7 min read
From Facebook scandals to the GDPR, online privacy practices are in the spotlight right now and they are just as relevant to your emerging small business as they are to massive corporations. As your business grows, so does the need for strategic privacy practices in your online business infrastructure that protect your customers’ data.
Currently, in the United States, companies are not legally bound to protect customer and user privacy. However, that may not be the case for long. The European Union implemented the GDPR in May 2018 and the ACLU has raised concerns about consumer online privacy.
This subject is complicated and controversial. But that doesn’t mean that your emerging online business should shy away from it. Today, we’re going to tackle how your business infrastructure can raise the bar for online privacy practices and policies.
Why Customer Privacy Matters
Every online business collects information about its customers.
On the one hand, businesses need a certain amount of customer information to actually do business and fulfill orders, including credit card numbers and passwords. At the same time, it has become increasingly common for websites to use “cookies” to track customer behavior. This practice is innocent enough, unless the website in question sells this information to third parties.
Truthfully, this data is part of what drives customer acquisition and growth for online businesses.
Between these two factors, a tremendous amount of data is collected by online businesses. In fact, depending on your business infrastructure, you may have much more detailed customer data than you realize.
The issue is that this data can be compromised. We’re all aware of the major online data breaches that have occurred over the past few years, with serious customer information exposed.
Large scale data breaches like these are typically the work of hackers, but it’s also important to think about the flow of information within your team.
Small Business HR and Privacy
As your business grows, so will your team. In the past, many ecommerce merchants have granted new hires, junior employees and independent contractors full access to their many toolsets and resources, which includes customer data.
Yet, if we really think about it, there is no reason that every member of an organization should have full access to the data of each and every customer. A graphic designer has no need to know a customer’s mailing address and whoever manages your payroll doesn’t need to know customer credit card information.
This is precisely what led the European Union to put the GDPR into effect last year, which we will discuss next.
What the GDPR Means For Your Business Infrastructure (Wherever Your Company is Based)
Even if your ecommerce business isn’t based in Europe, you’ll want to look into the European Union’s GDPR (General Data Protection Regulation). The GDPR is incredibly significant. It’s not just a formalized policy on European privacy rights, it extends well beyond the borders of the EU.
Even if your emerging small business is based in the Americas, Asia or Africa, when your customers are based in Europe, your company needs to be GDPR-compliant. Compliance includes certain actions that seem obvious (for example: notifying your customers within 72 hours if you learn of a data breach). There are other aspects that are more complex, like limiting access to customer data within your organization, which may require changes to your online business infrastructure.
Other governments are following suit, including this regulation passed by California last year.
Tools for Improved Privacy Practices Within Your Business Infrastructure
You may not want an intern to know how much quarterly revenue you’re bringing in, or for a contractor to be able to grab intellectual property in the form of code.
Historically, there wasn’t much to be done in these cases. There were a few options:
- To fully deny access
- To fully grant access
- To employ a slow, bureaucratic system
This final option meant that certain employees had to constantly request information from their colleagues because they didn’t have the access that they needed.
Staff Accounts have been a game changer over the past few years. This tool allows business owners to radically shift and organize their online business infrastructure into teams and tiers.
It allows for confidential information concerning the business’s holdings and long term plans to be more guarded within an organization. At the same time, it also protects customer data and customer privacy.
For example, instead of a marketing intern having access to all or no data, they have access to a predetermined limit. Likewise, an intern on the custom support team can be set up to have access to more data that is pertinent to assisting customers.
Get a Grasp on Your Data Collection
It’s not uncommon for key stakeholders to have very little insight into how data is collected and used. It’s true that the intricacies of this process don’t need to be understood by every member of your team.
However, it’s beneficial to ensure that leaders of the organization and your marketing team have a clear and deep understanding of your data collection practices.
This can take some time and analysis, but view it as an investment in your business infrastructure and your brand. Once the necessary stakeholders all comprehend how data is being collected and used, you can conduct an audit.
Perhaps your team will discover issues with third-party cookies, or even potential security weaknesses. These scenarios are infrequent, but you must be ready to act on them if necessary.
Another reason to get your team up to speed on data practices is to develop clear strategies for crisis intervention. In other words, what your emerging small business will do if there is a data breach.
There are advances in cybersecurity every day, but data breaches are still a major concern. In 2018, eleven major companies experienced a data breach. While hackers may be more likely to target a big business than an emerging small business, As your revenue and brand recognition grows, this threat deserves your attention and careful consideration.
Be Transparent With Your Customers
Many websites provide visitors with vague, uninformative privacy policies which are intended to assure users that their privacy is “valued.”
The problem with these statements is that they don’t say anything. They can scarcely be defined as policies, so much as a nice collection of words that provides website visitors absolutely no understanding of how a company is using their data.
This is a great opportunity for your emerging small business to step up to the plate. Be honest. Be transparent. Have your words mean something.
You may also want to consider giving site visitors and customers the chance to opt out of data collection. This can reduce your marketing capacity, but it will also establish serious brand credibility and customer trust. Of course, it all depends on where your emerging small business stands in its growth trajectory.
Protecting customer privacy with your online business infrastructure can be a powerful, forward-looking gesture. This undertaking can also take a lot of time and resources. Think of it as an investment. By prioritizing consumers’ online privacy and striving for transparency, you have the opportunity to develop authority and trust as your emerging small business grows.