Opinion: With change the new normal, data compliance requires a team effort
Regulatory compliance around marketing and advertising data is now everybody’s job. Marketing organizations bear the responsibility of complying with a raft of often ambiguous data-privacy regulations and the difficult task of keeping up with changes on the horizon, but a comprehensive response to compliance requires a team effort and can’t be marketing’s job alone.
While data privacy and security top the list of priorities at many companies, assigning full responsibility for compliance to a single stakeholder group will result in blind spots. Many stakeholders simply don’t know what they don’t know. The human element is the key to meeting this challenge, and a cooperative, organization-wide approach is needed to solve it successfully.
Getting on the same page
Specifically, marketing, tech and legal—constituencies whose interests and priorities are not always aligned—must come together to work as a team. This requires a process of individual and group learning. Attempts to reconcile the legal language written by regulators with technical features and real-world marketing concerns are going to trigger internal discussions and lively debates.
It’s important to create a unified message that is conveyed organization-wide, and to encourage collaboration by all teams on privacy-
related efforts. Without a top-down approach, respective stakeholder groups will tend to prioritize and address compliance questions only from their own organizational silos, rather than as part of a singular effort. For example, an organization could rally around a simple set of privacy-conscious principles such as:
Our customers’ data should stay protected no matter what.
Our customers and visitors will be given clear choices about how we use their data, even when that data is anonymized.
We will always use customer and visitor data to make their experience better.
Principles such as these give respective teams a way to engage in specialized work while still being able to clearly articulate to other groups what they’re doing and why.
Creating a privacy-first mentality
Companies must raise basic internal awareness about the importance of data-privacy regulation compliance. Everyone needs to have a level of understanding about this issue that allows them to communicate the basic concepts to members of other teams, both internal and external, and build products with privacy at the forefront.
Resources such as internal email campaigns, training sessions and FAQs should be devoted to this effort. Ongoing education is important to keep everyone abreast of regulatory and enforcement changes, evolving private-sector interpretations of compliance changes (companies including Amazon, Apple, Facebook, and Google will be big influencers here), notable court decisions, etc. Collaborative messaging tools like Slack allow for open and collaborative communication to keep everyone involved in the conversation.
That said, the type and amount of information provided through educational outreach should be tailored to the specific needs and responsibilities of teams and team members. For example, legal definitions and regulatory standards will likely apply differently across teams, technologies and data types. But all teams, even those not routinely touching data privacy compliance issues, should be educated and knowledgeable about the basics.
Compliance requires external outreach, too
For any marketing organization that doesn’t already have in-house legal counsel with expertise in data privacy, seeking specialized external counsel should be the first step. Marketing organizations need to understand what existing laws like GDPR and CCPA require, how those requirements may change, their relevant internal practices and policies currently and how those will have to be revised or replaced. This requires a collaborative effort between internal counsel, who has a deep knowledge of the business, and external counsel, who brings the legal privacy expertise.
Compliance with data privacy regulation is now everybody’s job. The human element is the key to efficiently and effectively getting all the moving pieces aligned to achieve compliance in a timely manner and to stay ahead of what is surely going to be more changes on the data privacy legislation front going forward. The effort should be driven from the top-down, creating an environment where stakeholders can collaborate across teams while also applying their specific expertise to the challenge of privacy compliance.