Forget Growth Hacks – Privacy Is The New Secret To More Customers

If you missed the news that there’s new data protection and online privacy rules in Europe – panic briefly then settle down because this article tells you how to make the most of it.

GDPR & Why You Should Care About It

So first about the updates. The new data protection change is called the General Data Protection Regulation (GDPR) and it was adopted in April 2016. If you’re based in any European country you’re probably familiar with the local version of the data protection act – now the GDPR replaces those with one that applies equally in the EU and globally. That’s right – even if your company is headquartered outside the EU but your customers are from the EU – you will need to comply with the GDPR. Read more about what the the GDPR is.

It introduces strict measures for handling personal data. This is not only emails and names, gender, DOB but now also includes IP addresses and device identifiers. Needless to say, if you’re FinTech, MedTech, SaaS/cloud provider or are about data analytics, big data and connected devices then you need to pay extra attention. Among the changes are restrictions on international data transfers, plain and simple policies, unambiguous consent, technical and organisational preparedness and staff awareness. Perhaps the most important of all, is the processor’s obligation to be compliant. In other words, 3rd parties that handle data on a company’s behalf such as customer research, cloud storage, email marketing…etc. have to be compliant as well.

How Does It Affect Startups?

From our experience in helping startups with this topic – we identified a few issues in which paying attention to data protection will help your business. First is testing a new product. If you’re about to launch a new product – testing it proves very important. Before sending emails with updates about your latest feature or prompting users to participate in a survey you have to revisit consent. This is very critical with the GDPR in the picture. Consent has to be informed and not pre – ticked. In fact, consent has to be addressed at the very first stage; before users sign up to a newsletter. They have to know what they are signing up for and what will be done with their information. If you’re using any other services (3rd parties) to carry out your testing users have to know who they are and if they’re compliant as well. Lastly, always give users the option to withdraw consent. A useful tip: check out Privacy by Design.

How Can You Use It To Gain Clients?

In addition to testing, there is growth hacking. Privacy comes very handy for that. Consider the following statistics. 2/3 of EU customers want harmonised data protection rules. In the UK alone, 67% of people want tougher data protection laws. In fact, a recently published Adults’ Media Use and Attitudes report states that the cautiousness levels among users are rising by 30% from last year with specific concerns about online privacy. In other words, customers are really upset about having their information abused. The other side of this coin is that users reward a company that respects their privacy. In fact, according to Eurobarometer 20% of individuals in the EU will pay more for a service that respects their privacy over a competitor offering the same product or service. Practical examples of this are constantly on the rise.

Positioning a company as a privacy beacon in this environment will be most lucrative than ever. To do this start with setting up a comprehensive data protection program with the correct policies and the technical capabilities. What’s great about an idea stage company and startups in general is the ability to enact change at a very critical stage therefore establishing a strong foundation for the future.

Lastly, international data transfers. This seems to be the area where most people have some knowledge about or at least have heard someone speak about it in someway. With the Safe Harbour agreement being cancelled and Privacy Shield still in the pipes general knowledge is blurred even further. To cut to the chase, transferring data outside of the EEA area is prohibited. There are a few exceptions that the EU has identified with countries having adequate levels of protection. As a startup this affects you in the way you choose your contractors. A company should also be cautious about say cloud providers and other 3rd parties that process personal data of users’ outside of the EU.

_____________

Sharing is caring so please share this post. Thank you!

Photo credit: Dean Hochman via VisualHunt / CC BY