Skip to main content

Protect data privacy, earn customer trust

For years, people browsed, downloaded, shared, forwarded and signed up for anything and everything online without a second thought to where their data was going, who was using it, and for what. Now, that is all changing. People know that their personal data has value, and they would rather give it (and their money!) to companies that protect data privacy. 

Let’s see how your company can show people you protect data privacy and earn customer trust and brand loyalty.  

Data privacy: Is people’s data really your product?

This rather infamous quote from the documentary The Social Dilemma summarizes a truism about sharing personal data that has made its way into the collective consciousness: 

“If you’re not paying for the product, then you are the product.” 

⁠— Tristan Harris, Google’s former design ethicist and Co-Founder of the Center for Humane Technology 

It’s worth mentioning that Harris was talking about the big social media giants and tech behemoths who literally make their money (and plenty of it!) by collecting data about you, including your age, preferences, beliefs and more, and selling all of it to advertisers. 

Ironically, awareness of data privacy issues still hasn’t stopped most people from sharing highly personal and sensitive data on social media platforms (who are often the worst offenders), but it may make consumers take pause before giving out their contact info in general, especially to unknown companies.  

While it is always a good idea to think twice about who you share your data with, this does present a challenge for small and medium businesses. 

Small business owner checks customer data carefully before filling order

If you run a small business or an online shop, your product is probably just your product, and your customers are your customers. You do not make the bulk of your revenue from selling people’s data.  

But the issue is nuanced, because you are still quite dependent on collecting personal data. For example, you must collect contact info to provide goods and services, and for leads to market them.  

How can you make sure people feel comfortable sharing their data with you? 

Make data privacy part of your brand

Maybe you’d like to offer a free guide, in exchange for marketing leads, or a free trial of your product to show people how great it is. How can you make sure people see this offer for what it is: A valuable freebie that could be the start of a mutually beneficial relationship, rather than a sneaky grab at their data? 

Ask yourself: 

  • Do you sell people’s data? 
  • Do you share your customers’ data with third parties? 
  • Do you transfer personal data internationally? 

If you answered NO to all or most of those questions, awesome! Let your customers know in clear, unambiguous language. 

Include statements like this in your privacy policy and link it anywhere you collect data: 

  • “We never sell your data.” 
  • “We do not share your data with any third party.” 
  • “All data is kept securely on servers located in the EU.” 

Of course, you should only use these statements if they are true. Make sure you note any exceptions. If you share data with trusted business partners, list them. 

Here are a few more questions you can ask to evaluate your privacy practices: 

  • Do you only collect the data you need to communicate with customers and provide services? 
  • Do you only collect certain types of personal data? 
  • Do you delete people’s data when you no longer need it? 

If you answered YES to most of these, awesome! Tell your customers about it in your privacy policy, with specific statements like:  

  • “We collect your name, email, and company name, in order to provide support, and keep you up to date with new products and services.” 
  • “We keep your personal data as long as your account is active and for a maximum of two years after that.” 

Again, only use statements like these if they are true. Note any exceptions. For example, you may collect behavioral data to improve your services. If so, list it clearly. If that data is anonymized so that it cannot be used to identify people, mention that too. The idea is to honestly describe what personal data you collect and why, while highlighting your privacy program’s fine points and your commitment to privacy.  

Evaluate and improve data privacy

Take an inventory of the personal data you already have and make sure your storage practices match up with your policies.  

Small business owner evaluating her privacy management

Use your data inventory to answer the following questions: 

  • Where do we store personal data?  
  • Who has access to personal data?  
  • How long do we keep personal data? 
  • Does the data we store include high-risk, sensitive data? 
  • Are there categories of data we should delete? 
  • Are we still using the personal data we store for the purpose for which we collected it? 
  • If so, how will we protect it? 
  • Where can we improve? 

To perform this type of data inventory manually with any sort of accuracy would be nearly impossible. We suggest performing a quick data inventory with DataMapper. 

Respect people’s data privacy rights

Under the GDPR and other privacy regulations, people have the right to ask you for a complete list of all personal information you have collected about them, or make another more specific request, for example, they may ask to: 

  • Have their data deleted 
  • Get a copy of their data 
  • Find out if their data has been breached 
  • Update or correct their data 
  • Object to how their data is being used
  • Restrict future use of their data

 You should outline these rights in your privacy policy, and then provide a standard way for these data requests (also called DSARs) to come in. We suggest linking a secure data request portal to your privacy policy.  

Making the data request portal available shows people you are transparent about your data storage practices, and it also makes it easy for you to track data requests and respond to them on time (your response is usually due within 30 days). Read about setting up a request portal here. 

Want more free data privacy tips?

Get the latest data privacy management news, trends and expert tips delivered straight to your inbox.

    Give people a chance to opt-out

    Give people a chance to opt-out of having certain information collected, shared, and especially sold. This last one is a requirement for companies that market to California residents under the CCPA, and a good practice in general. 

    Protect data privacy

    Set up a secure way to collect people’s data to keep it safe in transit and at rest. We suggest TrustedLink as a secure upload point for personal and confidential data.  

    Add a TrustedLink to your website or to your email signature to create an encrypted folder that gets consent automatically before accepting someone’s data, then protects the data in transit and at rest with encryption and customizable data retention limits.   

    TrustedLink gets consent automatically before accepting a person’s data, and sends the data to you in a secure, encrypted folder that you can access with a one-time password. It saves the data securely for 32 days by default, or your pre-set data retention period, then automatically deletes it.  

    TrustedLink is an optional add-in for ShareSimple. Read more here. 

    Data privacy and customer loyalty

    People’s trust in companies in general is decreasing, but that doesn’t have to be the case for your company. Show people that their privacy matters to you and that you have taken steps to protect it.  

    Making data privacy a priority is a great way to make a genuine connection with your customers and earn their trust and loyalty for the long haul. 

    Read more about how SafeOnline can help you get the tools you need to keep up with the demand for privacy and data protection → 

    Sebastian Allerelli

    Governance, risk, and compliance specialist