By exceeding the bare minimum requirements set by privacy regulations, businesses can win customers by offering greater assurances, says a business adviser
Companies should use a risk-based approach to privacy to go beyond regulations such as the EU’s General Data Protection Regulation (GDPR) to gain a competitive advantage, according to Phil Lam, co-founder of Lam Advisory
“If companies consider privacy not just as a way to meet some new regulation, but as a way to differentiate themselves from competitors, that could give them an advantage in winning and retaining customers,” he told Computer Weekly.
Once companies understand that providing privacy assurances can drive customer loyalty, they will be incentivised to do more than meet the minimum requirements of privacy legislation, said Lam.
For example, a bank could move from storing personal data centrally or using a third party to store that data to a more distributed model in which each customer stores his or her own data, he said.
“The bank could digitally sign that data to indicate that the individual has been through a vetting process, but give control of the data to the customer,” said Lam. “This would be an example of going a step beyond what is required by the letter of the law, and could be a differentiator for the bank concerned.”
Another example would be an online retailer that, instead of purchasing customer data from a third party to use for targeted marketing, offered incentives for customers to provide data, he said.
“Online retailers could consider asking consumers to contribute in return for payment or some other reward, thereby including the consumer, giving them control over what they share, and giving them something of value in return.”
With the GDPR compliance deadline only just over six months away, many organisations are trying to establish what is the bare minimum they can do, he said.