Building Trust through Data Protection
The internet has drastically changed the way we communicate and how we handle everyday tasks. We send emails, we meet people, we share documents, we pay bills and we purchase goods by entering our personal details online and without even a second thought.
Have you ever stopped to think how much personal data you have divulged and shared online? Or what happens to that information?
We are talking about banking information, addresses, contacts, social media posts, and even your home IP address, as well as the sites that you have visited are all stored digitally.
This is where PDPA comes in. It was enforced and permanently changed the way you, as a business, collect, process, use, and store customer data.
This new data protection regulation puts the consumers in the driver’s seat, and the task of complying with the PDPA policies falls upon businesses and organizations. Otherwise, you are failing to comply.
How PDPA Helps Build Trust
While PDPA does create challenges and pain for businesses, it also creates a whole new opportunity.
Companies and organizations who show they value an individual’s privacy (beyond just legal compliance), who are transparent about how the data is processed and used, who design and implement new and improved ways of handling customer data throughout its life cycle encourage deeper trust and retain more loyal customers.
The Impact of PDPA on Customer Engagement
The conditions for obtaining consent, which are monitored by an assigned PDPA officer, are a lot stricter under PDPA requirements as the individual must have the right to withdraw his consent at any time, and there is an assumption that consent won’t be valid unless separate consents are acquired for different processing activities.
What this means is that you have to be able to prove that the individual agreed to a certain action, to receive newsletters for example. It isn’t allowed to assume or add a disclaimer, and providing an opt-out option will not suffice.
PDPA has changed a lot of things for organizations, such as the way your sales teams look for prospects or the way that marketing activities are done. Companies have had to train employees with the appropriate PDPA training, assign an able PDPA officer, review business policies, processes, applications and forms to be compliant with double opt-in rule, as well as email marketing best practices. To sign up for communication, potential clients will have to tick a box or fill out a certain form and then confirm it was their actions in a further email.
Organizations must also prove that consent was given in a case where an individual objects to receiving the communication. This means that any data managed, must have an audit trail that is time stamped and reporting information that notes what the contact opted into and how.
If you buy marketing lists, you are still held responsible for acquiring the proper consent information, even if an outsourced partner or vendor was responsible for gathering the data.
In the business-to-business world, sales people meet potential clients and customers at a trade show, they exchange business cards, and when clients come back to the office, they add the contacts to the organization’s mailing list. Nowadays, this isn’t possible anymore.
Companies will need to look at new ways of gathering customer information.