Event Recording

Chad Wollen: What Is Privacy Experience Management? Why Does It Matter to Your Business?

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
I'm here to talk to you about privacy, experience management, what it is and why it's time has come. Just so you know about P to give you some context, here's a nice thing a client said about us. It paints a great picture of what P does. We are pretty unique, which means we are pretty boutique and our clients tend to have any of four motivations to work with us concern because they're digital and data driven. They want to be squeaky clean now and into the future ambition, they have excellence in their DNA. They see the privacy experience as the next frontier for leadership care because their profit comes from doing the right thing and they want to align their real life values with digital life learning because they're old and established new to making their products and services smart. They want to start out avoiding the mistakes of others.
So what is privacy experience management here is our working definition and that the start to be clear before I explain privacy experience management today, I'm not talking about the critical but adjacent and connected area of security. Okay. So let's begin privacy experience management is fundamentally about personal data it's collection and use it's processing by the enterprise. First and foremost, processing must be done lawfully, but that is the start not the end of the matter. Privacy experience. Management requires an understanding of all the stakeholders, external stakeholders who have an interest in personal data, that understanding is translated into designing, creating, and managing the privacy experience and its interactions to achieve beyond compliance, commercial goals, customer outcomes, brand consistency, and sustainable relationships. This requires the enterprise to marshal functionality, interfaces, content, and architectures.
Some say, ideas are best explained with analogies and the parallels with customer experience management and customer relationship management are obvious. They are good analogies for what I'm talking about. The main difference is focus. Privacy. Experience management is about carving out a space to focus on creating the most favorable for all conditions, for collecting and using data just as CRM does the same for collecting money linked, but different. It spans for data that creates value and data creating data value. It is also said that a narrative is useful to aid understanding the story of privacy experience management is if anything, about managing complexity. So if you're sitting comfortably, let us begin. In the past. The enterprise collected personal data, commercial goals were limited core services, product delivery, or CRM marketing. The internet was just crawling out into the mainstream. The law was not keeping up with the business models, activities and new actors technology pushing against the law with legal assumptions of those times. And those territories embedded into the newly cut code of emerging platforms. It was framed with the benefit of the doubt given to the enterprise consent, opting out, not in legitimate interest, had to be disproved, not proven privacy rights on the periphery compliance was more a statement than a demonstration of lawfulness.
Personal data got bigger commercial goals, expanded purposes and activities exploded. Customers started to leave digital footprints or data exhausts breadcrumbs shadows. We also see the growth of mobile or smartphones data fixed people in time and space, data harvested and mind. The talk was of the new oil. The law responded at least from a European perspective, the slow and torturous process that led to the GDPR began initiated into oh nine with public consultations. First drafts in 2012 enactment in 2016 and the whimper of enforcement in 2018. Now this is not the time or the place for a bullet point description of the GDPR. I will spare you that, but let's focus on one huge legal change. A true catalyst. A change P believes creates the fertile legal ground for privacy experience management, the account B ability principle, article five, paragraph two completely changes the terms of trade.
It represents one of the few material differences between the directive and the regulation. It changes the way we interpret all that are on the surface has remained the same accountability, the first domino topples, but more than that, its effects get wider, deeper and stronger as they flow through the system. We find when the penny drops on accountability, long held assumptions are reappraised and the it estate immediately increases its technical debt. Professor mark bogans has made accountability his life work. He gives us one of the most cited definitions of accountability. It crystallizes for us that first domino topple understanding the privacy relationship and the privacy forum, a space and an audience, a set of stakeholders and privacy experience management as a hygiene factor must deliver privacy experiences and interactions where those stakeholders find explanations, which can be understood. Justifi justifications, which can be approved of questions that can be formulated and asked and judgements, which can become positive.
Who are these stakeholders to keep it simple. We start at the source of the river, not where it flows into the sea stakeholders are the groups which have a material impact on the ability of the enterprise to collect and use personal data. We see four key stakeholder groups and here they're ordered in rough priority. When we ask a business to whom are you accountable, we often get confusing responses. The boss, the board, the shareholders, the DPO, the regulator, the law for us, the answer is simple. The data subject, the user, the prospect, the customer, the consumer, all others seek in their own way to ensure or exploit that fact and to generalize, regulators are motivated by order activists by justice litigators, by money. All these motivations must be part of the mix of a great privacy experience.
When all the stakeholders are in the frame, what the enterprise needs to achieve broadens and deepens. Yes, commercial goals are still at the top of the list. It can only be that way, but now we need to identify and define what are the outcomes stakeholders are looking for. Customer outcomes are still the most important how to maintain and build relationships with stakeholders and how to deliver consistently against brand and service expectations. So now the rubber hits the road, the design of the experience, the mapping of interactions, the pulling together. So there is a blueprint for privacy services, touchpoints, journeys, and occasions, and on to what then needs to be built to support that the creation of the content, the interfaces, the functionality in the architecture. Now I'm not talking or mentioning explicitly the word technology here. Good privacy requirements will lead to good privacy specifications systems and processes must be fit for purpose. They must be agile and future proof, but privacy management is not all about the digital human touch high or low is still critical. And some of the trickiest problems, concern, integrating privacy experiences into it, assisted care channels. And this raises a topic for another day, the creating of a privacy culture and the incorporation of concepts like conduct risk into the data protection toolkit.
And so another domino topples the need for new capabilities and work domains. The process starts in designing and creating and onto managing the privacy experience to achieve and improve on the desired commercial goals, customer outcomes, brand consistencies, and sustainable relationships. So what are these capabilities where must attention be focused first, never lose sight of what needs to be achieved. The goals, the outcomes, the consistency, the relationships, second, the six capabilities or domains, which are needed for privacy experience management. They are clear privacy governance leveraging the brand's reputation marketing, which connects data and privacy to value building out a portfolio of services. Having the technology, which delivers the services enables the marketing ensures the reputation reflects the governance, a supply chain, which aligns with all of the above and says it does. The problem is the current state of the privacy experience is a mess. It is not being managed.
We find that businesses face on changing tablets of stone, legal policies and paradoxically, that person, that legal interpretations change, depending on which lawyer picks up the phone, that personal data is a no comment topic publicly. And it is confined to the dense legal text located on the privacy. Notice that permission capture securing data use beyond performance of contract is driven by incentives, which focus on permission volumes that tools are complex journeys are navigable and information inconsistent. And I would say that they're dark patterns, but that would assume some element of that. The supply chain is invisible at best. And the wild west at worst technology is not fit for the very stretching purposes. It needs to live up to. I mean, just look at the desal struggles. Now think about delivering the right to restriction.
Please read, and I'll draw your attention to some key points. One business rules are harmonized and standardized shared understandings are created a comprehensible and state stable internal operating environment is a prerequisite of privacy experience management. Two, the brand speaks out and stands up for privacy. Three marketing manages permissions for value across the life cycle, utilizing established frameworks tools and measures and aligning the privacy lifecycle with the core customer lifecycle four, the cornerstone of the privacy experience are privacy services. It's that simple five partners must be a source of pride whose operations can be front of pack, six technology fit for purpose and agile enough to keep up with the innovation agenda more often than not. It is the law that gets called the barrier. When in reality it is the technology, but Houston, we have a problem. Everything said so far about privacy. Experience management is nowhere in the current playbook of two critical board level programs, digital transformation and privacy management, privacy management programs have seen billions invested.
Digital transformation has seen trillions yet. These two deeply connected and synergistic initiatives pass like ships in the night. There's a fly in the ointment, an elephant in the room and it makes life way harder than it should be. The two most important vehicles for change are so ill-equipped for the privacy challenge. And if I leave you with one lasting thought today, I hope it's this connect digital transformation with privacy management ground, the transformation lift the management, start working with people who get both sides of the coin. And I hope that was not too much of a blatant plug. Anyway, there might. What is the way to start on your journey to be old school that can be at any level, start with this strategic and create a vision for your privacy experience. Operationally with principles or tactical by optimization. Here are some examples. Sometimes it's good to explore scenarios to decide on the future.
You wish to create at P we think the most uncertain and impactful drivers of the future concern consumers and how they engage with data. So they become more activists or more apathetic and enterprises, how they engage with one another more competitive or more collaborative from these types of explorations. Visions are described and goals defined. Talking about the value exchange for personal data is one of the greatest cliches in privacy. An operational point of entry into privacy experience management is to make that a reality start defining data and privacy propositions. What are the actual and perceived benefits of processing purposes and activities, and how are those benefits articulated? This means getting close to the voice of your customer. And over the years, we have found the Preston Western privacy index of uncon concerned, pragmatists and fundamentalists, an insightful segmentation to start concept definition or proposition development, or at the tactical level, lifting the hood and asking what is wrong with what we are doing today? What are the risks in our current privacy experience? And here it's important to bring not just the user, the customer's perspective, but also at the experience through the lens of other stakeholders using reliable and detailed S
So what can I leave you with six principles linked to capabilities.
One build out from engagement with the business, build internal privacy standards that everybody understands. Two communicate about privacy early and often set expectations about privacy choices, make privacy, a recognizable part of the brand three deliver what is in value to the customer, to the business. Explore what is material to other stakeholders? Four focus on services. People will use not on tools. People have to learn to use five shine, a light on the data supply chain, make it part of being trustworthy. Six. If the stack can manage poor core privacy requirements, it's gonna do you. All right. So thank you. That's me done. Please ask me questions or now, or contact me at Chad. We R p.co UK. Thank you very much.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00