The EU-U.S Privacy Shield data transfer pact is now in effect, and U.S. cloud providers, e-commerce retailers and other companies that want to collect customer data from their European Union counterparts can start signing up to use the laws Aug. 1.
The framework, which replaces the safe harbor agreement dissolved in October 2015, has stronger security protections for EU citizens whose personal information will be shipped across the Atlantic. U.S. companies on the receiving end have to self-certify, promising to uphold data privacy principles such as “notice” — which requires companies to let customers know what will happen to their data. But in complying with Privacy Shield principles, companies can also use the new pact to improve their reputations as customer-centric organizations, said Enza Iannopollo, an analyst for Forrester Research.
“If I am required by the regulation to put in place a process to address access requests for the data of my customers, how do we do that?” Iannopollo said. “Am I giving them the right explanation, and when I do that, when I communicate with them, am I showing the right level of sensitivity and the right level of understanding?”
If the answer to those questions is yes, that’s good news, Iannopollo said. Customers will give high marks to companies that explain their privacy policies on their websites in ways they can easily understand. If companies give the job to their legal teams, and those teams churn out dense legalese, customers may feel discouraged and underappreciated.
“You’re losing a big opportunity, which is using that content to show once more to your customer, ‘I care about you,'” Iannopollo said. “‘I’m easy to do business with, and I’m putting you charge and this is the control that you have over your data.'”
Ensuring customers’ security and privacy, she said, can be a “differentiating factor.” Consumers will happily continue to give their business to customer-centric organizations they feel respect them and their privacy — and even pay more for their products and services.
“Compliance is where you start, but then you can push privacy really all the way to a business growth strategy,” Iannopollo said.