Skip to main content

Data privacy and risk management are two inextricably linked concepts. Organizations’ intent on increasing data collection and dissemination to build data-driven practices, along with the emergence of Generative AI, pose significant risks for the management of sensitive information. Accordingly, there is a new level of expectation from consumers for data privacy protections and compliance to earn their trust. According to Hubspot, there have been concerns over how online businesses collect and use personal data, leading to 55% of consumers saying they no longer trust the companies they buy from as much as they used to

However, with the spotlight on companies handling sensitive customer data, there’s a paradigm shift happening in the story behind the approach to data privacy. Opportunities to gain a competitive advantage via responsible data practices have never been more available. Data privacy is not only a matter of risk management, it’s an avenue for growth. 

Risk management will always be a core to the data privacy conversation – fines are getting heavier, reputation harm is more severe, and data breach threats continue to rise. However, data privacy should also be viewed as a key catalyst to drive trust with consumers, ultimately improving top-line growth. Data privacy has long been a core responsibility of Legal and IT departments, but now Marketing teams will need to actively partner with them to support this responsibility to improve consumer trust and capitalize on the growth potential. 

To understand why Marketing input is an imperative in data privacy, we’re going to explore four marketing user stories* for comprehensive data privacy practices and tips on how to get started.

*Note: User stories are a key mechanism Transparent Partners leverages to identify tangible opportunities

User Story 1

Deepen customer relationships through increased opt-ins and zero party data capture

As a marketer, I want to clearly communicate the purpose of data collection and the proposed value exchange to customers, so that they feel more comfortable opting-in to data sharing and targeted communications.


Building consumer trust through responsible data practices should be an imperative for brands today. This is a great way to indicate how much a consumer is valued and starts with being transparent about the ‘what’ and ‘why’ data is being collected. Simple tactics brands should consider include providing:

  • Clear and concise privacy policies – free of legal jargon – that outline data collection, storage, and usage practices
  • Accessible, clear instructions for consumers to take control over their data via data subject rights in a timely manner
  • Assurances to the consumer of safeguards used on the backend to ensure privacy

Brands should also be clear about the value the customer is receiving in return for providing their data. Clear value exchanges satisfy the customer’s appetite for compensation and support a high level of data collection. Although value exchanges differ based on the brand’s core offerings and capabilities, examples include personalized offers, 15% discounts on first purchases for providing an email, or a lottery chance to win a major reward. Not only will value exchanges induce data collection, they’ll inherently generate higher value customer data. Said another way, when a customer willingly provides personal data, theoretically their propensity to engage with and buy from that company would be higher.

This user story boils down to two key takeaways:

  • Communication regarding data privacy sets the tone for consumer trust. First impressions matter and set the stage for how customers judge an organization’s data responsibility. Clearly communicate how customer data is collected and used, enables long-lasting relationships to be built with consumers, translating into loyalty and repeat business.
  • Focusing on data privacy will improve overall data strategy. Collecting data that drives business value is the goal. By employing responsible data privacy tactics, only collecting relevant, high value, actionable data will become a habit.

Supporting Statistics:

  • 53% of consumers say they need to make sure the company has a reputation for protecting customer data prior to purchasing from them2
  • 51% of customers are more willing to give their data for a discount, 33% for better content, and 14% for more relevant ads2.
  • 90% of people are more likely to trust a company if they have a firm privacy policy2

Where to start:

  1. Review the initial consent & data privacy touchpoint with the consumer
    1. Find a conspicuous, but not inhibiting, spot on site to place the consent preference center
    2. Map each use of the data to a preference or option for the customer to opt-in
    3. Ensure opt-in descriptions are free of legal jargon
      1. Be clear about what data is wanted from the customer
      2. Be clear about what the data unlocks for the customer and for your company
  2. Review the value exchange with customers
    1. Assign the owner of the value exchange (Marketing)
    2. Define KPIs related to the value exchange
      1. E.g. Percentage of site visitors who opt-in / passively opt-in / provide zero party data
      2. E.g. Percentage breakdown of the type of data being collected (zero party vs 1st party)
    3. Gather data on those KPIs to drive understanding of value exchange efficacy
      1. E.g. surveys, A/B tests, site analytics, etc.
    4. Develop new, unique value exchanges your company could provide based on core business offerings, technology capabilities, etc.


User Story 2

Sharpen audience targeting through activated customer preference data

As a marketer, I want to activate compliant customer data by orchestrating opt-in preferences across my marketing platforms in real time, so that I can efficiently and effectively execute campaigns against audiences who want personalized communications 


Collected consent preference data is minimally effective if it’s unable to be activated against. There are few experiences for a consumer as unpleasant as when a company continues to send unsolicited messages. Therefore, it’s essential companies continually apply the latest individual user consent preferences to their audience creation and activation practices. Companies well-versed in consent orchestration manage customer consent preferences effectively across ALL relevant systems in their personalized marketing ecosystem. Additionally, consent orchestration tools, like Ketch or Osano, help automate this capability (via integrations with infrastructure and 3P vendors like CDPs, CRMs, etc.) ensuring companies comply with data privacy regulations such as GDPR and the new state laws coming into play in 2023. More importantly, this capability enables Marketing teams to target audiences with confidence in their privacy law compliance. 

Supporting Statistics:

  • Over 40% of global respondents reported that too many messages or “spam” messages would cause a brand to lose their loyalty.3

Where to start: 

  1. Evaluate the enablers of consent orchestration
    1. Identify the owner
    2. Identify consent orchestration goals / KPIs
    3. Review the process (is it manual or automated?) followed to federate consent data
      1. Identify all touchpoints of different teams – what role does marketing, IT, and legal play?
    4. Assess the technology stack leveraged to federate consent data across the organization and it’s vendors
      1. Develop future state use cases
      2. Run the technology against those use cases
        1. Identify gaps in capabilities based on the use cases
    5. If the process is manual and there is not infrastructure in place to handle, evaluate the cost of investing in one
      1. Develop a consideration set
      2. Narrow down the consideration list to run an RFP (both the consideration set and RFP need to be predicated on the future state use cases)
  2. Design
    1. Create functional requirements and establish consideration set and RFP of a new consent orchestration tool
    2. Run the RFP
      1. Focus on the use cases and which tool fulfills them 
    3. Revisit the process
      1. If the process was manual prior to the new tool, your process will change, iterate the existing operating model
  3. Implement
    1. Assign a project owner and steering committee (i.e. a group of stakeholders who manage the general course and high-level decisions)
    2. Establish an estimated timeline
    3. Establish implementation KPIs / goals
    4. Assess the available resources to implement
      1. i.e. You might need third party short-term help – if you’re feeling overwhelmed and don’t know where to start get in touch with Transparent Partners


User Story 3

Enable innovation in our products through flexible compliance practices

As a marketer, I want to know we have responsible data practices and “always-on”, standardized compliance checks, so that I can freely experiment with new customer experiences and be confident I am compliant.


Marketing innovation should not come at the expense of complying with privacy regulations. Experimentation across core customer communication platforms like websites, apps, and the metaverse, is critical for go-to-market strategies and user experience optimization, but does pose risks. For example, Snapchat’s collection and storage of biometric identifiers / information, a violation of Illinois’ new BIPA, resulted in a fine of $35 million4. Though Snapchat was innovative, creating a new way for users to engage with the platform via filters, they failed to ensure compliance along the way, leading to significant financial consequences.

Accordingly, data responsibility must be an “always-on” practice. Compliance is ongoing, ever-present, and active – this is why it’s so important to automate the process where possible. Companies like SafeGuard Privacy and Ketch help automate the assessment of privacy laws so their clients (brands) feel confident about the legality of their data practices. On one hand, privacy laws naturally inhibit the possibility of taking certain innovative risks, on the other hand innovation is vital to a company’s success, meaning there has to be a level of risk mitigation in order to drive growth. Automated compliance is that missing piece to responsibly free product innovators from the chains of regulation.

Where to start: 

  1. Explore your organization’s automated compliance checks today
    1. Identify the owner of data privacy compliance
    2. Identify core areas of data compliance and privacy risks
    3. Understand gaps in the organization’s current compliance state
  2. Assess your organization’s process to check compliance
    1. Define your KPIs
      1. Speed to identify gaps in compliance
      2. Speed to recover gaps in compliance
      3. Identify monetary value of gaps should the organization get penalized
    2. Identify all compliance touch points
      1. Who is responsible for maintaining the compliance checks?
      2. Who is responsible for what areas of data privacy?
    3. Determine if any changes in technology are needed
      1. Is the process too manual and in need of automation?
        1. What is the length of time to run one compliance check? What financial implications does that have?


User Story 4

Build a positive brand reputation through privacy forward campaigns

As a marketer, I want to showcase my organization’s commitment to data privacy and compliance with current and forthcoming laws, so that I can continue to grow a positive brand image grounded in consumer trust.


Businesses must prioritize compliance as a key aspect of their operations and overall image. Not only is compliance essential for avoiding legal and financial consequences, but it also has a significant impact on a company’s reputation.

Customers increasingly care that companies demonstrate a commitment to ethical and legal practices. Respecting and protecting consumers’ data, privacy, and security is commonly found to be the number one driver of brand trust5, and with brand trust comes sales6. Therefore, by publicly adhering to regulations and implementing best practices for data privacy and security, companies can directly influence their top line.

Doing this does not need to be a passive strategy. For example, Discover recently launched a Free Online Privacy Protection program. In a highly regulated industry with sensitive information, what better way to build trust equity with consumers than proactively putting privacy and security front and center in their communications? Another great example is Apple taking a stronger stance on tracking data across applications with their app tracking initiative. Both of these demonstrate a commitment to the customer in an effort to build trust equity with the broader market. These are just a couple of examples of how to leverage data privacy to build trust, but there are many other opportunities for companies that can and should follow suit, because trust drives growth.

Supporting Statistics:

  • Respecting and protecting consumers’ data, privacy, and security is the number one driver of brand trust5
  • Responsible data practices can even drive up to a 23% increase in purchase intent6

Where to start: 

  1. Market Research
    1. Determine if your industry sits on highly sensitive data (think beyond credit/debit card information)
      1. E.g. Phone numbers, social security numbers, health information, etc.
    2. Identify what other companies have done with privacy
      1. E.g. Discover
    3. Analyze competitor messaging regarding privacy and compliance
  2. Assess viability to showcase responsible data practices
    1. Distinguish parts of the business that can be leveraged to emphasize data privacy prioritization
      1. E.g an organization may have offerings that requires a social security number and may offerings that don’t
    2. Identify who requires buy-in 
      1. E.g. executive leadership
    3. Establish a North Star for the campaign / offering
      1. OKRs / KPIs

Marketers have a unique opportunity to drive growth fueled by responsible data privacy practices – the time is now for marketers to take a stance on how data is leveraged and handled, it might just be the missing piece for continued growth.

  • Consider this a challenge to marketers – know your organization’s privacy and compliance policies, operations, and the implications on your customer data that is leveraged for personalized marketing communications
  • Take ownership over the privacy conversation – understand and help shape the the tactics being used to capture consent and promote regulatory compliance

This change in mindset and practice can be intimidating, but it is critical for marketers to start the journey today.

Want to learn more? 

We’d love to show you how Transparent Partners empowers data-driven marketers to build better relationships with customers through compliant data. Click here to get in touch.

Eric Zalewski, Sr. Analyst, Data & Analytics