Data Privacy and Security
The Road to Privacy Compliance Is Steep
To help marketing, growth, and engagement teams see their work from a new perspective, Braze has partnered with Tom Fishburne, CEO and founder of Marketoonist, for a 10-part series of marketing-themed comics.
Each week, we’ll share a Marketoon exploring a different aspect of the customer engagement landscape—and hear a thoughtful response from a Braze employee based on their own experiences and insights.
This week, we hear from Braze General Counsel Susan Wiseman on responding to today’s privacy-focused marketing landscape.
Reading this comic, the first thing that jumped out at me was that the guru has only a single piece of paper. Given GDPR, California’s Consumer Privacy Act (CCPA) and the number of other privacy laws that U.S. states have passed—or are currently working to pass—I’d expect his mountain top to be covered in papers! As a lawyer committed to understanding the network of privacy laws that impact our company and our customers, that’s an image I could really relate to.
Even before GDPR enforcement began back in May 2018, there were a lot of times when the ambiguities of the legislation left me wondering how the heck we were supposed to comply with some of its seemingly impossible-to-address requirements. One example? The data subject’s right to be forgotten under GDPR.
The right to be forgotten was particularly mind-bending: If you delete all of the information you hold about a given data subject so that they are “forgotten”, then how can you know not to collect additional data about them without noting somewhere that this individual wants to be forgotten? But if you do that, then you’re remembering them so you can forget them. Yup, that’s my life now. Welcome to the life of a lawyer under GDPR.
The complexities don’t just affect your legal team, either. It’s a whole new world out there for brands when it comes to data privacy and security. That means that companies are faced with a choice: Either they embrace the concept that consumers have the right to control their own personal data, or they keep doing what they’ve been doing and risk their good name in their industry, as well as losing consumers’ trust and their business (and that’s without even considering the financial risks that come with noncompliance.)
As the provider of a robust and global customer engagement platform, Braze realized early on that the growth and success of our business would be tied to our ability, among other things, to understand the trends and requirements of the evolving privacy landscape and the resulting expectations of our customers and prospects. After GDPR was passed in May 2016, I sat down with Jon Hyman, our CTO, to figure out how we were going to re-architect our platform to ensure we would meet GDPR requirements and continue to be a trusted provider to our customers. Thankfully, Jon is a committed proponent of privacy by design and was as concerned as I was about ensuring compliance. It took a lot of work and a lot of collaboration across the entire company, but by GDPR Enforcement Day, we were ready and proud to announce that we had achieved our compliance goals, without losing our sanity.
I really believe that long-term business success is built on humanizing connections between brands and their customers, and one of the best ways to do that is by really listening to consumers’ wishes, respecting their preferences, and being transparent about how you are using their data. All of that ties in nicely with our company philosophy, which luckily aligns with the consumer-first philosophy that GDPR and other new privacy laws are built around.
As a company, Braze believes that today’s new privacy landscape plays a role in increasing the likelihood of engagement and fostering stronger customer/brand relationships by mandating that companies treat their customers with openness and respect. It isn’t always easy, but it’s the smart and necessary thing to do in today’s privacy-focused world.