GDPR has put a spotlight on how brands use and collect data but also on their relationship with customers. Butlins, Ticketmaster and other brands have already come under fire for breaches – but the result is far greater than a fine from the IDC, rather lasting reputational damage.

The problem for many brands is that GDPR was viewed as the benchmark of satisfactory data practice. But good data governance is an ongoing process – it isn’t enough just to be compliant. Here’s how companies can manage their data well and improve their relationship with customers in the process.

1. Manage all data touch points across web properties

By limiting the number of parties that handle data, privacy risks are reduced. Every time a different business or person handles personal data, there is a risk of a leak, or the data being handled incorrectly – leaving it open to hackers.

When looking at websites (most brands’ digital shop window), one of the biggest challenges is getting visibility of which third parties are ‘tag piggybacking’ on web pages. What lies beneath a seemingly simple website is often a complex web of unauthorised and even unknown JavaScript tags that piggyback off one another – each collecting visitor data and sharing it with the technology providers for every digital element of the page.

Having clarity of these third parties within a brand’s ecosystem is essential. Then the process of banning piggybacking of unauthorised tags (likely best controlled through real-time whitelist and blacklist control in the browser) can begin. Auditing and then consolidating touch points is the first step to addressing potential vulnerabilities in any company’s security strategy.

2. Create a consent experience

The fear for many marketers is that they don’t have access to the same kind of data that they did previously. The reality is that there is just as much scope as before, if not a greater opportunity – the crux is creating a value exchange and ‘consent experience’ for customers.

If a consumer gets something in return for handing over their data, they’re going to be more receptive to the brand but this is new territory for many marketers. Before, data has been a given rather than earned.

To make the value exchange work, consumers must be educated, and messages around what it means to provide their data need to be communicated clearly. For brands, ensuring enforcement of data collection consent over all tags and website functionality is also key.

This can only be driven by personalised 1:1 privacy consent for all web visitors. The most elegant solution may be for organisations to deliver customer consent overlays directly onto web pages. This gives visitors a positive experience with respect to consent communications – and simplified control over data collection by various marketing technologies.

3. Take control by being transparent

Under GDPR rules, consumers have the right to change, move and edit the data brands have on them.

Some of the most important requests consumers can exercise is the right to be forgotten, as well as the right to object and the right to restrict processing. By managing these requests effectively and transparently, brands are able to maintain strong customer relations. Despite no longer holding their data, it leaves the door open for future engagements with the brand. Poor communication or lack of response could shut off that opportunity entirely.

Maintaining strict processes to ensure data is up to date and relevant means that brands will find more value within their existing data and can develop more meaningful relationships with customers. Being transparent with these processes and how data is being used is equally important.

Data, now, can often define a brand. GDPR forces and also empowers brands to reassess their relationship with customers. The new regulations have the potential to revolutionise the value exchange, where consumers receive personalised, meaningful content and services in return for transparent use of personal data.

Brands that will prosper in this new world will look to go beyond compliance and consistently explore how they can improve their data practices and governance. Those that don’t will suffer the same fate as those companies that have already been caught out.