With GDPR just around the corner, it’s time to start looking at the benefits it can bring for your business. How can GDPR bolster your brand’s reputation?

As organisations around the world gear up for the 25 May 2018 final deadline for GDPR compliance, it can seem like it’s the spectre of that €20 million fine which drives much of the activity.

Nobody’s saying that’s small change, but what about the reputational risk? 2017 research conducted by NTT Security gives us some perspective here.

Of 1,350 business decision-makers surveyed, 55% said that a loss of consumer confidence was a principal worry following a potential data breach. 51% said they were most worried about damage to their brand’s reputation. Meanwhile, a comparatively low 43% listed the financial impact of a fine as being of paramount concern.

So yes, if protecting your reputation is what’s keeping you up at night, you’re not alone. But just like everything GDPR-related, we risk talking too much about the proverbial stick (fines, loss of confidence, damaged reputation) and not enough about the carrot.

Let’s explore how seizing the initiative when it comes to data consciousness can translate into big reputational wins for your organisation.

Take control of your narrative

Your response to GDPR needs to be proactive, coherent, and highly visible. Simple compliance will protect you from damage, but it’s not going to convince your audience that you’re going to extra mile to safeguard their precious data.

To achieve this, you need to be clear about the kind of narrative you’re constructing for people. Giving your legal people full control over your GDPR messaging will produce something that may be technically within the letter of the law, but it’s unlikely to capture any hearts and minds.

Designers, developers, and copywriters have huge roles to play in presenting data compliance as a positive move that’s directly beneficial to the customer.

The Econsultancy blog has a wealth of guidance for UX Designers on how to nail different aspects of GDPR when it comes to your signup process. Standout tips include:

  • Use of content blocks to visually separate different elements to which a person might sign up.
  • Simple colour contrasts. Red for no, green for yes.
  • Big, bold options to clearly distinguish between different permissions. SMS and email, for example. We like simple yes/no buttons.
  • Further options, clearly grouped, to individually name each organisation making use of data.
  • Taking the time, and dedicating the proper space, to clearly explaining something as simple as what you mean when you say ‘we.’ Don’t take the user’s understanding for granted.
  • Allowing users to see an example of the kind of communications you’ll be sending them at the point of signup.

Good writing is also critical when it comes to engaging and convincing potential data subjects. Standard copywriting practice like using plain English and the active voice are important parts of winning consent, but there’s much more to explore.

Patience and clarity should be the cornerstones of your GDPR messaging. Take the time to sell the benefits of your data use, and how each element of data you’re given helps feed into these benefits.

Above all else, GDPR requires you present a more human face when asking for data. Don’t use nebulous, catch-all legal terms, give specific names. Drop the assumption that customers care so much about your marketing that they can’t live without it, in favour of a more humble and respectful tone.

Show off your people

While on the subject of putting a human face on your organisation, what could achieve this better than actually showing some human faces.

GDPR requires that any organisation handling data on a large scale appoints a Data Protection Officer (DPO) to oversee compliance. If this applies to you, you can devote time and effort to spotlighting the work carried out by your DPO and explaining how it benefits the data subject. They are your ready-made data hero.

The DPO’s duties include:

  • Upskilling and training staff on compliance and processing.
  • Auditing and proactively addressing issues within your processes.
  • Liaising between your organisation and the relevant authorities.
  • Reporting on the effectiveness of your data protection measures.
  • Recording your collection and use of data in a way which can be disclosed on request.
  • Communicating with data subjects regarding their rights, how you process data, and how you protect that data.

All of these can be presented in blogs, videos, or on social media to demonstrate how seriously you take data security.

Even if your organisation’s use of data isn’t large enough to warrant a dedicated DPO, you can still make a big deal over how you achieve the above functions to build customer confidence. Data security is never a solo act, and your internal privacy culture is just as worthy of attention.

Plan your data breach strategy

Your customers won’t ultimately know for sure how well your data protection strategy works until its put to the test. That test is an actual data breach, and it’s something you need to be ready for.

Showing this readiness (without giving the bad guys any hints) can form a big part of your pre-GDPR reputation boosting strategy.

Lessons on how not to handle a data breach can be found in the case of Equifax, one of the Big Three credit agencies, and subject to one of the biggest data breaches in history.

Their response was bungled from pillar to post, demonstrating a woeful lack of readiness and causing irreparable damage to their reputation. Highlights include:

  • A badly designed reporting website which looked suspiciously like a phishing page.
  • Requiring users to enter sensitive data in order to find out whether their sensitive data had been compromised.
  • Social media mistakenly tweeting a link to a fake reporting site no less than four times.
  • A generally snail-paced approach to the problem.

This was unforgivable at the best of times, but under GDPR, such a response would open an organisation up to the harshest penalties. No matter who you are, you can do better.

The Information Commissioner’s Office (ICO) has produced detailed guidance on managing a security breach which you can use to prepare your organisation.

It might be enough to simply announce that this strategy is in place, and to have your DPO visibly carry out checks to back it up. However, for an extra seal of approval, you might consider commissioning a data security expert to stage a mock breach.

If you opt for this, you can use it to not only test your response processes, but also demonstrate publicly how conscientious you are about your customers’ data.

Make data your difference

Depending on who you’re selling to, you might be dealing with more or less demand from customers regarding GDPR compliance, and data security overall.

Mastercard has produced an interactive breakdown of five possible personas relating to the general consumer population. Some care a great deal about how their data gets used, but all are at least aware of the potential for misuse, and all would appreciate knowing their information is in safe hands.

Consider which of these personas makes up your audience, or better yet, conduct your own research to build a more bespoke profile. How can you use GDPR compliance to boost their confidence?

If you’re selling to a tech-savvy, digitally switched-on audience, you could reap reputational advantages from a prolonged campaign breaking down the details of how you’re protecting data.

However, even if your audience isn’t enormously data-conscious, ‘we protect your privacy’ is a highly accessible story to tell, and one that will boost their confidence in you.

This also applies across any industry or service you’d care to name. Data security is a universally desirable angle, even in areas where data isn’t usually talked about. ‘The data-conscious cheesemonger’ is going to be viewed more favourably than just ‘the cheesemonger,’ all else being equal.

Prepare for GDPR with Databoxer

By laying the groundwork for compliance now, you can steal a march on the competition and net yourself a huge reputational boost from the people whose data you’re protecting.

Gaining the confidence of others starts with gaining confidence in yourself. You can help get your organisation ready for GDPR with Databoxer, the one-click compliance platform which you can add to your site in minutes.

Confidence lies at the heart of our ethos. That’s why we’ve developed standard, friendly, GDPR-compliant wording for a range of questions relating to consent for marketing use of data to give you and your customers peace of mind. Just one of the ways in which we help ease the strain of compliance.

Want to hear the rest? Sign up for our beta test today.

Leave a Reply

Your email address will not be published. Required fields are marked *