By Vasudeva Rao Munnaluri, RVP India & SAARC, Zendesk
Trust is the cornerstone of a healthy relationship – and more so than ever, that’s true of the relationship between businesses and customers. As a Gartner study found, 81% of customers refuse to do business with a brand they don’t trust. The primary reason for customer distrust is concern about whether businesses are taking adequate measures to protect their data. In fact, 79% of customers say that data protection is key to earning their trust. Customers expect businesses to use their data responsibly, regardless of the threat of data breaches. Particularly, they want the assurance that sensitive, personal information is accessible only to relevant personnel within the company and for a limited duration or use.
Organisations that incorporate data protection practices not only build customer trust, but in doing so, can also stand out from competitors. On the flip side, lost trust translates directly to lost opportunities for customer acquisition, retention and revenue generation. Regulatory norms like the Digital Personal Data Protection Bill now mandate businesses to adopt data protection mechanisms or face punitive action of hefty fines. Beyond the regulatory requirements, there are benefits to be gained from prioritising and investing in data protection as a fundamental factor of delivering exceptional customer experience.
In order to build customer trust, businesses need to do three things: manage customer data throughout its lifecycle to ensure that it’s securely stored and transferred; implement security controls to make data only accessible and manageable by the appropriate people; and proactively continue to improve data protection strategies to deliver the most trusted customer experiences. With so many third-party apps in play, how can businesses go about it?
A shared responsibility model
Among the greater challenges in data protection is visibility into third-party data protection policies. A recent report by Zendesk revealed that 79% of businesses say that their current customer experience/service software could do more to address cybersecurity. Companies might struggle to achieve the level of security and privacy they need to deliver the necessary trusted experience. It’s not just enough for businesses themselves to adopt data protection measures but relevant third-parties within the business ecosystem like SaaS solution providers also bear a responsibility to protect sensitive customer data.
While protecting customer data relevant to the business is a company’s responsibility, software vendors carry certain responsibilities as well. These include maintaining policies and procedures for safely provisioning, modifying, and maintaining privilege accuracy for on-premise, remote, and third party workforce. It also involves enforcing the least privilege model in accessing sensitive customer data. Businesses are responsible for APIs and integrations into their tech stack. There are additional processes in vetting and exercising ongoing due diligence sub processors, integrating acquisitions into the solution in a safe manner and ensuring product partnerships have the proper security considerations.
In SaaS solutions involving customer experience that contain massive amounts of customer data, businesses have a responsibility to protect their customers’ information. In this environment CX solution providers have a responsibility to offer data protection capabilities too. These technologies must have the capability to protect all data at an infrastructure level, encrypt data at rest and data in transit between the tech stack and APIs. CX solution providers must also equip their customers with information on data collected by in-product cookies and provide the right tools and features that help them meet their own obligations for the proper treatment of personal or regulated data.
Building customer trust with the right technology investments
Given that privacy is still a nascent industry, most organisations have no dedicated privacy platform in place, with day-to-day operations like fulfilling data and deletion requests often falling to CX functions. However, without an automated platform, data request workflows are manual and time-consuming. Authenticating users, compiling relevant data, ensuring deletion or modification are challenging to say the least and CX teams end up relying on spreadsheets, manual data queries, and ad hoc communication.
While investing in CX technologies, businesses must also consider whether the solutions are in compliance with regulatory norms like the Digital Personal Data Protection Act, GDPR and more. Adopting CX solutions built in with data protection mechanisms, ensures that data access requests are processed quickly and efficiently, while adding a layer of security to customer data. It also ensures that data is retained or deleted based on regulatory norms automatically.
Such solutions enable the principle of zero trust where customer data is only seen and accessed by authorised parties. It ensures organisations gain insight and oversight of data with audit logs and see changes to accounts and data, helping them identify bad actors and risks to customer data. Encryption of data and multi-factor authentication add another layer of security. By continuously evaluating data privacy strategies in the long term, businesses can take appropriate measures to build trust among employees, customers and also the technologies in play. This is a major competitive advantage.
The importance of CX and data security to IT leaders cannot be overlooked. Staying ahead in a competitive, rapidly changing digital landscape, requires businesses to reassess their tech stack and priorities. Ensuring compliance, filling in knowledge gaps with automation, and working to provide both a trusted customer experience is challenging but extremely important to IT leaders.
Being strategic pays off. Building trusted experiences correlates to better business outcomes. Protecting sensitive data with advanced privacy and security builds trust, and saves businesses from having to deal with the fallout of data breaches in the long run.