Teavaro’s Nico Pizzolato investigates a new study that shows that the opportunities of GDPR are no myth, and that privacy can provide ROI to marketers.

Privacy is perhaps the ultimate business paradox: it requires compliance but can spark growth and revenue. Or so says a new report by Forrester that suggests that new data privacy regulations are not a cause for concern but celebration for marketing departments, to the tune of 17 per cent ROI. The irony of this revelation lies in the way businesses traditionally saw privacy compliance, a deadweight set of procedure that costed money — a tick box exercise to avoid data breaches that marred reputations and fines from regulators. Legal departments owned privacy compliance, many office doors away from marketers sweating at funnelling customers trust into a purchase. These two aspects of the business were seen as unrelated. At the same time, the market did not reward privacy by design as consumers casually signed off their data for usage, while the media castigated only the serial offenders not the routine peeking into other people’s lives.

Today the landscape is changing. We all know about the evolving legal framework. From EU’s GDPR to California’s Consumer Privacy Act to South Korea’s Personal Information Protection Act, business now operate, globally, in an environment in which the loopholes for loose practices are closing rapidly. More important is that the drive behind these changes are consumers themselves and the public in general. Customers who are willing to give away their data to access a service without bothering to check the terms are fewer every day. High-profile data breaches have made people wary, and supportive of a toughest stance against abuses and lack of care. In turn, new rights have heightened expectations of transparency and control. When these are lacking, customers disengage. Privacy is now an issue squarely in the turf of marketers, which means that that it can be turned in a competitive advantage. If privacy compliance once required a change of procedure; privacy-led growth requires now a change of mind.

In ‘Theory of Creepy’, privacy scholars Omer Tene and Jules Polonetsky argued that, “companies cannot avoid privacy fiascos simply by following the law”. Marketers should appraise the nuances of the marketing relationship before setting the tone on how to use customers’ data for services and products. A few years ago, when travel website Orbitz used data to steer Mac users to pricier hotels, commentators found it “creepy”. Yet Amazon does not meet the same reaction when it customises purchase recommendation for its users on similar criteria. Companies that engage users to share more data, also have to establish a clear framework of expectations in which that data will be used to improve the customer experience. Creepiness is a shifting social norm, of which marketers, not lawyers need to keep abreast.

The recent Forrester report has reiterated the case for a privacy strategy that contributes to the bottom line. There is a sound basis and good evidence for this. Customer trust is a long-term asset for any company when is seen as a marketing goal, not a risk-avoidance strategy. Customers rewards data-driven companies where their data is used in ways that they understand is secure. The other perception to manage is the fairness in the data exchange. In short, what I (the customer) am giving away for what I understand I will receive. Both expectations — security and fairness — have an impact into the marketing relationship. According to the National Cyber Security Alliance 83% of the customers only use online vendors they trust. Companies that carefully steward personal information receive a brand boost, as Apple has demonstrated in broadcasting in its diatribes with Google and Facebook over being a safe harbour of its customers data.

The Forrester reports argues that “creepiness avoidance” has a long-term impact on revenue figures, improving brand and driving a higher conversion rate. But there are other benefits. Growth by privacy means sifting through the numerous third-party vendors and the digital supply chain that enable a website, or rather disable it by capturing leaks and slowing its performance. According to research conducted by Evidon the majority of companies is unaware of the amount of third-party technologies operating on their digital premises. By auditing vendors’ compliance practices and shifting to a first-party strategy instead companies save money while protecting their data assets. Finally, privacy-oriented companies have better chances to raise capital. Mayfeld venture capital investor Ursheed Parikh has observed that data privacy is not only about due diligence anymore, but is “entering the conversation much earlier”.