Trust is the core of user data compliance


Users need to know — and consent to — the use of their data. To get their consent, you need their trust.


Users have begun to distrust targeted ads or interactions that show surprising knowledge about them, extracted from third-party data on other websites or apps. Now, more organizations are using their own first-party data that they collect directly from users. 

Headshot of Chaitan Parikh

“Trust is lost very quickly, and it's hard to rebuild. It is challenging and, as an organization or as an individual, building trust is truly key.”

Chaitan Parikh

Grant Thornton Risk Advisory Senior Manager


With first-party data, you can prioritize data quality over quantity. You can have better leads when users have knowingly consented to sharing their data and, if you manage interactions well, you can build user trust that is a competitive advantage. “Trust is lost very quickly, and it's hard to rebuild,” emphasized Grant Thornton Risk Advisory Senior Manager Chaitan Parikh. “It is challenging and, as an organization or as an individual, building trust is truly key.”


To build trust, build relationships. Users need to indicate their consent once, and then continue to reconfirm their consent in the future. In a recent Grant Thornton webinar, attendees said that the need to renew user consent is the most challenging aspect of fostering a trust lifecycle.



The need to renew consent agreements is just one of the regulatory requirements that can illuminate the path to long-term user trust. While regulations can vary by jurisdiction, most aim to ensure that users understand and consent to the ways that you intend to use their data.




Consequences of failing consent


Even when regulatory requirements vary, there are always consequences for breaches, malpractice or non-compliance. Some of those consequences have direct financial impacts in the form of fines.


However, the failure to comply could risk business continuity and require retraining of staff, an expensive and disruptive operational overhaul of your consent mechanisms, or even the implementation of new systems. Once a compliance failure reaches the attention of regulators or courts, organizations can lose much of the control over how and when they address the issue.




Challenges of maintaining consent


User trust is fundamental, but “user consent” is defined by regulations. The biggest challenge to building and maintaining consent can be the risk of new regulations. In a recent Grant Thornton webinar, attendees indicated that the changing regulatory landscape is their biggest barrier to centralizing data consent.



To maintain consent, you need a combination of the right technology, regulatory understanding, buy-in from internal teams, staff support and financial resources.


Marketing, IT and compliance must work together. Marketing can focus on outreach, IT can focus on the infrastructure, and compliance can focus on the approach. Each area has different needs. The marketing department’s desire to collect robust data may conflict with the compliance team’s need to ensure that consent is fully opt-in and transparent. One way to meet multiple needs is to progressively build user profiles. Even if you only request the minimum information for each transaction, you can progressively build user profiles while also building each user’s trust. These profiles also help IT ensure that each user’s preferences are honored throughout the process, which further encourages their consent.  


To build and maintain consent, your organization needs to listen and speak as one. Build consent into your product development process, from the earliest discovery processes, and connect that with a proactive approach that considers the future of regulatory compliance and consent.




Actions for maintaining consent


Regulatory compliance is a starting point for consent, but it’s important to pair that with a proactive approach. Anticipate regulatory scrutiny and user expectations by building flexible systems that let you manage updates while you focus on your core business. “Early adoption of best practices — and the enabling technology — allows the business to focus more on its core objectives and less on the regulatory scrutiny,” said Grant Thornton Risk Advisory Manager Sam Sigman.


A proactive approach requires various actions across your system. For instance, you need to communicate transparently with your users, empower your users and educate your employees, taking actions like these:

  1. Update outdated terms.
  2. Clarify vague terms.
  3. Make opt-outs accessible.

Once you understand what’s required for user consent, you might see some required changes for your technology structure. For example, you might need to build more privacy into systems, implement more rigorous security measures, or conduct regular audits and risk assessments. A formal process for these reviews ensures consistency, accuracy and reliability. It’s also easier to make enhancements and conduct training for your audits and risk assessments when they are defined and repeating. 


A data consent failure can compromise an organization’s reputation, weaken its brand, and ultimately disengage its users and customers. If you empower users to understand and control the use of their data, you can build trust, maintain user consent and comply with new regulations into the future. Now is the time to start fostering the user trust that leads to lasting data consent. 



Content disclaimer

This Grant Thornton Advisors LLC content provides information and comments on current issues and developments. It is not a comprehensive analysis of the subject matter covered. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this content.

Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.

For additional information on topics covered in this content, contact a Grant Thornton Advisors LLC professional.


Our featured insights