How to increase user loyalty through data protection

If you think that privacy is a cost you could do without; think again. Turn privacy from a cost-sink burden into a revenue driver by strengthening the bond with your customers.

OlegAugust 17, 2021
How to increase user loyalty through data protection

It’s not always easy to convince product managers to include additional disclosures into the user interface. They typically ask whether this is really mandatory and which law requires us to do so.

The problem is: contextual hints about what data is used for are not — strictly speaking — obligatory. But this is what a polite and respecting person would do when asking for another’s data.

I often hear complaints about how user privacy runs counter to business interests. But I don’t see it that way. On balance, privacy could be beneficial to business.

Investments into privacy

One of the first costs for any business that wants to bring their privacy practices up to speed is the money paid to privacy professionals. Truth be told: these people are pretty expensive.

IAPP has published significant survey data on how companies pay their DPOs.

In the EU and US, the privacy budget averages out at $622,000 per year and 60% of this is spent on top-class professionals. In 2019, the average yearly wage of a DPO was $123,050. Chief Privacy Officers in the US are especially well paid with a median base salary of $200,000 for 2019.

If you wish to calculate the privacy budget for your company, you can multiply your company’s headcount by $128: the mean spending per employee according to IAPP’s Annual Governance Report 2019.

In addition, privacy professionals are known to add additional friction to business processes. After all, they are a control; controls, by their nature, slow things down.

Return on your investment

Most businesses think of DPOs as a measure mitigating their regulatory risks. And you can’t blame them since the risk is pretty real.

Depending on the offence, in Europe you can be fined up to 20 million euros or 4% of annual revenue, whichever is higher. Fines have been dished out all over the place: most offences are priced in the tens of thousands of euros, while some jurisdictions, especially Germany, have been significantly harsher. For example, the German regulator recently fined a telecom company 9 million euros for the unauthorized disclosure of just 1 phone number.

When the GDPR first came into force, the biggest fines in the EU were for data breaches. British Airways was hit with the biggest of all such fines, with the penalty initially set at 210 million euros. However, this was reduced to 22 million euros last year. 2020 set the trend for high fines and for different ways of breaking data protection law. For example, retailer H&M was fined 35 million euros by Germany for the illegal collection of data on its staff, while the French regulator slapped a 100 million euro fine on Google for incorrect cookie banners.

Yet it’s a mistake to think that regulatory risks are the only reason you would hire a privacy professional. Actually, they could become a revenue driver if properly integrated into your product team.

The Boston Consulting Group carried out some research about consumer behavior where companies misuse data. The findings underlined that data misuse is not understood as any transgression of the law, but disappointment and a feeling of being let down regarding how the data is collected and processed.

According to 20% of those surveyed, 20% have felt let down by companies. Disappointed with your service, consumers are ready to decrease spending on it by 30-33%. This means that your company loses 5-8% of its yearly turnover. These figures are much higher than that of the fines we looked at above.

So it turns out that privacy professionals don’t just save your company from hefty fines, but can also improve your customer relations.

Getting ahead

The work of a privacy professional could have a positive effect on the financial indicators of your company. To do so, a DPO should be able to set the tone for customer relations and this tone should be based on lawfulness, fairness, and transparency. Coincidentally, these principles are explicitly hailed by GDPR (see Article 5).


Your customers have the right to expect that you observe the law. Breaking the law is seen by the customer as a breach of their confidence and your trustworthiness; not as just falling foul of state regulations.


Even if you have found a legal basis for processing a set of data, you need to assess how fair to the customer it would be to do so. Just put yourself in the customer’s shoes: would you want your data being handled in that way?

86% of cookie banners don’t offer any other choice but for the user to accept. It is Hobson’s choice: accept or leave the site. If you want to build trust with your customers, it’s fair to offer them a real choice.

Following principles of fairness allows you to actually improve your product or service. For example, some sites don’t allow you to sign up to their service unless they go through a myriad of checkboxes. WhatsApp’s recent changes to its privacy policy showed just what users will do if you get off on the wrong foot with them.


Respect for your customers is shown by the way you communicate with them and the way they understand what you are trying to say. The main function of a privacy policy is open up a conversation with your customers and tell them how you process their data.

The problem is that many companies prefer to leave their policies in legalese, using complex language that the Average Joe cannot understand and won’t make the time to read. Taking the time to go over the legal texts on your site and transforming them into simplified and understandable terms that anyone can understand is a great way to boost transparency.

Tricking your customer with a confusing legal text won’t make them feel protected.

Your customers won’t be happy if you put them between a rock and a hard place. Showing respect for your customers is something you need to do in every way you interact with them, and showing respect through transparency brings repeat business.

Wrapping up

Let’s look at some of the steps that you can take to increase the bond with your customers through privacy:

  1. Calculate the potential costs of hiring a privacy professional

If customer data isn’t core to your business, you can probably outsource this role. The demand for competent specialists is high so be prepared for the price tag if you need to employ someone full time.

  1. Work with a privacy professional to see what your main legal risks are

This could help you avoid nasty surprises in the future. For example, you may avoid having to delete data which is a cornerstone of your business since you know you collected and process it lawfully.

  1. Get all of your stakeholders together and come up with a strategy

Work together with analysts, lawyers, engineers, and others to make your service becomes number one in its market, with privacy as a key differentiator.

Apply the following logic to your user agreements:

  • Comply with the law
  • Behave as you’d like to be treated
  • Don’t hide anything

If you are developing interfaces, try and be clear about why you are collecting data. If you are launching a new product, ask yourself: how would you feel if your data was being handed over to marketing agencies for god-knows what purposes? Think of the customer like you’d think of yourself.

Employ a tool to discover your data privacy gaps

Oleg is an expert with more than 6 years of experience in privacy and data protection. Certified CIPP/E and CIPM by IAPP. Currently a DPO of a giant e-commerce marketplace with 400M+ users.
Subscribe to our newsletterReceive the latest news, data privacy insights and updates
We will not share your email address. 
For more information, read our privacy policy.