Over the last couple of years, our meetings with CMOs have changed. They’re looking for ways to reframe the discussion in their own organizations, moving from a reactionary stance that seems like a chore to one that not only anticipates customer’s needs but also adds value to the business.

In the last year alone, we have worked on over 2,600 cyber and privacy risk engagements, and marketers are a crucial part of that equation. It’s no surprise. They’re responding to a new regulatory landscape and, more importantly, to changing consumer habits.

On the one hand, consumers are seeking more personalized experiences that meet their unique needs. Deloitte research shows that over 50% of consumers would like more personalized experiences in various categories, such as hotels, flights, and furniture shopping. On the other hand, consumers are concerned about their privacy and want control over the ways that their data is collected and used. In another Deloitte consumer study , 81% of consumers reported taking some action due to data privacy concerns in the past year, with 40% deleting an app and 43% deleting their browser history.

Providing personalized content, goods, services, and experiences while also addressing consumers’ privacy concerns requires thoughtful, strategic changes across your entire organization. We’ve found three areas CMOs can prioritize to help their teams provide a personalized customer experience in a privacy-first way.

Communicate the challenges and the opportunity across the C-suite

Because a new approach to data collection and usage will have an impact on all parts of the company, all teams, from product development to analytics, need to be united around a common vision and the steps required to realize that vision. Defining this transformation plan starts at the top with the C-suite.

It shouldn’t be framed as a chore the company is required to tackle. Fold the messaging into the company culture and highlight the business opportunities.

A number of our clients have started to implement privacy-first strategies, moving beyond compliance to protect consumer privacy at every turn. As a result, they tell us that they are seeing more innovation and experimentation while seeing significant benefits, from new ways to engage individuals to longer lasting relationships with customers. When customers’ needs and expectations drive the approach to first-party data collection, the value exchange becomes more meaningful and based on trust. Gaining trust requires innovative solutions, underpinned by privacy and ethics considerations from the design stage.

Your plan should lay out how you’ll implement that privacy-first mindset across the company, from educating employees on what it means to be privacy-first to identifying the systems you’ll use to ensure that data is collected and stored responsibly.

Privacy shouldn't be framed as a chore the company is required to tackle.

Once the C-suite has shared an action plan for achieving a privacy-first, personalized future, teams will be more equipped to work cross-functionally toward their common goal. When privacy is top of mind for everybody, there’s a better chance that privacy-first solutions result in creative, efficient, and consumer-focused uses of personal data, while also minimizing risk.

Empower your organization — and experiment

Privacy must be part of the entire lifecycle of a project or product development, and everybody, regardless of their role, should be equipped to protect user privacy.

Privacy practitioners (privacy lawyers, experts, and engineers) need to be at the heart of product development ensuring that customer data will be handled in accordance with data-protection legislation and privacy by design principles.

You should think about developing guidelines to help teams navigate the responsible use of first-party data from collection to activation to retention. Your guidelines should also take into account external partners and vendors (more on that in a bit). Companies also need leadership to champion the privacy strategy to enhance and maintain operational alignment and safeguard the integrity of data.

Privacy must be part of the entire lifecycle of a project or product development.

And don’t forget to experiment. Both technical and nontechnical teams should be encouraged to test and learn from new, privacy-forward approaches to data collection and usage. To ensure that teams across the organization can innovate and share their learnings, we’ve found that engaging your C-suite counterparts to develop a feedback loop for the efficacy and ROI of these experiments is hugely valuable and helps to demonstrate your privacy strategy firsthand. You’ll also be able to use results to determine whether a new approach is worth scaling across the company.

Be sure vendors and partners are on board

Many organizations have a gap when it comes to their privacy-first strategy. The typical company outsources many of its tech solutions and processes. As a result, privacy risk or regulatory violation becomes quite considerable. In a recent Deloitte survey of 500 business leaders from organizations with operations in Europe, the Americas, and Asia, 76% of respondents indicated that regulations around data privacy and protection are affecting their outsourcing decisions. This is where the need for operational alignment and good data hygiene comes in.

To address this, privacy practitioners need to be involved in discussions with partners to ensure contracts and processes are compliant. The key here is to ensure privacy professionals are made aware of all features offered by an external vendor and ask all the right questions about a vendor’s approach to privacy and data security. This approach will avoid problems later and will ultimately allow scalability and efficiency.

With consumer awareness on the rise amid increased and widened regulatory scrutiny, those who embed privacy and ethics across their organizational strategy will be able to engage more meaningfully, build a more solid presence in the market, and demonstrate to consumers the benefits of sharing data. Ultimately, the question consumers will be asking is: Is this company using my data in a responsible, safe way that will bring me value? The more they understand why you need their data and how it will be used, the more they’ll be willing to share their information.

Technology can support this, but the right mindset and the ambition for a privacy-first organization starts in the C-suite.