TLDR: Data privacy regulations are evolving fast, and businesses in breach face harsh financial penalties and reputational damage. Bring RevOps, legal, sales, and marketing together every quarter to set the agenda for your data privacy strategy, review your processes, and plan around new compliance requirements. Hiring a data privacy officer and investing in cybersecurity are strong measures to properly process and protect customer data.
The data privacy landscape moves fast. As regulations emerge worldwide, businesses that collect, store, and use customer data face a complex web of compliance responsibilities.
Businesses that breach data privacy regulations, even unintentionally, face steep consequences. Regulators can place data handling restrictions on companies and issue sharp fines. To date, EU regulators have enforced over €1.5 billion in penalties to organizations in breach, with an average of €1.4 million per fine.
In a time when people are more conscious than ever about how businesses handle their data, falling foul of regulations is an easy way to shatter customer trust.
Now is the time to act. To stay compliant, your RevOps team needs to know how the interlocking data privacy regulations apply to the territories where you handle customer and prospect data. In this Tough Talks Made Easy, you’ll learn to identify where the challenges and blind spots lie within your company, and the processes you should implement to keep on top of your responsibilities.
Challenges with data privacy
While data privacy is more complex for organizations operating internationally, multiple regulations can apply even when doing business in one local market.
As the regulatory landscape evolves, it’s important to stay in the loop with how these frameworks shape your legal obligations and data practices. It’s particularly crucial if your business is considering expanding into international markets.
Organizations typically focus on online practices when designing a data privacy strategy, sometimes, to the detriment of offline behavior. The age-old challenge of sales and marketing alignment becomes relevant to compliance here.
Important: As Sales Ops and MOPs send customer and prospect data between platforms, both teams should know how they’re allowed to use and store this data to avoid taking actions that violate the privacy rights of people in the dataset.
Measures to take
To set the agenda for data privacy strategy, RevOps should get together with legal, sales, and marketing every three to six months. Across teams, you want everyone to have a good grasp of their responsibilities and have an eye on the regulatory movements that could impact their work.
First, answer these questions during an initial meeting:
- How are privacy and cookie policies evolving?
- What are our regulatory requirements for each market we do business in?
- How might our usage of tools and the web need to shift to meet new requirements?
- What gaps do we have in implementing compliance policies?
Next, review your data processes:
From there, review your data capture, storage, and deletion processes. When capturing data, timestamp the date and time people submit contact forms, why they’re contacting your business, and whether they’ve opted in to receive marketing communications. For logging and auditing purposes, this creates evidence that you’ve lawfully obtained the authorized data.
For sales ops and marketing ops, set up filters to segment the people in your dataset based on the communications they’ve opted in or out of receiving. Read our piece on data hygiene to learn more.
For prospects who’ve unsubscribed from your communications, check in with legal to decide when to delete their data entirely. And it helps to test regularly that your measures are working as planned. Are your filters and timestamps working correctly? Are you deleting data when required? Are you storing it in secure places that don’t violate compliance policies?
Finally, hire a data privacy officer:
Hiring a data privacy officer is a smart move. DPOs are experts in:
- keeping up with regulatory evolution
- guiding policies and processes, and
- educating people on the risks of non-compliance is a smart move to advocate.
If the budget to hire for such a role is a concern, it’s worth mentioning the penalties that regulators can apply. E.U. authorities, for instance, can enforce the GDPR with fines of up to €20 million, or up to 4% of a company’s global annual turnover.
For similar reasons, cybersecurity training and tools are worth pushing for. Data breaches decrease customer confidence and brand strength while making fines and legal action all the more likely—so by investing in data protection, you invest in protecting your customers and your reputation.
People want to do business with organizations they trust.
By making a cultural and financial investment in data privacy, you get to:
- keep your business from appearing under the limelight for the wrong reasons
- avoid fines and restrictions on how your RevOps team uses data, and
- better understand the processes to implement if you’re expanding into new markets.
Want to learn more about the actions you can take to remain GDPR compliant? Get in touch with us.