Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Data and privacy: Personalisation vs privacy, getting the balance right

This article was first published in Digitalisation World

The key to ensuring you have happy and loyal customers is not to think of the privacy debate as personalisation versus privacy, but as personalisation with privacy in mind. Customers expect to be recognised by the organisations they engage with, be it at a hotel chain (“Hello Mr Patel, Welcome again to Hotel Paradise”), or a video streaming website (which remembers the last movie you saw and provides recommendations for similar ones), and want their experiences personalised. Organisations need to find ways to balance the need for this kind of personalisation with privacy rights of the customers and wider privacy requirements from regulations such as GDPR and CCPA.

There are a number of ways organisations can achieve that balance. The first is to build trust with customers by being transparent. Privacy notices are a great way to inform your customers about how their personal data is used by your organisation. However, they need to be written in an easy to understand language, and provide information about who the data is shared with, the reason for storing this data, how long is it kept for and which countries is it processed in. This kind of transparency is a core building block of building trust.

That should be reinforced by offering your customers real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation. In the end, it’s their data and they need to understand the impact or benefit of providing or not providing their consent for you to use the data. If companies make it easy for users to understand the benefits of providing consent, and there will be an increase in customers opting in to share their data with you.

This kind of engagement should not be a one off with privacy notices just sitting in a corner of your website. They need to be central to the user experience, so if a customer has not provided consent to be shown customised content when they enrolled, you might want to remind them by showing a pop-up when they log in next time. This should explain why they are being asked and what they can do to receive customised content if they wish to. It is important not to do this too often which might annoy some customers, but if it is done in the right way and at the right frequency, this can lead to happier customers and increased loyalty.

It is also important to educate internal stakeholders about your approach. Large organisations often have a variety of Business Units which look at the privacy challenge in different ways, which can often confuse the customers. The entire organisation needs a consistent approach which has been set out in engagement and awareness programmes which have set out how a balance between personalisation and privacy leads to greater trust and generates business value.

Even when you have done everything right, there will be times when customers have a grievance about how you have used their personal data. They might make requests to either change the data, get a copy of it or in the worst case, delete the information that you store on them. It is vital that you have tried and tested procedures for every possible scenario, have teams and systems in place to action these requests and also understand what other legal obligations you might have to archive some elements of the data. Even though in the short term, these requests might seem to have negative implications (if they decide not to use your customised service), in the long term customers will remember how quickly and professionally you acted which will help with the wider question of trust.

Only companies which can find this right balance between personalisation and privacy will be successful in the future. Too much of either would risk either being ignored by the customer (if there is no or very little personalisation), or losing their trust (if there is no or very little privacy), both of which could have disastrous consequences on your business.

Sharad Patel is a data privacy expert at PA Consulting

A global movement towards increased data privacy is changing the way companies do business. Are you ready for the new era of data privacy?

Read more

Contact the author

Contact the data privacy team