TLDR: Data privacy regulations are evolving fast, and businesses in breach face sharp financial penalties and reputational damage. Bring RevOps together with Legal, Sales, and Marketing every quarter to set the agenda for your data privacy strategy, review your processes, and plan around new compliance requirements. Hiring a Data Privacy Officer and investing in cybersecurity are strong measures to ensure you’re properly processing and protecting customer data.
The data privacy landscape moves fast. As regulations emerge around the world, businesses that collect, store, and use customer data must get to grips with a complex web of compliance responsibilities.
Businesses that breach data privacy regulations, even unintentionally, face steep consequences. Regulators have the power to place data handling restrictions on businesses and issue sharp fines—to date, EU regulators have enforced over €1.5 billion in penalties to organizations in breach, with an average of €1.4 million per fine. In a time when people are more conscious than ever about how businesses look after their data, falling foul of regulations is an easy way to shatter customer trust.
Today is the time to act. To stay compliant, your RevOps team needs to know how the interlocking data privacy regulations apply to the territories in which you handle customer and prospect data. In this Tough Talks Made Easy, you’ll learn to explain to your CRO where the challenges and blind spots lie, and the processes you should implement to keep on top of your responsibilities.
Challenges with data privacy
As the regulatory landscape evolves, it’s important to stay in the loop with how these frameworks shape your legal obligations and data practices—particularly if your business is considering expanding into international markets.
Organizations typically focus on online practices when designing a data privacy strategy—sometimes to the detriment of offline behaviour. The age-old challenge of Sales and Marketing alignment becomes relevant to compliance here. As Sales Ops and MOPs send customer and prospect data between platforms, both teams should know how they’re allowed to use and store this data to avoid taking actions that violate the privacy rights of people in the dataset.
Measures to take
To set the agenda for data privacy strategy, RevOps should get together with Legal, Sales, and Marketing every quarter or six months. Across teams, you want everyone to have a good grasp of their responsibilities and have an eye on the regulatory movements that could impact their work.
Some questions to answer: How are privacy and cookie policies evolving? What are our regulatory requirements for each market we do business in? How might our usage of tools and the web need to shift to meet new requirements? What gaps do we have in our implementation of compliance policies?
From there, review your processes for data capture, storage, and deletion. When capturing data, timestamp the date and time that people submit contact forms, why they’re contacting your business, and whether they’ve opted in to receive marketing communications. For logging and auditing purposes, this creates evidence that you’ve lawfully obtained the authorized data.
For SOPs and MOPs—set up filters to segment the people in your dataset based on the communications they’ve opted in or out of receiving. For prospects who’ve unsubscribed from your communications, check in with Legal to decide when to delete their data entirely. And it helps to test regularly that your measures are working as planned. Are your filters and timestamps working correctly? Are you deleting data when required? Are you storing it in secure places that don’t violate compliance policies?
Hiring a Data Privacy Officer to keep up with regulatory evolution, guide policies and processes, and educate people on the risks of non-compliance is a smart move to advocate. If the budget to hire for such a role is a concern, it’s worth mentioning the penalties that regulators can apply—E.U. authorities, for instance, can enforce the GDPR with fines of up to €20 million, or up to 4% of a company’s global annual turnover.
For similar reasons, cybersecurity training and tools are worth pushing for. Data breaches decrease customer confidence and brand strength while making fines and legal action all the more likely—so by investing in data protection, you invest in protecting your customers and your reputation.
People want to do business with organizations they trust. By making a cultural and financial investment in data privacy, you get to keep your business from appearing under the limelight for the wrong reasons, avoid fines and restrictions on how your RevOps team uses data, and better understand the processes to implement if you’re expanding into new markets.
Want to learn more about the actions you can take to remain GDPR compliant? Get in touch with our experts.