The General Data Protection Regulation (GDPR) may be up and running for over a month now, but businesses in Asia-Pacific will need to reassess their data strategy and ensure they can earn the trust of consumers who are increasingly wary of how their data is being used.
Rajnesh Singh, Internet Society's (ISOC) Asia-Pacific regional bureau director, noted that while many likely received requests to provide consent or update their notification and profile settings, it remains to be seen whether these or updated polices, in fact, comply with GDPR requirements.
In some cases, he noted, it might well be that the service provider has taken the basic step to confirm consent by sending out a message to its users, or simply advising them on its current policies and assume consent if no action was taken.
Singh told ExchangeWire: "Suffice to say, many organisations have historically had a fairly wide approach to data collection. Bits of data, sometimes even obscure titbits and with little to do with the actual need, have been collected, dissected, and cross-referenced to build fairly extensive profiles of users and their online or transactional behaviour."
The introduction of GDPR had changed this, mandating that data collected should be the minimum required to support a specific purpose and must be deleted when that purpose was fulfilled, he said.
Businesses would need to rethink their data-driven marketing strategies, as well as investment in how they stored, used, removed, and provided access to customer data within their organisation, he noted. Asia-Pacific retail players also would need to review their business processes, specifically, when these contained customer data.
This would be necessary for businesses to continue to have the customer's trust and loyalty, he said.
Indeed, with the GDPR now in force, Steve Millward, chief analytics officer at Data Republic, said the next challenge businesses faced was to build trust and encourage consumers to provide informed consent to share their data.
Millward pointed to the need for "simpler, more human" privacy statements and greater incentives for customers to do so.
He added that retailers would have to evolve their approach to customer consent to ensure informed consent had been given for data collection and activation, both in-store and online. Consumers should have a clear understanding of where and how data was collected and applied to improve their experience, he said.
Trust critical as customer concerns and awareness grow
This is especially necessary as customers, increasingly, are anxious about how their data is used.
Citing a survey ISOC conducted in the region last year, Singh said 70% of consumers believed their personal data was not sufficiently protected online, while 60% said they did not have the right tools and information to protect their online privacy.
He said people often would trade their privacy, as well as security, for access to the latest product or service. Few would take the time to read the terms and conditions, typically checking the box to "agree" so they could proceed to use the product, he added, noting that this issue would grow exponentially with the increasing use of Internet of Things (IoT) devices.
Sheena Chin, Singapore country director for data management vendor Veritas, concurred: "More data is being created by more people, more devices, and in more locations, under more stringent regulatory requirements than ever before. This means companies should not run the risk of blatantly harvesting data for their own gains."
Millward also stressed the need for businesses to recognise growing user concerns around data security and privacy, noting that research from the Association for Data-driven Marketing and Advertising indicated 61% of consumers now were more aware about how their data was being used than previously.
Only 34% said they received better service in exchange for personal data they had given to companies, while 73% believed businesses benefitted the most from data sharing.
According to Chin, consumers in the region also were concerned about the lack of information about how their data was being used.
Pointing to Veritas' global data privacy study, she noted that 53% of respondents in South Korea said they had no visibility into how businesses were using or sharing their data. Some 48% said likewise in Singapore, where 25% also expressed little trust in organisations with regards to protecting their personal data.
Another 27% of Japanese respondents said they were highly concerned their personal data would be stolen.
Chin said: "These growing concerns around the collection and use of personal data have led to consumers demanding more transparency and accountability from businesses. This comes as no surprise, as trust in businesses has been diminished by recent data breaches where companies have shown a lack of understanding of how personal data collected has been used or shared."
And businesses that were able to establish trust amongst customers would reap higher rewards, she said. Veritas' survey revealed that 91% of consumers in China would spend more money with brands they trusted to take care of their data. Some 38% of South Koreans also were willing to spend 25% more with brands that took data protection seriously.
In Singapore, 68% would spend more money with organisations they trusted to safeguard their data, while 33% would spend 25% more with companies that managed their data with high regard.
Millward said: "[A] key concern for consumers is around trust, [which] is essential when they are deciding whether or not to share or make their data available to a particular business. The key to building trust is being transparent about where and how data will be used and ensuring systems and technologies are utilised to protect data at all times.
"We are seeing that data governance is becoming a greater focus for businesses in a time when customer concerns around data use are high and more stringent regulation is being introduced", he said. "There's additional security and governance measures to consider; but these challenges can be solved through investment in smart governance frameworks and technologies to ensure data flows are controlled."
Singh also recommended Asia-Pacific businesses establish a policy framework that has cross-border compatibility and interoperability at its core. This is particularly critical in a region with varied data regimes. China, for instance, appears to have few restrictions on data collection amidst a highly cashless society, while countries such as Singapore and Australia have personal data protection laws.
"Harmonising" laws across the different Asian countries will be essential so that businesses will be able to expand their regional and global footprint uninhibited, he said.
Chin added that improving their data hygiene will help companies drive trust and boost their brand reputation and relationships with consumers.