The personal data conundrum

by Lola Ladejobi Director - Data & Analytics, Governance

Email +44 (0)7711 562241

by Charlotte Rampton Senior Associate - Technology Risk

Email +44 (0)7841 073302

Customer data is an essential element of 21st century business, but the process of its collection and use is becoming increasingly difficult.

In this two part blog we explore the challenges and the potential solutions.

Businesses collect, store and process large amounts of data on their customers, not simply to run their business but also to improve customer experience and refine their marketing strategy. Online and mobile technologies have revolutionised the process of data gathering for businesses and consumers alike, enabling the storage of huge amounts of data at a fraction of the historic cost and making the process of providing that data much easier for the individual through the use of smart forms, cookies etc.

In parallel with technological developments, we have seen the evolution of the regulatory framework which governs how personal data is gathered and used. The General Data Protection Regulation (GDPR) was launched in Europe in May 2018 and we are seeing a rapid growth in the number of countries introducing similar laws. This regulation is regarded as a new stage in the evolution of Data Protection, demanding significantly more accountability and transparency around the processing of personal data. Controllers and processors of personal data must adhere to the new regulation in order to be compliant.

Ensuring businesses are meeting their GDPR obligations is not just an issue for the Data Protection Officer, it is one for Chief Data Officers, Chief Marketing Officers and other business leaders to engage with.

We asked 100 of our own people their views on sharing their personal data. Questions included:

  • “Why would you NOT want to share your data with a company?”
  • “What would encourage you to share your data with a company?”
  • “Do you think the introduction of the GDPR has increased your likelihood of sharing your data with a company?”

We then combined our internal survey response data with industry trends and identified three key elements that influence individual's propensity to share their data:

  • trust in the brand
  • the ‘value exchange’ and,
  • the customer experience


Let’s first look at the trust component and the impact it can have on a customer’s willingness to share data.

It’s perhaps stating the obvious that if a customer does not trust an organisation, it can make it very challenging to encourage them to share their data. But there are three elements of trust that are crucial for organisations to consider: expectation, transparency, and reputation.

  • Manage expectations: When sharing data with an organisation, customers trust that their data will not be used for another purpose. If customers believe an organisation will use their data beyond its initial purpose, they will be reluctant to share their personal data both now and in the future. If the organisation does use the data in ways not articulated then they will be in breach of the purpose limitation principle of the GDPR which stipulates that you can only use their personal data for a new purpose if this is compatible with your original purpose, you get consent, or you have a clear basis in law.

    89% of our respondents said that they expect organisations will send them too many emails, and as a result, they are hesitant to share their email address. Organisations should consider how they will address and manage this expectation perhaps by allowing customers to set a frequency for emails that will be sent to them.

  • Be transparent: A key objective of GDPR is transparency. If customers do not have visibility of what organisations plan to do with their data, how can they trust them? Over two thirds of respondents from our survey commented that they are put off sharing data when it is not clear what the organisation will do with it. And nearly 90% noted that if they believe that the organisation will share the data with third parties, they will not share data. Transparency is very much linked to the concept of value exchange, it is important that organisations are clear and explain how they will use the data in exchange for the benefit to the customer.

  • Build a good data reputation: A good reputation is a key building block of trust for customers. Whether it’s as a result of a data breach or a mismanaged marketing campaign, reputational damage has the potential to irrevocably damage customer trust and consequently reduce the likelihood that they will share their data. Whilst reputation is not easy to quantify, it is a key prerequisite for customers sharing their data. Once trust has been lost, it is nearly impossible to re-build.

Our research shows that there is some scepticism from consumers about how businesses are using their data. Through transparent reporting and communication, businesses can manage the expectations of their customers. Honesty and transparency on topics such as data breaches and how they are enforcing measures to protect customer data will go some way towards rebuilding trust.

There is no doubt that GDPR has hit marketing/sales efforts, but, by embracing GDPR and being more transparent, businesses may now have a new USP - Trust, which translate to a revenue uplift in other areas.

In the second installment of this series, we will be exploring the impact that value exchange and the customer experience can have on customer data sharing and understanding whether there is a win - win situation for both customers and businesses when it comes to sharing and harnessing the benefits of personal data.

by Lola Ladejobi Director - Data & Analytics, Governance

Email +44 (0)7711 562241

by Charlotte Rampton Senior Associate - Technology Risk

Email +44 (0)7841 073302