Menu

We provide services for Enterprise, SME, schools and Charity organisations. Whether you need a global data audit or targeted help in a specific geography or function, Securys will work with you to embed data privacy across your organisation.

Article

Fundamentals of trust: transparency

Linus Moses
January 2025
iStock-1138806825(1)-1

And now, folks, it's time for "Who do you trust?" Hubba, hubba, hubba! The Joker Batman 89 

Trust is important. Every business wants its customers to trust its products and services (even the Joker for those of you who remember the film). When Jasmin Public thinks about a particular brand, they (said business) want her to picture the brand as something that is reliable and trustworthy. But how do businesses achieve this?

In this article, I want to consider this business challenge from a data privacy perspective and share my thoughts on how companies which handle personal data can build trust with their customers by evaluating their approach towards transparency – a key principle of data privacy.

But first, a question for the data controllers and processors amongst you. When you think about your processing activities have you asked yourself the following?

"Do I feel comfortable telling them i.e. the customer/consumer/employee what I am doing with their personal information and why I am doing it?" 

If the answer to these simple questions is NO, then you may want to reconsider the processing. 

When it comes to transparency, there are some fundamentals that, to my mind, transcend regulation and are simply good practice. 

  1. Tell them i.e. your customers/ employees what information you are collecting. There is the obvious personal data that you ask for directly such as name, contact details and age but what about the unseen information such as online tracking data (IP address, information gathered from cookies etc.). If you run background checks, have you disclosed this? 

  2. Tell them why you need the information you are requesting. An obvious example where the type and amount of personal data requested may seem excessive to the individual, but is actually a legal requirement, is under Know Your Customer (KYC) and Anti-Money Laundering (AML) processing.

  3. Tell them how you are processing their data. This does not mean you provide a full technical design document for the systems you use, but let them know, for example, if a third party is involved, if there is automated decision making or if AI is involved. 

  4. Tell them how long you keep the data and give a justification for this. In many cases, there is a regulatory or legal obligation attached to your retention. In other instances, retention might be based on the type  of after sales services you provide (e.g. warranty) and the impact on the customer. Above all, remember folks that keeping records indefinitely ‘just because’ is never the right reason!  

  5. Tell them where their data is going. Is it leaving the country, and if so, what you are doing to safeguard it?

The points above are the basics, the obvious considerations, the fundamentals. But there is one other key aspect of transparency that will take different forms depending on the country or region in which you operate.

  • What is your lawful basis for the processing of the personal data? Keep in mind that not all countries or regions have the same set of lawful bases and there are variations in how these are applied. For example, in the EU and the UK, you need a condition for processing special category (sensitive) data. Another example is in China where legitimate interest is not a valid lawful basis. 

Why is it important to consider these factors? Well, rather than taking the view that they are regulatory requirements, consider instead how transparency can help your business. Could that openness set you apart and give you a competitive edge over market rivals not just with regard to new customers and customer retention, but also regarding your ability to attract and retain the best employees? Delivering greater transparency will provide a better understanding of what data you have and why. In turn, this should allow your organisation to make better decisions about what personal data it keeps and how it benefits from that data.  

Oh, and hey, how about this as a concept? Being transparent with the people whose data you process is frankly the right thing to do. If nothing else, it demonstrates that you have taken a deliberate and considered approach to personal data collection and processing.  

But whilst easy in theory, implementing best practice can be more challenging. Taking a step back and assuming a more objective perspective can help. This is typically where Securys can assist. We can help your organisation identify what data you have and where it is stored, make sure relevant documentation is produced and provide up-to-date guidance to ensure you are better informed, better able to navigate relevant regulations and better placed to make decisions about what you do with the personal data collected. 

Now, unlike the Joker I am not giving away free money or asking where The Batman is, I am simply offering up my thoughts on a topic that is of interest to me.  

 

Act now and speak to us about your privacy requirements

Start a conversation about how Privacy Made Practical® can benefit your business.

Click here to contact us.

Back to top