The Chief Trust Officer is a new role that is responsible for all aspects of trust between a company and its customers. Drew Nielsen is Chief Trust Officer at his company Druva – he leads security and data protection activities but he also has to get involved in areas like customer experience and compliance too. This goes beyond looking at the tech on its own and he takes the time out to tell us some more, With the deadline less than a year away its time to take note and act fast.
Q: What’s the biggest issue that companies face around data today?
A: Without a doubt, GDPR. The European Union’s General Data Protection Regulation is less than a year away, and many organisations are only in the initial stages of preparing for this.
A lot of the marketing around GDPR covers data security and breaches – now these are important issues that companies have to prepare around, but this is not solely an IT problem. Companies of all sizes have to think about where and how they create and use customer data every day, where they store it, and how they manage this over time.
The growth of mobile computing and cloud applications means that more data is outside the control sphere of traditional infrastructure. Getting a handle on where this data actually is, what is getting created over time, and how it’s all managed are three essential elements that all companies have to understand as part of becoming compliant.
Q: So is this a technology problem, a people problem or something else?
A: Technology is a factor here. However, it’s more that companies don’t have up to date information management processes in place. People within companies don’t think about following information management rules, they care about getting their reports done or being able to use their data easily. However, this can mean that sensitive data gets handed out without the right authorisation.
Let’s look at some real-world examples. Say you download a list of customers to run a report. Do you delete it off your laptop afterwards? Do you even tell anyone? The answer here is probably not. Similarly, if you hand a customer database over to a partner for them to carry out some marketing on your behalf, have you checked their approach to security?
After GDPR comes into force, these kinds of interactions will attract more oversight. Any company that hands a list of customer records to a third party is just as liable under GDPR if and when that third party suffers a breach.
Many companies work with customer data, and there will be many more rules to follow in future. Preparing for this now will be important. Vendors and service providers will market their services as GDPR compliant, but it’s worth taking some time to get familiar with the rules yourself. Bodies like the ICO in the UK and the Data Protection Commissioner in Ireland provide good, easy to understand guidance on what you should be doing.
Q: Is GDPR forcing more companies to look at their security and their data?
A: To some extent yes. However, I see companies looking at how they interact with customers more widely. With so many companies going through data breaches over the past few years, these type of news stories are the new normal. The stigma of being hacked is gone. As a society we have reached acceptance when it comes to data breaches. What matters more is how companies respond. Do they seem like they are doing their best, or are they simply going through the motions?
Maintaining customers’ trust is becoming more important to businesses. It supports how and why customers choose to buy from companies, whether they are individuals making their own purchases or corporate buyers responsible for huge sums of spend. For all companies that go through a data breach, responding in the right way can make the difference.
Q: So how can you make Trust into a recognisable asset?
A: Trust goes across multiple business departments – it’s in the marketing promises that you make, the after-sales service you provide, the customer experience that you get on the website and the IT security provisions you make.
Having someone responsible for championing this wider approach within the business is a good approach. In the past, companies have appointed CIOs to be responsible for how companies use information. Today, there are more roles cropping up around areas like data and trust. These responsibilities cut across departments.
I think Trust is the next area for many companies to invest in, as information management crosses over into different business activities, while absorbing traditional areas of responsibility like security and privacy. My own company feels that way, so that’s why I have the title of Chief Trust Officer now.
Q: What does a Chief Trust Officer role offer?
A: A CTrO has to understand IT security, data privacy and the technical aspects of information management, but also how those elements affect how the business works in practice.
Let’s take GDPR – this will affect marketing teams using data, how customers can request their data from companies, and what IT departments have to do around keeping customer records secure. Each one of these processes may have to change. Keeping those changes in perspective can be difficult if you don’t have the right context in mind. A CTrO can provide that understanding.