Skip to Main Content

Generative AI: Using artificial intelligence to make human impact.Learn how

Person standing

How Data Privacy Is Done Right

Businesses are in a scramble to become compliant with the new privacy rules—but compliance should not be the sole focus.

This article is part 1 of a 2 part series. Read the rest of the articles here.

Data-privacy policies and regulations are paving the way to a cookieless future in which businesses can no longer depend primarily on third-party data. Businesses are in a scramble to become compliant with the new rules—but compliance should not be the focus.

There’s no need to buy a security solution off the shelf to (fingers crossed) be compliant for compliance’s sake. In fact, many of the solutions in the market today claiming that they are GDPR or AB-375 compliant can only claim that their off-the-shelf solutions can be used to be compliant. That is not the same as being compliant. The laws are “still on trial” and until the appropriate judicial reviews take place, compliance is a moving target.

Instead of reacting (or doing nothing), think about where data privacy is headed, and how making changes now can benefit your business and enhance customer relationships for the long term. Here's how:

Be Proactive, Not Reactive

Laws like GDPR and AB-375 are not going away, and they will move control of an identity toward individuals. But the principle of data privacy is much simpler than any manifestation of the law. For instance, the general evolution is a move from transparency, to consent, to user choice and ultimately to user control. Respecting customers as persons when it comes to personalization and respecting an individual’s rights are key tenets of new legislation. 

The future of digital identity is becoming increasingly decentralized, regulated and cloud-based. It may sound like a lot to navigate, but businesses should worry less about what specific law is coming out next week and zoom out to review their practices through the lens of the overarching principle of data privacy.


The best way to understand “creepy” is measuring the distance between what data you are asking for, and what the customer expects you to do with any data they provide.

Capture Customer Intent That Aligns With Brand

It should not be surprising that the privacy movement is developing alongside the data-driven business era. But while the future is unfolding every day, by no means is not collecting or combining data about customers a viable strategy.

To respect privacy and begin building trust with customers, the questions a brand asks of a customer should align with what a customer expects. If you’re a hotel, ask questions about room and travel preferences. Don’t ask for social security numbers. When customers understand why you are asking a question, they are more likely to provide the data because there is an inherent value exchange. The alternative is the dreaded label of “creepy.” The best way to understand “creepy” is measuring the distance between what data you are asking for, and what the customer expects you to do with any data they provide.

You will earn the right to capture more information by building greater trust over time. It’s important to start in your lane (e.g. a restaurant should be capturing food-related questions). If you represent your data as privacy-safe, customers (particularly younger customers) will share data with you, as long as they understand what you need the data to do for them. For instance, a restaurant may ask a loyal customer where he or she works so that they may push location-based offers. The customer may be more willing to share that information, based on trust with the brand and how many times they get lunch during their workday. Ask the right questions and you can collect lots of information without running afoul of this important principle. 

The CMO Should Be the Voice of the Customer at Scale

If you were to disrupt your own company, you would probably build a challenger that looks a lot like the digitally native, customer-centric, mobile-based start-ups succeeding in the market today. You would use customer data in smart ways, and collect enough of it to automate and scale, while protecting your brand from the creepy-factor. You would probably create a two-way relationship with customers in which the business can act on the customer intent that it understands, and lead to even more feedback about what that customer wants.

Within the enterprise, the voice of the customer is the CMO. And unlike in a start-up, the enterprise cannot “start” cloud-native and enjoy all those disruptive forces with good habits. There are departments and systems and siloes to navigate. However, just like the start-up, each part of the business still can benefit from customer data. All of them need to understand what matters to the customer, be it for customer service, choosing the next features to build into a product, or how to align inventory and supply against demand. Internal stakeholders in supply chain, product, customer service and more can do their jobs better when they know customer intent. 

Doing It Right

The businesses that begin building a direct relationship with their customers, respecting them as persons while moving toward the spirit of the law will be ready for the next big competition in digital. 

Stop worrying about compliance and start thinking of how you can honor the customer’s rights while putting them at the center of your business. Then you can take compliance seriously, proactively building a plan to do what you should be doing with your customer’s data, and put a stop to things you should not be doing under the new laws.

Raymond Velez
Raymond Velez
Executive Vice President