Data Ethics: Our Point Of View

Your customer’s digital footprint enables one-to-one personalized engagement, but it is important to be very mindful of data privacy issues. Respect your customers’ privacy and preferences to avoid being intrusive or creepy.

Recent data breaches have heightened customers concerns and global firms must be aware of differing privacy regulations in different countries – including GDPR in Europe.



As digital platforms increasingly become ingrained in our lives, the amount of data that is collected is exploding.  Consumers are generally aware that their digital activities are being monitored. They not only expect that companies that they do business with understand their needs and preferences, but use this knowledge to serve them better.  They also expect that their data will be protected and not abused.



When you send personalized messages to your customers, they understand that they are being watched. You don’t want to be perceived as being ‘creepy.’ You must clearly understand what information customers are willing to share and what they expect in return. This will vary by brand and the industry. Customers love receiving special offers for things that they care about as well as being made aware of services that are tailored to their specific needs. They will be loyal to companies who consistently meet their unique needs in a timely fashion on the platform of their choice.



Just because you can collect data doesn’t mean that you should.  You should have a firm understanding of the kind of data that your customers are comfortable sharing and the service level that they expect.  Then you must deliver on the promise of better service or else they will opt-out.  Also you should think hard about collecting and storing sensitive data that you don’t need to provide great service.  Leaking this type of data can harm customer relationships and too much data may limit your agility.



The European Union’s General Data Protection Regulation (“GDPR”) is one of the most significant changes to data privacy law in recent years. GDPR consolidates data privacy regulations and gives consumers control over their data.

The GDPR will be the new primary law regulating how companies must treat and protect the personal data of EU residents. It grants consumers significantly more rights and affects all departments within an organization, including legal, compliance, information security, marketing, engineering, and HR.

Any company that offers products or services to EU residents, collects data of EU residents, or has employees based in the EU will have to prepare to be in compliance with the new law. Regardless of where the company itself is located or incorporated, if the company acts as a controller or only as a processor of data, it must comply with GDPR. Failure to comply can result in fines up to 20 million EUR or four percent of total worldwide annual revenue of the preceding year, whichever is higher.

Organizations that do business in Europe need to be aware of their obligations after GDPR goes into effect.  They should also have a plan to comply.  Refined Path can review how Customer Data Platforms can be used to assist in compliance.