The Future of Privacy: Why Corporate Social Responsibility (CSR) and data protection can only go hand in hand

Information technology and the Internet have added a new stakeholder concern to the Corporate Social Responsibility (CSR) agenda: online privacy. With the emergence of the GDPR in 2018, business models that have evolved to embed privacy within companies’ focus and design are now seeing the benefits. Whereas in the past privacy might have been seen as part of general compliance, many companies are going beyond this and applying privacy to their mission to do good and build consumer trust on a wider scale.

“The discretion that companies can have when it comes to online privacy is also ultimately a question of morality,” says Irene Pollach in her research study of the tie between privacy and CSR for the “Business Ethics European Review”. This tie to morality found within the CSR agenda is what ultimately grows consumer trust and sets companies apart with a competitive advantage.

Transparency might just be the answer.

Priorities have shifted as Corporate Social Responsibility and Environmental, Social, and Governance (ESG) practices within companies have increasingly gained popularity. More and more companies assess their obligations to their employees, customers and the broader community as they determine that consumers care about companies that care.

Not many would have envisaged the COVID-19 pandemic and the emergence of dedicated tracing applications and potential privacy threats around the hundreds of health tracking forms filled during this time period. Recent findings from the EY Global Consumer Privacy Survey 2020 found that the pandemic has consumers willing to share personal data for the benefit of the greater good. However, consumer trust remains a large issue. “Almost half (47%) of consumers globally don’t trust their governments to utilize users’ data beyond its stated purpose,”as mentioned in the article. One thing is clear – privacy and trust goes hand in hand.

“Companies must get in front of their digital strategies to make certain that, as things stabilize, they will be able to deliver on consumer expectations,”
says Angela Saverice-Rohan, EY Americas Privacy Leader.

Whether it is the most recent scandals involving Facebook, or the latest data hacks and breaches, privacy is on top of global legislators’ agendas. To date, lawmakers in the US have introduced bills in 24 states. Alaska, Connecticut, Florida, Illinois, Minnesota, New York, Massachusetts, and Washington are considering multiple bills. Virginia, Colorado and California have successfully passed legislation for tightened privacy laws. Internationally, South Africa and Brazil have passed expansive privacy laws with POPIA and the LGPD. Compliance with privacy laws is a relevant commitment for international organizations and company-wide growth. Check out our knowledge hub to read more about changing legislation.

Approaching data protection as a core business strategy, rather than just a compliance or security issue, can set a company apart from competitors. As a result, rather than playing catch-up with the laws and consumer demands, companies should choose to make data privacy rights a priority and a part of their CSR and ESG plans from the start.

Every strong business strategy has a strong privacy strategy in place.

“Intangible assets are the elements, after working capital and tangible assets, that make the business work and are often the primary contributors to the earning power of the enterprise.” Smith et al

In a study about data privacy and user trust produced by McKinsey, half of respondents said that they are more likely to trust a company that goes about things “smartly” when it comes to data protection. An example in the study states that when companies only ask for limited information, it signals that they are taking a thoughtful approach to the data they collect.

But the statistics are clear: 87 percent of respondents would not do business with a company if they had concerns over security practices. 71 percent would even stop doing business with a company entirely if it shared sensitive information without permission, making the link between transparency and revenue clear.

How to successfully build a privacy strategy into a company’s DNA might seem complicated. But implementing CSR and privacy as part of operational strategy is actually more simple than you think. The key is to start at the beginning and think big, or more accurately: company-wide.

Usercentrics spoke with Anna Garcia for the Up! Day of privacy event. Anna is Chief DPO for IKEA Spain, responsible for a privacy strategy that managed many of the overall annual 2.6 billion visits to the IKEA.com website, 22.6 million visits to the online IKEA catalogue and 26 million visits to the IKEA store app in 2019. “Privacy involves many parts of the business,” she says, and the “right technologies, ideas, and talent have to be used in order to make this a successful endeavor.”

In an unpredictable world where data developments are occurring at lightning speed, businesses need to consider and implement controls and measures to safeguard the privacy rights of individuals and ensure their organizational regulatory compliance. Data privacy is not about only ticking a box and sending a request to the IT department; it is about embedding a new culture and shifting a mindset in order to see privacy at the heart of any new technology, system or process being designed. More than this, it is about re-engineering existing systems with a fresh eye on privacy, and a new respect for the risk of falling afoul of the regulators and the law. Here, cooperation between different departments, such as engineering and legal, becomes crucial.

Data privacy can be embedded into the greater CSR and ESG roadmap at all phases of a company’s life cycle.

For startups just beginning to position their brand and internal strategies, establishing the right policies and procedures around data governance can help build good habits for the future and can help solidify culture around privacy. For more established companies, a commitment to data privacy can enhance consumer trust in not only your product, but also a company as a whole providing a competitive advantage. Especially for data-driven businesses and those in an expansion and growth phase. That’s why the term “privacy by design” has been adopted by companies that implement such a strategy from the get-go in order to ensure smooth expansion. This is especially relevant for the mobile app sector where design tools have to be embedded during the design stage in order to ensure a useful UX pathway.

• Stronger corporate branding position
  Being GDPR-compliant provides a stronger corporate branding position by reassuring current and future clients that the company takes data protection seriously.

• Higher acceptance rates
  Website visitors will be more inclined to consent to use of their data if they have a general level of user trust with the company and brand.

• Higher quality data
  GDPR-compliance enables better targeting of customers and new and creative ways to collect consumer data. It ensures that marketing collects specific and higher quality data, ultimately saving time and resources for the marketing team.

Other potential benefits include cleaner data, higher engagement from stakeholders and valuable relationships for long-term strategies.