The role of organisational culture in data privacy and transparency

In an era of mass personalisation and technological innovation, organisations increasingly need to make consideration of the way they use consumer data a part of their organisational culture.

Since the GDPR’s inception back in May 2018, there have been some encouraging findings (as I have discussed before) indicating that consumers are increasingly willing to share their data in exchange for personalised services and improved experiences. In addition, marketers are more confident about their reputation in the eyes of consumers.

However, there is still a long way to go to improve consumer trust in marketing and highlight how data can be used as a force for good. Recent Adobe research reveals that over 75 per cent of UK consumers are concerned about how companies use their data.

What’s more, an ICO report found that when consumers were asked if they trust brands with their data, little over a quarter (28 per cent) agreed. This proportion must be much larger if businesses are to truly thrive in the digital age.

With technologies such as machine learning having a transformative impact on business, there is little doubt that, as they continue to evolve, the data sets they rely on will be key to a competitive advantage.

What does data utopia look like?

Now, more than ever, the issue of data and how it’s controlled is at the forefront of the national agenda, as large-scale data breaches hit the headlines on a near weekly basis – the likes of Marriott, BA and Equifax to name a few. Read here

As we navigate through the data revolution, there is a growing requirement for businesses to not only reassure consumers that they have the infrastructure in place to protect their data, but also consider the ethical implications of the decisions they make with people’s data.

We must stop playing ‘catch up’ with technology

The Data & Marketing Association (DMA), as well as many other organisations, have found that responsible and innovative data use can build consumer trust, promote sustainable relationships and a willingness to share insights – creating better opportunities for both the business and the customer.

Transparency and governance over customer data use have become business-critical issues and if organisations are to increase digital users’ engagement and support, in order to continue benefiting from free-flowing access to customer data, regulation must stop being treated as a last resort measure.

Data hoarding’, substandard data protection protocols and overly complex data privacy and cookie notices could start to alienate consumers if we don’t get to the root of the problem and change organisational culture.

Issues around the value of data and ownership continue to come under immense scrutiny, and so transparency over how data is handled and safeguards protecting privacy are integral factors in ensuring ‘data-savvy’ consumers agree to share this data with organisations.

SMBs are not fully aware of their GDPR obligations – but many consumers are

Something that has come to light, is that transparency does not necessarily mean clarity.

The GDPR has led to increased scrutiny surrounding data privacy statements and cookies. Although it is clear that many businesses and users do not understand what this means to them.

How have companies adapted to the GDPR?

Mark Thompson, global privacy lead at KPMG, discusses how companies of various sizes have adapted to the GDPR. Read here

According to a consumer privacy survey conducted by Cisco, 83 per cent of ‘privacy actives’ read privacy policies (‘privacy actives’ comprise 32 per cent of the total respondents). These are defined as users who care about their personal data, they care about the data of other members of society, and they want more control over how their data is being used. Of this group, 80 per cent also said they are willing to act to protect it.

Based on the survey, privacy actives tend to be younger, more affluent, and shop more online — a segment of the population that is especially attractive to most companies.

Among these respondents, nearly half (48 per cent) indicated they had already switched companies or providers because of their data policies or data sharing practices.

The survey also found that the average UK consumer also demonstrates the highest awareness of the GDPR out of all the countries surveyed.

The notion of consent isn’t without its complications. Typical privacy policies stating, “By using this site, you agree to our updated Privacy Policy and Terms of Use,” can be unclear to the average reader. A detailed privacy policy or terms of use page may be well-intentioned but deciphering through it all is extremely time-consuming and often confusing.

Rather alarmingly, 38 per cent of small to medium-sized businesses (SMBs) believe that the GDPR does not apply to customer data they may come into contact with, according to DMA’s ‘SMBs and GDPR’ data.

In addition, a near-fifth of SMBs (18 per cent) feel the impact of the GDPR has been negative, which is around four times the number seen in previous research of the entire data and marketing industry, including large organisations and multinationals.

The issue that many businesses and governments are having is that technology moves at a much more unpredictable and rapid rate than any legislature can. This is having a significant impact on many businesses, especially those who do not have the time, finance and resources to become experts in this field.

There are also ongoing questions surrounding the level of transparency organisations must display to consumers – without overburdening them with information, that still needs to be addressed.

We also must ensure a balance is struck for information sharing to make it effective and productive for consumers and businesses.

Consumers must have clarity when it comes to organisations communicating why data is needed, where it is being used and what this is telling the business about their personal preferences.

Building a responsible, innovative and effective data culture

Create a new belief system within your organisation and sustainable future for your business by promoting responsible, innovative marketing as a driver for growth.

Place value on the individual, whether that be a customer or an employee. We can go some way to achieving this by humanising the way we process and manage data.

Machine learning, artificial intelligence (AI) and algorithms are not perfect. To this end, it is essential that humans and machines work together, utilising our respective strengths.

Fighting AI bias and where it comes from

Cognizant’s Poornima Ramaswamy considers fighting AI bias. “We must teach AI to reject bias,” she says. Read here

For example, modern diagnostic processes for breast cancer incorporate a hybrid concept. Diagnostic systems will help narrow down ‘at risk’ tissue for human consultants to then focus their attention.

In addition, when these new technologies are driven by inaccurate data insights and incorrect user profiling techniques, it could lead to the customer losing out on opportunities or even infringing on their consumer rights.

If we elevate the human component of information sharing, we can help change peoples’ perceptions of data. Data managed by humans for humans, aided by machine intelligence.

Taking this one step further, we should start promoting data as a force for good. Governed by principals, ethics and a framework that places the customer at its core.

What can we do to achieve this?

To keep pace with technology and the proliferation of data, organisations can use an ethical framework as guidance of how they should interact with their customers, going above and beyond the demands of the GDPR and any future legislation.

There are multiple codes of conduct already available, including the DMA Code, the Advertising Association‘s Supplier Code of Conduct, and the ICO’s upcoming Direct Marketing code of practice.

Privacy by design advocates call for privacy to be considered across all business practices. This concept is an example of embedding data values into organisational culture – for example, by taking human values into account from a strategy’s inception, all the way through to implementation.

Successful human-machine collaboration needs a collaborative culture

Stuart Templeton, head of UK at Slack, advocates a collaborative culture in the workplace when it comes to human-machine collaboration. Read here

A great number of organisations, think tanks and policy forums are joining the DMA in shaping the legislative conversation, too. Also, in parliament itself, all-party parliamentary groups (APPGs) and parliamentary committees will play a crucial help to get the right stakeholders into a room to work towards this end.

The APPG on Data Analytics, chaired by Daniel Zeichner MP, discusses, among other things, what data and tech means to the data and marketing industry, and wider society. Similarly, the DCMS Committee looks to take on one of the largest tasks in the digital age – defining what is and isn’t a ‘harm’ in the online space.

Government must work alongside the data and marketing industry – as well the leading tech organisations like Google, Amazon, Facebook and Apple – to ensure the value of data is universal, not subjective to an individual company’s policies.

This will help build on the principles of the GDPR and ensure that transparency doesn’t become a burden – we need to give clarity to consumers when we communicate with them.

We must become more people-centric and change organisational culture, as an industry, to build consumer trust and strive for better business outcomes.

Organisations that rely on technology to innovate or wait for legislation to dictate their business practices, could lose that competitive edge that comes with a proactive, customer-driven approach: privacy by design – building better outcomes for your business, and most importantly, your customers.

Written by Rachel Aldighieri, managing director of the Data & Marketing Association (DMA)


A guide to IT governance, risk and compliance — Information Age presents your complete business guide to IT governance, risk and compliance.

Tech leader profile: how the CMA uses data to protect us — The CMA is the consumer champion when it comes to digital. Yet its work also extends to tech business mergers, investigating algorithms and, increasingly, how Web 3.0 will affect all of us.

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at