a purple and orange block with items such as a user icon, key, and lock

Data Privacy and Security

Data Protection and Privacy for Customer Engagement

Team Braze By Team Braze Jun 24, 2024

Marketers today are inundated with data—and that data can feel like a double-edged sword, offering opportunities but also requiring care to safeguard it effectively. After all, customer data can fuel engagement and growth, but it brings with it significant risks if you fail to manage it carefully and ethically.

In this guide to data protection and privacy, we’ll go over essential strategies for respecting privacy and protecting data, while also delivering an impactful, compliant, data-based marketing strategy.

What is data protection and privacy?

While privacy is the term generally used to describe a person’s right to control their private information, data protection is often used to describe the set of measures and legal requirements that need to be implemented by companies to protect individuals' personal data.

In practice, data protection and privacy principles require companies to focus on respecting consumer choices regarding the collection, use, and sharing of their personal data and implementing safeguards to protect this information from unauthorized access, breaches, or misuse. When you put data protection and privacy at the core of your engagement strategy, it can build consumer confidence, bolster your brand reputation, and make it easier for your organization to comply effectively with potential new rules and regulations.

Why are data protection and privacy important?

Marketers and brands need to understand and comply with relevant data regulations. And not just to avoid substantial fines for non-compliance.

Rigorous data privacy and protection practices help you stay on the right side of both customer sentiment and legal requirements. Plus, by building a thoughtful strategy for data usage, you can more effectively collect and leverage customer data to deliver value and unlock higher engagement. Here’s what you need to know.

Legal compliance and risk reduction

As consumers have grown more protective of their privacy, a host of laws and regulations aimed at supporting data privacy have been introduced, from the General Data Protection Regulation (GDPR) in the European Union to the Virginia Consumer Data Protection Act (VCDPA) and California Consumer Privacy Act (CCPA) in the United States.

These laws require businesses to adhere to specific guidelines for collecting, processing, and storing personal data. Non-compliance can result in significant financial penalties as well as reputational damage.

And, of course, implementing robust data protection procedures protects brands and consumers alike against the risk of data breaches, which can have dire consequences. Safeguarding personal data against cyber criminals and malicious access mitigates this risk.

Building trust with customers

Customers are increasingly cautious about sharing their data, and it’s easy to see why. From the minor irritation of being added to mailing lists involuntarily to major concerns over data breaches and identity theft, consumers rightly want to protect their details.

McKinsey research shows 87% of consumers won’t do business with a company if they’re concerned about its security practices. And 71% said they’d stop doing business with a company that gave away their data without permission. The same research found consumers are more likely to trust companies that don’t ask for information that isn’t relevant to the product and that don’t ask for too much personal information.

Enforcing your robust privacy and data protection measures is essential if you want to build trust with customers and encourage them to volunteer pertinent data.

an image explaining what is first-party vs. zero-party data

Delivering value and personalization

Personalization and privacy can seem like a chicken-and-egg scenario—which comes first? Customers want value in exchange for their data, but marketers need data to deliver that value.

In 2023, Deloitte research found only half of consumers believe the value they get from online services outweighs their privacy concerns. That’s a nine percentage point drop from 2021.

Responsible data privacy practices help businesses gain trust and collect the data they need to deliver the personalized customer engagement that customers crave.

First-party data collection helps you build a more comprehensive picture of each customer, allowing you to deliver more relevant, personalized messaging. And it’s not just about collecting contact details to arrange delivery.

  • Preference centers let users select their preferred communication channels and opt in

  • Newsletter sign-up forms can capture information about customer interests

  • Pop-up surveys can uncover customer pain points or preferences

Combined with transactional and behavioral data, you can send relevant, contextualized messages that you know your customers actually want (because they told you so).

Learn how to build a best-in-class data collection strategy.

8 ways to embrace data protection and privacy in your customer engagement strategy

Trust takes years to build but only seconds to lose. Why risk it?

The core ideas are simple. Don’t collect data that doesn’t support your business goals—and stop retaining it when it no longer serves a legitimate purpose. Protect the data well by anonymizing and encrypting it. And restrict access to approved personnel only.

Here are eight ways to make ethical data practice your marketing North Star.

1. Embed privacy into every process

Embrace privacy consciousness during the full marketing lifecycle, from initial campaign concepts to the implementation of data processes. For example, consider whether a campaign idea would involve collecting especially sensitive data, whether that is justified, and what additional privacy measures need to be put in place to protect it.

2. Collect minimum viable data

Make it your policy that you only collect data that is relevant and necessary for your specific marketing purposes; this is known as minimum viable data. Avoid collecting excess or irrelevant data and dispose of any data when it is no longer needed. Ask questions like:

  • What type of data do we need to collect and why?

  • How will we collect, maintain, secure, and dispose of that data?

  • What systems will it be held in and how are they secured?

  • Who will have access to the data and how can it be used?

  • Do we have legitimate grounds to collect and retain that data?

3. Be crystal clear and obtain consent

There’s nothing worse than underhanded tricks for gaining consent to gather user data—like baffling opt-in small print or pre-filled opt-in options. Be transparent about the type of data you collect and why. Give people the option to explicitly opt-in or opt-out of data processing activities. And make it easy for people to update their preferences if they change their minds.

4. Highlight credentials and benefits

88% of people say their willingness to share personal data depends on the trust they have in the company in question. To encourage people to trust you with their data, highlight both your security credentials and the benefits they’ll get. Showcase trust and security certificates on your website and app, especially at the point of data collection, such as checkout or newsletter sign-up. And explain what they’ll get in exchange, such as discounts or curated recommendations.

5. Make data processes compliant

Ensure your data collection, storage, access, and disposal processes are compliant with the regulations in your jurisdiction. Remember, if you’re processing customer data from other countries, their home country’s regulations apply. For example, if you are a US company processing French customer data, you still must comply with the EU’s GDPR.

6. Secure data appropriately

Use appropriate tools and technology to secure and protect the data you collect. Ensure that sensitive information is encrypted at rest and in transit, implement anonymization techniques to protect individual identities, and enforce strict access controls. Read more about making security a mindset.

7. Pick your partners wisely

The technologies you use in your customer engagement efforts can have a significant positive (or negative) impact on the privacy and security of the customer data you hold. Thankfully, Braze blends advanced security and workflow capabilities with practical, user-friendly tools. This empowers marketers at every level to confidently craft campaigns that meet security, privacy, and compliance needs, ensuring the integrity of their work and fostering trust with every message on any channel. We achieve this through:

  • SOC II and ISO 27001 compliance

  • Penetration tests, bug bounty program, privacy legal team

Your team has to rise to the challenge of meeting the growing expectations of today’s consumers, and your tools should help you do this easily and quickly. As you grow, your partner should help you move faster and eliminate rework, make it simpler to connect with new communities, and proactively resolve potential issues before you go live.

8. Dispose of data when you’re done with it

People’s preferences may change and data loses its currency over time, so it’s important to dispose of data responsibly and within a reasonable timeframe.

  • Establish data retention policies to determine how long you’ll retain personal data

  • Contact users before deleting their data to ask if they’d like to update it or have it retained

  • Dispose of data securely when it is no longer needed for its stated, legitimate purpose

These eight tips can help you build a more trusting relationship with customers, secure their data, and use it to deliver a better experience—which in turn builds engagement, loyalty, and value.

4 case studies of data protection and privacy-driven customer engagement

Data protection and privacy compliance are important in any business. But health and financial service providers face more regulation than most. Here’s inspiration from four businesses successfully collecting, protecting, and leveraging user data.

Babylon Health

  • The company: Telehealth consultation and health services, serving government and insurers, as well as individuals.

  • The challenge: Babylon Health needed to reach out to customers at scale but their existing CRM didn’t provide a simple way to produce personalized emails with multiple variants, requiring CRM team members to directly edit HTML—an inefficient method with potential for error.

  • The strategy: Implement Braze to easily create and personalize compliant messaging to app users, saving creation time and improving customer engagement.

  • The results: 90% lower email creation times thanks to Braze, from hours to minutes.

  • Read the full Babylon Health success story.

two phones showing emails from Babylon health about World Health Day 2021

Sesame Care

  • The company: An online marketplace matching patients with healthcare providers and low-cost medications.

  • The challenge: Sesame Care was relying on expensive search engine marketing (SEM) to acquire customers. Many app users didn’t convert, but the brand only communicated with those that did. They wanted to introduce a cross-channel messaging strategy to engage and activate users, while protecting user privacy by using a HIPAA-compliant platform.

  • The strategy: Implement Braze to improve compliant first-party data collection, and to test and optimize a cross-channel customer journey for the first time.

  • The results: A 15X rise in last-click conversions, and email rising from the 10th to the third-largest contributor to the growth of their business.

  • Read the full Sesame Care success story.

Two phones screens showing emails from Sesame Care about what they do

Virgin Red

  • The company: The loyalty reward program from the Virgin family of businesses.

  • The challenge: To simplify their tech stack and ensure their customer engagement platform is an efficient, data-driven engine for cross-channel personalization.

  • The strategy: Deploy an all-in-one marketer-friendly data-driven platform that could trigger and send messages across all relevant channels, while protecting and respecting user privacy.

  • The results: Streamlining from three tech tools to one and achieving 45% email open rate.

  • Read the full Virgin Red success story.

A tablet screen showing a message from Virgin Red about how to earn points to get free coffee


  • The company: Comparison site helping users save on insurance, loans, energy bills, and more.

  • The challenge: Improving secure data flow between teams and platforms to power hyper-relevant, cross-channel experiences to every customer.

  • The strategy: Connect their content recommendation engine and data warehousing systems to Braze to increase operational efficiency and power personalized communication at scale.

  • The results: A 25% conversion rate and an increased send rate from 500 to 25,000 messages a minute.

  • Read the full MoneySuperMarket success story.

Two phones showing emails and a push notification from MoneySuperMarket about car insurance

5 tips for implementing Braze with data protection and privacy front of mind

Thinking of implementing Braze to create privacy-respecting, engagement-rocketing cross-channel campaigns? Here are five ways to make sure you embed privacy-by-design into your Braze implementation. You can read more in 5 Tips for a Secure, Effective Braze Implementation.

1. Control privacy in-team

Simply choosing to use Braze is a great first step to data privacy and protection. Braze makes it easier to protect privacy and personal data as a matter of course, while benefiting from advanced segmentation and analysis tools.

Compared to legacy competitors that offer complex privacy features that require IT involvement, Braze empowers marketers with intuitive tools so you can manage data security and privacy in-team.

This means you can easily create targeted, compliant, cross-channel journeys while keeping tight control of privacy practices.

2. Create unique IDs

Braze amalgamates customer data from all of their disparate sources and devices—like your website and app, their laptop and mobile—so you get a single, holistic view of each customer, wherever they engage with your brand.

Each profile has a unique ID based on your chosen format. To make sure your chosen ID format protects privacy and is less vulnerable to malicious actors:

  • Don’t use an easily guessable identifier

  • Don’t use email addresses or public user names

3. Secure your SDK

SDKs are the behind-the-scenes kit that makes data amalgamation and segmentation possible. With SDKs playing such a key role in customer engagement efforts, it’s essential they’re secure.

The Braze platform’s SDK authentication feature is like multi-factor authentication for your SDK, requiring proof that users are who they say they are. This stops malicious access using a stolen or hacked ID.

Stay up to date with the latest SDK versions too. These will include the latest security features in response to emerging risks, plus bug fixes and performance improvements.

4. Implement roles for access control

Braze features like Roles and Just-in-time Provisioning—which help streamline team access controls and permissions—can enhance marketers’ security while using improved security features to proactively manage and communicate potential issues. An example of this would be using structured user access controls to reduce unauthorized data access incidents. Such proactive measures not only ensure compliance but also fortify customer trust in your brand’s commitment to security.

5. Use a tag manager

Braze integrates with all the top tag managers including Google Tag Manager, Segment, mParticle, and more. One of the many benefits is that these integrate with the privacy and consent management tools mentioned above.

That makes it easy to deploy certain types of data collection only when a user consents, proving to customers that you recognize and respect their privacy preferences.

Braze is built for scalable, reliable, secure, and confident engagement—empowering you to build brand equity with every interaction. Braze empowers marketers to navigate the engagement landscape with confidence, ensuring that their efforts to engage customers are supported by a platform that's robust not just at peak times but any day of the week.

1. Scale that doesn’t fail

Unlock the full potential of your global marketing efforts with a suite of tools designed to tailor content across languages and segments while providing deep insights into audience engagement.

With Braze, you can employ Multi-Language Composition to adapt a campaign for multiple regions, using Braze Cloud Data Ingestion (CDI) to leverage highly nuanced segments created in your data warehouse to target specific demographics and optimize for the most engaged audience members.

2. Rely on Braze with every interaction

Across all of our products and customers, the Braze platform supports steady engagement with 99.99% (CY23) average system-wide uptime.

3. Built for security

Safeguard your customer data and engagements with advanced security measures and refined user management capabilities. With industry-leading user access controls, brands can maintain a secure, trustworthy environment for distributed teams or Centers of Excellence, decentralized models, and their customers—all at the same time.

This can look like implementing Roles to streamline team access controls and permissions, while using improved security features to proactively manage and communicate potential issues, reinforcing the trust your audience has in your brand. Or you can set up CDI connectivity and CDI segments to securely use “zero-copy data.”.

4.The right message, every time

Feel confident in your marketing team’s experience with features designed to ensure every campaign is crafted with precision. Braze invests into features that define the forefront of reliable user exp it experiences, underscoring our commitment to being the right customer engagement platform for your needs.

With new tools like Preview User Paths and Campaign Save as Draft, you can meticulously plan and test a multi-stage campaign, allowing for adjustments and team input at every step. We’ve also launched Canvas Zoom and Canvas Comments to further aid in overseeing the campaign's broad strategy and details, ensuring alignment and cohesion.

Final thoughts

Customer data collection and management is an important responsibility for marketers. However, when done correctly and compliantly, it can power impactful, personalized customer engagement.

With the imminent withdrawal of third-party cookies and tightening data protection regulations emerging worldwide, marketers need to know how to collect, protect, and leverage customer data effectively.

Transparency, integrity, and security are the watchwords for a successful data-based marketing strategy—combining minimum data collection with respect for customers’ privacy preferences.

Building trust with customers through clear data practices and by offering value in return for their personal information is also essential.

Data protection and privacy FAQs

How does data privacy compliance impact marketing strategies and campaigns?

Regulations like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States require businesses to, among other obligations:

  • Obtain explicit consent from individuals before collecting their data

  • Provide clear information about data usage

  • Ensure the security of stored data

This impacts marketing efforts as it limits how businesses gather and use customer information —and can impact campaign design, data collected, ability to target and personalize communication, and more. Plus, data privacy concerns can affect consumer behavior and trust in a brand.

What measures should marketers take to reduce data privacy risks?

  • Obtaining explicit consent from individuals before collecting their data is crucial, as well as providing clear consent mechanisms that explain how the data will be used

  • Making the benefits of data consent clear to customers to encourage them to provide personal information, like receiving curated content and offers

  • Implementing a minimum viable data policy, meaning only collecting necessary and relevant personal information

  • Anonymizing personal information whenever possible to reduce the risk in the event of data breaches and unauthorized access

  • Implementing robust data security measures, such as encryption and access controls, to safeguard sensitive information

How can brands maintain customer trust amidst growing concerns about data privacy?

Transparency and trust go hand in hand. Companies need to:

  • Be clear and honest about their data practices

  • Provide transparent opt-in/opt-out options that show respect for customers’ privacy preferences

  • Demonstrate their security credentials through external accreditation and certification

  • Engage with customers to address any data concerns

What are the risks of non-compliance with data protection regulations for our marketing campaigns?

Non-compliance with data protection regulations can result in:

  • Significant fines

  • Damage to brand reputation

  • Loss of public trust and customers

  • Lawsuits from individuals or regulators

How can brands leverage data protection as a competitive advantage in marketing?

Brands can use data protection to differentiate themselves from competitors by:

  • Highlighting their strong commitment to data privacy and security

  • Genuinely respecting customer data privacy preferences

  • Offering true value in exchange for customers’ data

By building trust and rewarding customers for volunteering data, businesses can attract and retain customers who prioritize privacy and security.

Team Braze

Team Braze

Related Content

Data Privacy and Security

Apple's Privacy Manifests: What They Mean for User Privacy and Customer Engagement

Read More

Navigating Quebec’s New Privacy Law

Read More

Embracing Privacy-Conscious Customer Engagement in a Fast-Moving World

Read More

How Transparency Can Help Consumers Understand the Balance Between Privacy and Personalization

Read More