Client Experience

Client Experience

Wondering why you should hire a privacy consultant or an attorney?

Not sure what you need? The stories below are client experiences that cover privacy needs from a solopreneur to a multimillion dollar corporation. They’re written to help you get a better sense of how these services could apply to you based on what you’re currently offering and what you may be ramping up to offer in the near future.

Don’t worry if you still can’t quite wrap your head around all of it. We cover all of this in your complimentary consultation as it specifically relates to you and your business.

Already know what you’re after? I like the way you think. You’ll find our full list of services here.

Experience A: The Little(r) Guy

 

The Business: A smaller US-based B2B company specializing in professional development contacted me for help with their GDPR game plan. They were confident in their overall marketing plan and how they were steadily growing their customer database. They had a solid presence on social media and in their online advertising. All they needed to know from me was what they might need to tweak slightly to bring it up to GDPR standards.

 

Consultation: When I asked about their privacy policy, there was an uncomfortable shuffling of papers which I took as my cue to move on. “No worries,” I reassured them, “That’s easy. I write three or four of these every day. Let’s just talk about your privacy and security measures more generally.” Silence.

It didn’t take long to learn there wasn’t actually anything in place. They also confided in me that, in addition to collecting information from users who bought services, or signed up for their newsletter, sometimes if they just had a name, they’d use third-party sources to try and learn more about this individual. If they found what they were looking for, they’d go ahead and add them to the database. None of their customers were informed as to how the information they collected would be used.

Ouch.

Action Plan: The results of the quiz showed they were serving and marketing to EU individuals so we created a GDPR compliant privacy policy. We determined what data they were collecting and developed a secure online data strategy that let their customers know what was happening with the information they shared and allowed the company to still deliver its value with minimal interruption.

For the full list of services, click here.

Experience B: Mid-Sized Business

 

The Business: A mid-sized B2B US-based marketing agency with global customers and a dozen employees in the EU.

 

Consultation: Five minutes into the call, I could tell these guys were genuinely worried. They process a lot of data for their clients and engage in targeted marketing. They even help vet vendors so they can pass trusted recommendations on to their customers. GDPR, however, had thrown them a curveball. They didn’t have a plan and they wanted one badly.

“You have to understand how nice it is to hear this,” I told them. “Most of my calls lately have involved a lot of people trying everything they can to squirm out of having to do what they know they need to do.”

If you don’t know this already, clients really love to hear when you notice they’re doing something right.

“Honestly, we’re not thrilled,” he told me, “But who is? It’s obvious though that if we don’t get it together, and fast, this could really hurt our business. Clients aren’t going to want to work with someone who isn’t taking their privacy seriously, not to mention breaking the law. So, where do we start?”

 

Action Plan: To understand the full scope of the work, we agreed to start with a GDPR gap analysis to identify the areas they would most need to focus on. The results showed they would need to document their business processes by performing a data inventory, update their privacy policy, provide training to ensure understanding and compliance of their entire global workforce, and update privacy and security procedures. We also discussed how to thoroughly vet vendors who rely on pixels to run campaigns or collect data, particularly those who would be listed as trusted recommendations to customers.

Once the foundation was in place, we agreed to do periodic privacy checkpoints throughout the year to update any documentation and to evaluate and integrate any privacy considerations before launching any of their new products, services or marketing campaigns.

“I’ve got to say,” she told me as we wrapped up our last call, “I started out thinking this was going to slow us down, but now I’m more inspired than ever and confident our customers won’t think of going anywhere else.”

Who says privacy has to be boring?

For the full list of services, click here.

Experience C: Major Corporation

 

The Business: Large-scale corporation primarily focused online with customers worldwide, including a significant percentage in the EU.

 

Consultation: One thing you may not know about major corporations is, despite often having more resources to work with, they have the exact same concerns smaller companies do and are often just as lost as to how to make sure they’re covered and don’t take a hit.

What I like most about my consultations with representatives of major corporations is that they usually don’t argue with you. They respect your zone of genius and don’t want to waste time trying to figure out if there’s a workaround to what you have in mind.

I applauded the fact that they already had a substantial GDPR effort underway and what they needed now was someone who could lead the project. They wanted a subject matter expert who could internally meet all the requirements of data inventory, privacy notices, and individual rights needed under GDPR. Due to the scope of the project, and the board’s concern it would get done in time, Red Clover Advisors partnered with a legal firm, as well as several internal members of the company, to create a cross-functional team that would cover all their bases.

 

Action Plan: Our first step as a team was to create a project plan. We performed the data inventory, documented all the personal data elements for each vendor and business process, the associated security controls, the flow of data between the US and other countries, and prepared Article 30 records as required by GDPR.

Next, we trained the front-line employees so they were prepared for any incoming requests and developed an individual rights request process to ensure there was no miscommunication from a customer service representative. We also discussed how the company would integrate privacy into future products and prepared them to use a privacy impact assessment.

The result? They’re stronger than ever with a clear understanding of the personal data they collect, a list of go-to vendors, and a seamless workforce who knows how to infuse privacy and security into every activity without missing a beat.

For the full list of services, click here.