Businesses’ ability  to promote their products and services has been transformed by Internet technology. Interacting with consumers is so much easier and there is also now the opportunity to sell more by improving the content experiences of consumers.

But there is a major challenge that comes with the collection of data and sharing opportunities online: cyber security.

At the start of Data Privacy Week, we look at the very real risks of data breaches for firms of all sizes, how digital marketers’ efforts have been affected by data regulation changes and how companies can ensure that their online campaigns are compliant with these regulations.

Data regulation around the world

The data collection landscape within the European Union changed drastically on 25 May, 2018, with the introduction of the General Data Protection Regulation (GDPR.) This gave EU residents much greater control over their personal data, even if it is located in another country.

GDPR violations carry a fine of up to €20 million or 4% of a firm’s total revenue for the previous financial year. Industry giants Google (€50m in 2019), H&M (€35m in 2020) and Amazon (€746m in 2021) have all been severely punished following data breaches.  Amazon had previously been found to be in violation of GDPR guidelines prior to its 2021 misdemeanour.

Across the Atlantic, the CLOUD Act was introduced in the US two months prior to GDPR. Meanwhile, China introduced the Personal Information Protection Law (PIPL) on 20 August, 2021, meaning that it is now mandatory for network resources to ensure customer privacy through automated processing options.

Just two days after the new data protection law came into force, four financial institutions were found guilty of illegally collecting personal data and fined 11.53 million yuan ($1.77m) by the People’s Bank of China (Central Bank).

The struggle with digital data

With major organisations falling foul of data privacy laws, the implemented changes that have been made to ensure customer protection have directly affected the effectiveness of the efforts of digital marketers.

Popular web browser Google Chrome quickly made the web safer by flagging sites with “not secure” alerts. With prospective customers easily lost if a company’s website was labelled as such, this made it imperative to add a secure certificate to your website. This also brought search engine ranking benefits, potential speed increases and reduced in-browser warnings.

A lot of concern was raised following the Cambridge Analytica scandal regarding the reach of Facebook and their methods of tracking their users. This led Firefox to create their Facebook Container Extension. Users could visit Facebook as normal, but this plugin stopped them from being tracked when outside of Facebook and ensured that the only information that Facebook could generate was directly from their own platform.

Apple also worked on significantly increasing protection by making Safari block third-party cookies and also launching App Tracking Transparency. Both measures restrict customer data being collected and shared.

Disruption for SMEs and self-employed

Data breaches don’t only apply to aforementioned global organisations like Google and Amazon, however – as a recent study from insurance firm Markel UK found that over half of SMEs (51%) have fallen victim to a cyber security disruption, with the 16% for data breaches putting them second behind malware/virus breaches (24%) and just ahead of phishing attacks (15%) in the list for most common attacks.

These disruptions can severely impact small businesses, not only through the security of an organisation’s data but through potential financial repercussions as well.

Data breaches and phishing attacks – usually through employees being hoodwinked into providing usernames and/or passwords through fraudulent emails –  can allow cyber criminals unauthorised access to confidential information. This can then end up with firms rushing to put together legal defence costs or find themselves embroiled in an ICO (Information Commissioner’s Office) investigation.

53% of those polled stated that they had been financially impacted by the attacks, with over two-thirds (68%) revealing that the cost of the breach was up to £5,000.

How PR and communications can minimise the risk of a data breach

When it comes to data privacy procedures, it is better to have a plan in place just in case, rather than having to rely on reacting to a breach as and when it occurs. As part of that plan, PR firms and communications teams must:

1. understand all aspects of GDPR, including the notification requirements, grey areas and best practices.
2. educate the organisation – be it leadership, legal, IT, security and other stakeholders – by ensuring they know about customer and stakeholder privacy needs and expectations. This can include – but is not limited to – data breach reputation trends, risks and impact and the role that communications can play in both the preparation for and response to any sort of data breach.
3. have sufficient PR/communications representation on cyber security committees teams.
4. develop and/or update corporate data breach response and crisis communications plans. This is achieved by assessing and prioritising the different levels of data breach risks for the organisation – reputational risks to that particular organisation included – and the individuals affected, so that individual communications plans for different types can be put in place to develop the communications plans.
5. not only put plans in place, but regularly test these plans to ensure organisations comply with GDPR – specifically data breach protocols and processes, messaging and content, digital/social media dialogue and feedback capabilities – as well as leadership decision-making and team dynamics.

Implementing data privacy correctly

Consumers are becoming wise to organisations taking unnecessary risks with their personal data, so it’s imperative to get privacy, consent and data correct. Having a detailed understanding of compliance – and how it relates to people, processes, data and technology – will not only safeguard companies against today’s regulations, but any future amendments too.

Instead of viewing data privacy as an insignificant compliance issue, a proactive approach must be taken to the methods used for storing and managing customer data. It is also worth considering what value this brings to consumers.

Cyber security measures minimising the risk of future breaches and hacks from occurring, but many organisations view them as being ‘unnecessary costs’. This is supported through 26% of Markel UK’s survey respondents revealing that they have not enforced them within their business.

Consistently designing privacy into every aspect of the organisation, and maintaining a customer-first approach to consent and data collection, will help modify business processes and governance.

However, as marketers, it is also worth considering that consumers are more than willing to trade personal information if they see a benefit for doing so. In fact, 61% of millennials will happily share personal data, if it enables them to receive a more personalised online experience.

How does data privacy impact marketing?

A lot of digital marketing hinges on data. Although data regulation policies do add a few restrictions regarding the handling of consumer data, that in itself should not greatly impact marketers.

It is just a case of ensuring that data is handled correctly throughout a process – from collection to processing and storage – as well as staging timely reviews of all data security measures so that every requirement continues to be met.

Curzon PR is a London-based PR firm working with clients globally. If you have any questions, please feel free to contact our Business Development Team [email protected]