Skip to main content

Follow best practices to collect data and build trust

Data collection is essential for businesses. People need to share personal information with you to get the most value from your services and products. But if you do not follow best practices to build trust when collecting data, people will hesitate to share it with you. Their user experience will suffer, and you may lose a customer.

High-profile data leaks and new privacy regulations have made consumers more aware of their privacy risks. People are also becoming more cognizant of their own rights when it comes to their data.

In fact, some caution and restraint when sharing personal data is wise. However, it does create challenges for legitimate companies that need to process their customers’ personal information with every transaction. That’s all of us!

People may be especially reluctant to share sensitive data on new platforms/apps. So think about what you can do to make people feel safe using your websites and software.

What can you do to let people know they can trust you with their data? We’ve created a list of 7 best practices to build trust.

7 data collection best practices to build trust as a company

1. Establish authenticity with strong tools and partnerships

New online services come out every day. Potential users may struggle to tell the difference between websites and platforms that have real value and the frauds.

To stand apart from the crowd:

Try to partner with established companies

Make sure you align your practices with the latest data privacy regulations by choosing reliable privacy management software

Let people know about it by describing the safeguards you have in place in your policies

Add a privacy request portal to your website so users can see you respect their rights as data subjects

Request portal

2. Only collect data you need, explain why you need it + how you will keep it safe

Don’t leave people wondering why you are asking for their data or whether it is safe to share it with you. If you have an app, platform, or website that requires people to input their personal data, make sure you:

Sprinkle brief educational content throughout your onboarding

Include images, GIFs, videos and FAQs as visual aids

If possible, make helpful info and policies available in additional languages

Anticipate questions and doubts people might have about your data collection practices and answer them in-line

When people understand how your service works and why they can be sure it is safe, they will feel more comfortable inputting their data, and they will have a better experience overall.

Only ask for data as you need it

Let people start using your app without creating an account or entering their name and personal information. Then, when personal information is needed for a certain function, explain why you are asking for it.

Explain why you need each bit of data

Tell people why they will get more value by connecting their email

Acknowledge security concerns, and point out safety features

Provide a link to learn more about security. This could be a video, an article, or just a pop up.

When you introduce new features, make sure you explain why they are safe and secure. And if when you add features to improve security and privacy, make sure you tell people!

PrivacyWallet security

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

3. Ask for consent at the right time, in the right way

Do you need to ask employees for sensitive health information?  Do you want users to allow your app to see their location? Getting consent before collecting data is a requirement under most data protection regulations. But how you do so can either put your users at ease…or on edge. Here are a couple of tips:

Make your consent messages brief and clear. A long, inscrutable consent form full of legal jargon could make users question what they are really signing up for.

Don’t ask the user for permission to access data until you really need it. Asking your users for permission too early or for too many things at once are common mistakes that could cause users to back out.

Did you know that you and your team could be collecting personal data without consent, without even being aware of it. Take email as an example. When communicating with customers and employees, it’s not unusual to ask for or receive personal and sensitive data without a second thought. How can you make sure proper consent is obtained before accepting personal data people send you by email?

Use a data sharing service for email to create a secure email practice

With a service for data sharing via email, you can make your Outlook/Microsoft accounts safe to share data. The service enables you to send or request data securely to/from anyone in the world.

When requesting data, you can quickly create a secure data request form to include in the message you are composing. It will be sent along with the customized consent you’ve created. This way, each time someone sends data back to you it will automatically come with consent.

You can also use a secure upload point to get consent before accepting data people share with you. Add them to your website, for example, on your careers page to receive CVs; to your email signature, or anywhere else to create a safe spot for people to drop their data off. They will always be prompted to give consent before uploading their data to your encrypted folder that no one else can access.

4. Send notifications, keep documentation

Notifications keep users in the loop, documentation keeps you compliant. Each time someone shares data with you, make sure they get a success message. The message can includes a reminder about your company’s security. If there are wait times, let them know why. If they have to take additional action, tell them.

Setup a service to handle personal data requests

A request manager service can automatically notify the person when their privacy request is received. This is a requirement under some regulations, and it keeps people informed at all stages of the response process.

A request manager can send your team notifications too, to remind you when a request is due; and it documents everything to demonstrate compliance with privacy.

5. Options and data minimization empower the user

The easier it is to share data with you, the less frustration for the user. However, ease and speed of sharing must come with appropriate controls to show users they are still in charge of what they share at every step. Here is a few tips:

When you collect data, divide it into mandatory and optional categories.

When you do ask for additional information, educate your users about why adding this optional information will improve their experience. Then let them pick and choose what they are willing to share.

Let people try your products without creating an account if possible, and only ask for the data they need to get started.

Use automated data discovery to find all the sensitive data your company stores. Track and evaluate your processes. Decide what kinds of data you really need to collect. Make additional data collection optional. Finally, eliminate data you no longer need.

6. Involve users in the design process.

Whenever a company or a person hands their data over to you in order to use your website/app/platform’s services, to a certain extent they may feel they are losing control of that data.

If your users do experience fear related to sharing their sensitive personal data at any point when using your services, consider what might be causing them to hesitate.

However, using your imagination will only get you so far. Following these best practices to build trust can help, but you need to use testing to determine with any certainty how real users react to each of your screens.

Want to clean up your emails for sensitive information?

With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.

7. Offer support and resources.

Make it easy for people to find all the help and resources they may need in one place that can be accessed right from your website or app.

Be sure to include details about your security (encryption, passwords, access tokens, servers, etc.) and about your privacy management strategies.


Use a HelpCenter to let people instantly access self-service support and quick troubleshooting for all your products. This is also a space to provide plenty of additional security information.

Of course, everything you do to reassure users that their data is safe with you should be backed up with a real, solid plan to protect the data. Then, support your plan with the best privacy management tools.


A smarter way to collect data

At Safe Online we develop tools that make it easy to follow best practices to build trust in your customers and keep up with privacy regulations at the same time.

DataMapper - find your sensitive data
ShareSimple - send and recieve data securely in Outlook
RequestManager - process data subject requests easily

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →