What Your CRO Should Know About Data Privacy Compliance

TLDR: Data privacy regulations are evolving fast, and businesses in breach face sharp financial penalties and reputational damage. Bring RevOps together with Legal, Sales, and Marketing every quarter to set the agenda for your data privacy strategy, review your processes, and plan around new compliance requirements. Hiring a Data Privacy Officer and investing in cybersecurity are strong measures to ensure you’re properly processing and protecting customer data.

 

The data privacy landscape moves fast. As regulations emerge around the world, businesses that collect, store, and use customer data must get to grips with a complex web of compliance responsibilities.

Businesses that breach data privacy regulations, even unintentionally, face steep consequences. Regulators have the power to place data handling restrictions on businesses and issue sharp fines—to date, EU regulators have enforced over €1.5 billion in penalties to organizations in breach, with an average of €1.4 million per fine. In a time when people are more conscious than ever about how businesses look after their data, falling foul of regulations is an easy way to shatter customer trust.

Today is the time to act. To stay compliant, your RevOps team needs to know how the interlocking data privacy regulations apply to the territories in which you handle customer and prospect data. In this Tough Talks Made Easy, you’ll learn to explain to your CRO where the challenges and blind spots lie, and the processes you should implement to keep on top of your responsibilities.

 

Challenges with data privacy

Companies tend not to review their data privacy policy proactively, which causes them to fall behind the times and incur fines. Major markets like the EU, Japan, India, Australia, Brazil, and certain US states all have regulations that confer particular responsibilities onto organizations that operate in these territories or collect data on their residents. While data privacy is more complex for organizations operating internationally, multiple regulations can apply even when doing business in one local market.

As the regulatory landscape evolves, it’s important to stay in the loop with how these frameworks shape your legal obligations and data practices—particularly if your business is considering expanding into international markets.

Organizations typically focus on online practices when designing a data privacy strategy—sometimes to the detriment of offline behaviour. The age-old challenge of Sales and Marketing alignment becomes relevant to compliance here. As Sales Ops and MOPs send customer and prospect data between platforms, both teams should know how they’re allowed to use and store this data to avoid taking actions that violate the privacy rights of people in the dataset.

 

Measures to take

To set the agenda for data privacy strategy, RevOps should get together with Legal, Sales, and Marketing every quarter or six months. Across teams, you want everyone to have a good grasp of their responsibilities and have an eye on the regulatory movements that could impact their work.  

Some questions to answer: How are privacy and cookie policies evolving? What are our regulatory requirements for each market we do business in? How might our usage of tools and the web need to shift to meet new requirements?  What gaps do we have in our implementation of compliance policies?

From there, review your processes for data capture, storage, and deletion. When capturing data, timestamp the date and time that people submit contact forms, why they’re contacting your business, and whether they’ve opted in to receive marketing communications. For logging and auditing purposes, this creates evidence that you’ve lawfully obtained the authorized data.

For SOPs and MOPs—set up filters to segment the people in your dataset based on the communications they’ve opted in or out of receiving. For prospects who’ve unsubscribed from your communications, check in with Legal to decide when to delete their data entirely. And it helps to test regularly that your measures are working as planned. Are your filters and timestamps working correctly? Are you deleting data when required? Are you storing it in secure places that don’t violate compliance policies?

Hiring a Data Privacy Officer to keep up with regulatory evolution, guide policies and processes, and educate people on the risks of non-compliance is a smart move to advocate. If the budget to hire for such a role is a concern, it’s worth mentioning the penalties that regulators can apply—E.U. authorities, for instance, can enforce the GDPR with fines of up to €20 million, or up to 4% of a company’s global annual turnover.

For similar reasons, cybersecurity training and tools are worth pushing for. Data breaches decrease customer confidence and brand strength while making fines and legal action all the more likely—so by investing in data protection, you invest in protecting your customers and your reputation.

Create trust

People want to do business with organizations they trust. By making a cultural and financial investment in data privacy, you get to keep your business from appearing under the limelight for the wrong reasons, avoid fines and restrictions on how your RevOps team uses data, and better understand the processes to implement if you’re expanding into new markets.

Want to learn more about the actions you can take to remain GDPR compliant? Get in touch with our experts.