The Pinnacle

Stories and ideas from Big Blue Digital.

Customer Privacy: Your Obligations & Plan

Everyday, businesses collect huge amounts of data.
  • An email address to provide a receipt.

  • The same email address to send a newsletter.

  • Credit card details to action a payment.

  • An address to ship a product.

Yet we shy away from conversations around privacy. For some reason, they’re not given much weight within business.

Because the legal stuff - I hate to say it - can be pretty boring.

Now before you close this window,  know that I am talking to you if,
  • You are in a leadership position in any business, and especially marketing.

Privacy laws affect all businesses whether you are collecting marketing data or not. 

In every business, you will collect some sort of information from, or about, the people that you are selling to.

It’s important that you understand the privacy laws and best practices that might affect your business. It’s not just about what you have to do for compliance purposes. It’s about meeting your customers expectations, building trust and forming better customer relationships.

Disclaimer: We have done a lot of research on this topic, but that doesn’t make us privacy experts.

We are not lawyers, and nothing on this site should be taken as legal advice.

You might like to get your own legal advice before acting on any of the information we’ve shared here.


Privacy, more than boring legal talk

From a business perspective, when we talk about privacy online, we’re talking about any information about customers (and potential customers) that is being collected, processed and stored by a business.

This could be anything from information provided via a form to information gathered by tracking software installed at your website.

In Australia, we are governed by the Privacy Act and the Australian Privacy Principles (or the APP) as well as the Spam Act, which covers the sending of all electronic messages, including text messages.

Internationally, the GDPR (General Data Protection Regulation) is driving change in customer expectations and understandings of privacy. When these regulations come into effect (May 25 2018) they will increase the protections for individuals in the EU, in terms of the information they share online.

(Want to know more about Australian privacy law and GDPR? The Information Commissioner's website has a really good information page comparing GDPR to Australian law.)

Regardless of GDPR, consumers are becoming more and more aware of how people collect their data, and they want more control.

Overcoming misconceptions

Because privacy is discussed with such gravity, it’s no surprise that businesses get confused about exactly what they have to comply to.

One of the biggest misconceptions is that privacy is all about consent - that you need to get consent for absolutely every piece of data you collect.

While that might be true for marketing data - such as gathering consent for mail marketing - there are other reasons that you could be collecting data.

Fulfilling a contract, for instance.

If you’re selling something online, there is certain information you have to gather to fulfil the contract. You don’t need consent to gather an address to ship a product. Or to pass that on to a courier company.

But, should you then want to use that address to send marketing information - that’s when you need consent.

For this reason, it’s important to have the ability to split your data collection and usage into the different legal reasons for collection (e.g. contract or consent).

One of the bigger changes that will be forced by the GDPR is the idea of granular consent - or giving people exact control of the types of messages they receive. For example, yes to weekly emails, but no to daily emails, or yes to emails on evening wear, but no to emails on accessories.

This is explicitly mentioned in the GDPR.

But we’ve just said that’s European and not Australian based?! Why should we care?

Yes, privacy is a minefield.

For example, GDPR isn’t about where your business operates. It’s about the individual rights of people who are located within the EU, accessing sites.

It might apply to you because,
  • You have customers around the world

  • You have customers who like to travel around the world

  • You have customers who use sites from around the world

Stick with me on the last point.

As a business, you’re not just being compared to the other businesses in your street, or even in your field. In the digital space, you’re being compared to every website or app your customers use.

For more, read our article Digital Literacy in 2018: The Evolution of Online Audiences.

If one day they have more control over their data on a site they use daily - Facebook for example - that will become the benchmark.

You have an opportunity to be at the forefront of building trust with your customers.


Taking control and offering control - how you can build trust with your customers

Many businesses don’t understand their own data collection and storage practices across the continuum of customer service.

As much as we avoid it, we all tend to work in silos.

This is the enemy of good customer privacy practice.

Is there one person in your business who can say, with confidence, ‘I know exactly what we’re collecting and why we’re collecting it. I know the tools that we use, and the data they hold’?

The guiding word we, as businesses, need to live by, is transparency.

So how do we get more transparent?

First, we need to know what we’re collecting.

A data audit covering,
  • what information is being collected by customers
  • at what points in their customer journey and 
  • through what tools

is a good first step.

This should be done at a whole company level and considering online and offline interactions.

Then, consider what information is being stored and what it’s used for later. Do you actually need or use all of that data? When was the last time your business took a serious look at all the tools that it uses? 

It’s an opportunity to consolidate your approach, streamline your processes and possibly save money on some subscriptions or inefficient steps.

Also consider where your tools are based and what privacy laws they comply with. Are they holding data for you? In a cloud-based world, it would be unlikely that you don’t have another tool holding information, like MailChimp for email marketing.

It’s not the whole picture, but taking back control of the data we hold in our businesses, in order to give control to our customers, is the goal.

Be transparent, give people control.

Win customer love.



« Go Back