The second tenet of managing data relationships is the creation and promotion of a customer-facing data security center. This is not about changing or updating security protocols; it is about using transparent communication about existing data-protection measures to build trust and gain customer consent.
This security center should have the following three core elements:
These sorts of data security centers are currently associated with large tech platforms, but other types of companies are now working to catch up. A large customer bank, for example, recently built a robust data security center, complete with a fraud-prevention checklist, a robust library of content, and prominently featured CCPA-compliance guidelines.
A global beverage manufacturer realized that future-proofing its data strategy in the face of new privacy regulations and Apple’s IDFA opt-in approach would require it to collect data directly from customers. The company therefore wanted to boost its interaction with customers via online touchpoints. To manage consent and ensure regulatory compliance, it used a CDP that made it very easy for customers to opt out. Its data-strategy refresh also called for personalized campaigns and promotions—including email-marketing initiatives that would not have been possible without the company’s first-party data—to build one-to-one customer relationships.
In today’s data ecosystem, every company is fast becoming a tech company. Data centers are therefore vital to demonstrate a commitment to creating and maintaining comprehensive data-protection protocols.
Much like customer relationship management, data relationship management requires an ongoing dialogue. In addition to increasing transparency, continued engagement acts as a reminder that the company both constantly strives to improve best practices for data security and uses customers’ data to improve their overall experience of a product or service.
As continued headlines about data privacy appear in the most prominent newspapers and trade magazines, data privacy will likely remain a mainstream topic. While not all customers will be interested in actively engaging in an ongoing data dialogue, many may be comforted by transparency and reassured by a company’s stated commitment to the safety of their data. Regulations such as the GDPR give customers the “right to be forgotten”; preempting customer fears and providing full information on data usage may help to ensure that they do not exercise this right.
A large financial institution recently ran an email campaign that promoted its practices on data security. The email directed users to a robust data-security and preference center on the company’s website. This campaign enabled users to set their preferences, but it also built trust, which made the campaign an important brand-building exercise.
Customer value is at the core of the data relationship, and a data relationship with a clearly defined and articulated value proposition will help ensure that customers stay engaged. Our research indicates that around two-thirds of customers would be happy to share their data, or would consider sharing data, if they got something of value in return (Exhibit 4). It is likely that an even larger majority could be enticed to share data with a company that communicates a clear, compelling value proposition.
However, it is not always easy to demonstrate the value exchange that results from customer data collection. The creation of real value will likely require additional strategic thinking or the development of new benefits associated with data sharing. Companies should note that it is against CCPA regulations to directly exclude customers from discounts or services because they have opted out of data collection; therefore, customer value must be rooted in the benefits that a company can derive from data.
There are many different ways to share value with customers. Offers and discounts are one option that companies could consider; 57 percent of customers expressed excitement around receiving discounts or offers in exchange for the use of their data. 10 Gadi BenMark, Julien Boudet, and Phyllis Rothschild, “Why personalization matters for consumer privacy,” MIT Sloan Management Review, June 6, 2019, sloanreview.mit.edu.
Improving the customer experience can be another way to create a compelling value proposition. Data can be used to improve customer experience by helping customers find what they are looking for more quickly, and by directing them to the new products and services that are likely to be most relevant to them. While collaborative filters might work without personally identifiable information, advanced modeling that uses these data can help bring surprise and delight to an otherwise flat customer experience.
Information about customer preferences around call times and communication channels can also be used to ensure that customers receive communications at the time—and in the format—that they prefer. Shopping preferences can also be used to tailor suggested services; loyal online shoppers could be offered video-call access to a style consultant, for example.
There is evidence that customers prefer a personalized customer experience and may, therefore, be willing be provide data in return. Firms have seen a decrease of up to 60 percent in customer churn as a result of a data-driven approach to customer experience. To increase the potential likelihood of customers opting in, companies should consider regularly reinforcing the customer-experience value that customers are getting in exchange for their data. One approach is to not only offer explanations for why customers are seeing recommendations but also solicit advice on whether the recommendations are good ones and—if not—what could be improved.
Changes in policy and overall approach may not be enough to fully implement the new data relationship. Instead, companies may benefit from ensuring that they have the right people, processes, and technology to shift mindsets and embed these changes throughout their operations.
Incremental changes are unlikely to be enough. The DRM strategy and its implementation should be central to the company’s marketing function, which will require a fundamental shift in team structure and ways of working. The remainder of this article provides a few nonexhaustive examples of the types of changes needed.
The issue with many corporate data-privacy initiatives is that they are too technical or legalistic for the everyday customer. This complexity is often caused by the team that is overseeing data-privacy programs.
To create a successful data relationship, larger firms should consider investing in a full-time data relationship manager. While candidates for such a role would need to be technologically savvy, the ideal candidate would have a multidisciplinary background—someone capable of thinking about technology, business, and user experience. This data relationship manager needs to deliver messages in a way that is not only understandable but also valuable to the end user.
An agile approach to working gives data relationship managers the ability to test a variety of tactics across functional areas of an organization. For example, a small and agile pod could be formed to run a series of parallel experiments that aim to better understand what it would take for a customer to enter into a data relationship. A new brand narrative, and creative ideas to disseminate it, will need to be developed and executed. Innovative communication strategies can be tested nearly in real time with customers through a test-and-learn approach that is similar to the strategies currently used around performance marketing or personalization tests.
The right technologies are a key part of the delivery equation; secure infrastructure is required to deliver on the promise of the data relationship. A CDP, for example, can aggregate everything a company knows about its customers—including both customer data and channel data—in one place (Exhibit 5), thereby assisting in the management of first-party data assets. This platform also streamlines preference management and facilitates the process if customers want to invoke their CCPA or GDPR rights.
When consent has been given and the appropriate security protocols are in place, there are instances when companies may want to use customer data securely in external platforms such as advertising exchanges. In these cases, appropriate portions of the company’s total data lake should be transferred to a data clean room to ensure that no identifiable data are shared with partners. 11 A data clean room contains aggregated data rather than customer-level data. These aggregated data will never leave the clean room. Instead, advertising exchanges could import their own first-party data to compare with data within the clean room.
In addition, companies could consider a technology-enabled data map of all customer data points, along with information about how the data were collected and what consent was given when the data were collected. A consent management platform can help to ensure that the necessary permissions are captured, stored, and managed at each step of the customer journey. Without a platform of this sort, companies can be at risk of both losing (or misusing) data and being the subject of legal proceedings.
Our experience has shown that many companies are responding to the quickly evolving world of regulations around customer data by prioritizing the technical side of data management. This may be a mistake. While it is vital to find, and invest in, the right technical measures, a sustainable data strategy also needs to have a strong human focus. Companies can seek to generate trust by building a transparent, permission-based relationship with customers that has a strong value proposition. Companies that invest in these elements of data relationship management have an opportunity to take a leadership position around data protection that could pay dividends in the years to come.
Marc Brodherson is a senior partner in McKinsey’s New York office, where Adam Broitman is an associate partner; Jason Cherok is a partner in the Pittsburgh office; and Kelsey Robinson is a partner in the San Francisco office.
The authors wish to thank Amir Azer, Shital Chheda, Craig Macdonald, Simon Royaux, and Stephan Zimmermann for their contributions to this article.
