by sharing information they will get meaningful benefits, they are more likely to do so. Marketers should identify moments that matter to customers and use examples of such benefits when data is indeed being requested. These moments are all great opportunities to build trust. 

4. Give customers more control

Based on PwC research, almost 85% of customers want to have more control over their own data. And more than 80% said that they would willingly share data with a company they trust.*

*PwC research, Sept 2020.

As a minimum, customers should be able to access their profile easily, change their communication preferences, withdraw consent and choose if they want to share more data. If customers do not agree to share more data, they still should receive an exceptional service.

They should also be informed about this right frequently, transparently and in an easy way.    

5. Make it easy for customers to contact you

It sounds simple, right? Most of the time, that’s not the case. Recently I registered for a new online service in New Zealand and I noticed that to unsubscribe from communication, it was my responsibility to inform seven different organisations about it, even though I had signed up for only one service. This was because the service had six partners who were all using my data as well!

Customers should be able to contact you with questions, request information or unsubscribe from communication easily. You should be responsible for ensuring that this information is being passed on to your partners and anyone else you have shared the data with. That’s not the customer’s responsibility, even if you thought it was a good idea to include this in your terms and conditions. On top of that you should tell customers how long it will take for you to respond and what they should expect.

6. Train your team and make it relevant

A lot of the Privacy training focuses on the Privacy Act, GDPR and other compliance obligations. It can be overwhelming to hear how the legislative landscape is changing and what you have to do to adjust to it.

Privacy training should be as regular and often as any other training, and not just for those working with customer data. 

All teams need to have a baseline knowledge. However, you should adapt the privacy training, make it relevant, use visuals, games, work on relevant use cases together. Remember that the Marketing team engages with the topic differently than the Contact Centre team or the software developers. 

1. Start with the question "Should we?", not “Could we?”

Organisations invest a lot of resources in collecting more and more data and analysing customer behaviour. AI is seen to be the solution to solve all business problems and as Deb Lavoy, the founder Narrative Builders said, we are in a race to find out everything we can, and to use it to the greatest extent we can. So where does it stop?

Customers are becoming increasingly concerned about privacy and are holding organisations to a higher standard. We have moral and ethical obligations and data must be collected and used ethically, with customers' best interest. Just because something is legally right, it does not make it morally right each time.

The question to be asked is “Should we?”, not “Could we? ”.

  • “Should we link two sources of data, if the customer has given us permission to use one of them?”
  • “Should we collect data without telling customers?”
  • “Should we build an app to track customers’ location when the app is not used?”
  • “Should we trust an algorithm to make recruitment decisions because we will save cost?”

If the answer to any of the above is no, maybe you should not do what you are planning to do, even if you are legally entitled to do so. 

These principles are a good starting point to change the conversation from compliance to building customer trust and set the tone of the relationship with the customers, where transparency, simplicity, ethics and meaningful value exchange is at the heart.

I believe that brands that embed privacy into their product design and customer experience will differentiate vs competitors, gain more trust and deliver the personalised experiences their customers demand.

Find out more by listening to the webinar hosted by the NZ Privacy Commissioner 


Panel Moderator: Keith Norris, Data Insight Advisor, Marketing Association Compliance Consultant. 


Mazen Kassis, Head of Data and Analytics, Foodstuffs 

Rali Andreeva, Senior Manager Connected Customer Conversations, ASB

Hannah Taylor, Customer Service Centre, Foodstuffs

Gehan Gunasekara, Associate Professor in Commercial Law, The University of Auckland Business School

About the Author:

Rali Andreeva’s expertise is in bringing together a deep understanding of customer behaviour and the power of data to create great products and customer experiences. She has worked in retail, FMCG and the banking sector, specialising in marketing, customer data and loyalty. She is a certified Privacy Manager by the IAPP and is passionate about making privacy simple for customers and teams

Ralica (Rali) Andreeva | LinkedIn