Legal and political developments such as the GDPR, but also the increasing sensitivity of customers, make data protection and data security an increasingly important challenge for companies that process personal data for marketing purposes.
But high standards of data protection and data security are not only a duty, they are also a competitive advantage. Customers are more likely to trust companies with their data if they establish high standards and communicate this proactively. Since marketing today requires the use of technology, it is important to consider data protection and data security criteria when selecting marketing technologies and service providers.

No legal and political development has occupied the digital economy and digital marketing in recent years more than the introduction of the European Data Protection Regulation (GDPR). In addition to the GDPR, the US Cloud Act also caused uncertainty among companies. As a result, customers are becoming increasingly sensitive to commercial data processing. They are afraid of data misuse and harbor a general distrust towards commercial data use. According to a YouGov study, 56 percent of Germans doubt that their personal data is sufficiently protected on the Internet. 55 percent feel that they have no control over their data on the Internet. At the same time, 93 percent find data protection important. Establishing high standards for data protection and data security is thus becoming an increasingly important challenge for companies and is therefore more than just a tiresome compulsory exercise to avoid legal risks or loss of trust among customers. A high level of data protection and data security is a competitive advantage, especially over non-European competitors.
With the GDPR, a set of rules was created for the first time that regulates the collection and processing of data throughout the EU, thus putting an end to the coexistence of different, divergent national regulations. The impact of the GDPR on companies depends on the respective business model. German companies definitely had a head start in implementing the GDPR, as the GDPR is based in many parts on the previous German legal situation, with which German companies have long been familiar and which was implemented long before 25 May 2018. Therefore, the GDPR was and is not an obstacle for German companies in the use of data. Quite the opposite, it is a competitive advantage. This advantage applies in particular in comparison to US companies, which also have to comply with the GDPR when offering their services within the EU.
Many of these providers are still struggling to implement the requirements of the GDPR, so that the issue is still far from being resolved many months after its introduction.

Prepare in time for legal and political developments and communicate high standards

And this may be followed by further legal, political or other developments (e.g. voluntary association guidelines), which again place new, potentially higher demands on companies‘ data protection and data security. It is important for companies to prepare for these developments in good time so that they are not overwhelmed by complex requirements in the short term. Early adaptation of your own data protection and data security standards is always a competitive advantage. But even independently of specific legal regulations, it makes sense for companies to rely on high standards of data protection and data security if they can score points with their customers.
Data, especially personal data, is an elementary component of digital business models and marketing. Today‘s customers interact with an increasing number of digital applications, generating data that companies use to improve marketing, service, and the overall customer experience. Truly customer- centric marketing activities and services are no longer possible without the use of personal data. Customers are generally willing to transfer their personal data to companies. However, certain conditions must be met for this to happen. According to a recent study by the Global Alliance of Data-Driven Marketing Associations (GDMA), DDV and Acxiom, 40 percent of customers are happy to share their personal data if they receive free ervices and products in return. 38 percent share data if they receive cheaper or higher-quality products in return. In contrast, 39 percent only like to share their data if they can trust the company. The more attractive the offers and the greater the trust, the greater the willingness to share personal data. This applies in particular to sensitive data such as consumption habits, movement profiles, financial status or health status. To build trust, it is not only necessary to implement high data protection and data security standards, but also to communicate this high level. Transparency is the most important thing here. In their data usage declaration/data protection statement companies should describe precisely and clearly what data is collected, for what purpose it is used, how long it is stored and how it is processed in concrete terms, as well as the rights of access and deletion of the customer concerned. Other confidence-building
measures that should be prominently communicated to the customer include data protection seals, certifications, server locations, contact persons for data protection issues, compliance regulations, or special organizational and technical measures to ensure data protection and data security.

Consider data protection and data security

The collection, processing, analysis and use of personal data in marketing and service communication requires the use of technologies such as realtime marketing automation or data analytics technology. Selecting the right technologies and service providers for one‘s own business model or use cases has therefore become a fundamental challenge for data-driven companies. In addition to other criteria such as integration capability, usability, or future viability, data protection and data security are becoming increasingly important as selection criteria.
After all, anyone who wants to establish a high level of data protection and data security must also rely on technologies and service providers that make this possible or facilitate it. In addition, companies are also fundamentally liable for the use of third-party technologies and service providers. This means that they can also be held responsible for data protection or data security incidents that occur due to security gaps in the technologies used.

There are three relevant criteria that companies should consider when selecting technologies and service providers:

  • Privacy by Design:It is important to think about the issue of data protection already in the design and planning phase of each project. One instrument for this is the so-called data protection impact assessment. Within the scope of a data protection impact assessment, the data protection and data security risks of a project are evaluated and, if necessary, measures are derived to minimize these risks. Companies should also consider the influence of the service provider or technology on the risk. Service providers should be able to support a data protection impact assessment and implement the necessary technical and organizational measures to minimize risks. These measures could include, for example, hosting in a private cloud in Germany or various access restrictions for personal data.
  • Privacy by Default:The implementation of measures is simplified by using technologies with data protection- friendly default settings. These can include, for example, standard encryption of data transmissions, realtime synchronization of blacklists or settings that prevent profiling without opt-in.
  • Certification: Technologies and service providers can be certified according to internationally recognized standards for compliance with certain data protection and data security requirements. Certification, or the selection of certified service providers and technologies, can simplify the process of testing service providers and technologies for compliance with certain compliance standards.