General Data Protection Regulation (GDPR) applies to a whole array of companies, organizations, and public institutions that process personal data no matter the industry, size, or revenue, and not all of them have experience with such regulations and therefore are reluctant to invest in their compliance.
If you are working in a highly regulated industry, you may be more accustomed to complying with different specifications, standards, laws, or policies that regulate your everyday business.
However, even then, GDPR can be perceived as a financial burden with anti-competitive side effects driving companies to focus more on avoiding GDPR fines and less on compliance and related risks and benefits.
If an organization adopts a similar attitude it can create a lot of additional challenges for privacy professionals – 7 DPO challenges.
Fortunately, we live in a data-driven world and are not forced to navigate under assumptions.
We now know that companies that invested in their privacy programs have achieved impressive ROI and secured an upper hand over their competition.
“Over the past few years, data privacy has evolved from “nice to have” to a business imperative and critical boardroom issue.” Cisco Data Privacy Benchmark Study 2020
Most organizations are seeing positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend, according to the Cisco Data Privacy Benchmark Study 2020.
Why should you care?
In general, GDPR prescribes standards, rules, and requirements that organizations should follow in their compliance journey and strives to create a framework that will ensure equal rules for everyone when it comes to personal data processing.
However, it is not just about levelling the playing field, it is also about protecting the personal data of individuals and allowing them to exercise their rights and have control over how their data is processed, by whom, and why. To quote one Linkedin article:
“You can’t make an economic argument about a right. You either accept its value or you don’t.”
This means you will have to think about what kind of company you want to be and what kind of values you want to support. Focusing on privacy as one of the key values can help you create trust between you and your customers.
Research suggests that 65% of people have stopped buying from companies that did something they consider distrustful, while 73% of customers say trust in companies matters more than it did a year ago.
How much are companies investing in privacy?
According to the Cisco Consumer Privacy Survey, the average annual privacy spend in 2019 was US$1.2 million. The average privacy spend of small businesses (250-499 employees) was $800,000.
Among large enterprises (10,000 or more employees), the average annual privacy spend was $1.9 million, and 2% of these enterprises spent more than $5 million.
So why are all these companies willing to invest so much time, resources, and effort in their compliance for the sake of protecting personal data?
Reasons companies are investing in privacy
There are, of course, numerous reasons why companies decide to invest in their privacy program. However, some reasons are more common than others.
#1 reason why companies are investing in privacy: CUSTOMER EXPECTATIONS
Customers have stated loud and clear, they expect transparency and trust, and are willing to take their business elsewhere as a direct consequence of privacy-related matters.
Cisco’s consumer privacy survey indicates 84% of respondents care about privacy, about their data, about the data of other members of society, and they want more control over how their data is being used.
Of this group, 80% also said they are willing to act to protect it, and among privacy-active respondents, 48% indicated they already switched companies or providers because of their data policies or data sharing practices.
Although it is difficult to have a clear insight into a company’s compliance status as a customer, companies can give customers additional assurance by implementing a customer-faced interface that allows them to communicate their requests and preferences.
#2 reason why companies are investing in privacy: COMPETITIVE ADVANTAGE
The percentage of organizations saying they receive significant business benefits from privacy has grown from 40% in 2019, to over 70% in 2020. Benefits vary from operational efficiency, agility, innovation, investor appeal, brand value, and more.
Surprisingly, GDPR has shown how regulation can produce positive economic results and has pushed a lot of companies into their digital transformation, giving them a better quality of data and improved overall customer experience. Companies are also experiencing:
- Maximized efficiency
- Improved customer experience
- Improved risk management
- Higher quality of data
- Better marketing
- Improved cybersecurity
#3 reason why companies are investing in privacy: COMPANY VALUES
Company values should support your vision, your culture, and describe what fuels the company. They are the essence of the company’s identity – the principles, beliefs, or philosophy of values.
Right now, big technology giants are battling for your trust, Apple stating they want to be the only tech company you trust, and there is a reason why.
Supporting privacy as your company value means creating a brand that customers will identify with trust and transparency.
It implies you are aware of what is important to them, so it is important to you too. Therefore, investing in privacy can also be seen as an investment in the company’s brand identity and customer relationship.
According to Gartner’s predictions for the future of privacy, privacy is today, what “organic” or “cruelty-free” was in the past decade.
#4 reason why companies are investing in privacy: FINES AND LAWSUITS
While GDPR fines should not be fuel for your privacy progress, we cannot deny that a lot of companies would never embark on their privacy journey if it weren’t for the potential fines. All top 5 GDPR fines have been multimillion fines.
LEVEL 1: The less severe violation can result in penalties up to €10 million, or 2% of the organization’s global turnover of the preceding fiscal year, whichever is higher
LEVEL 2: For especially severe violations, the fine framework can be up to 20 million euros, or up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher.
However, besides the financial aspect, companies are also trying to avoid the bad publicity that comes along with GDPR fines, reputational damages, and maintain brand value and investor appeal.
Research by FTI Consulting revealed that companies expect a 9% drop in their global annual turnover as a result of a data privacy crisis.
To sum up
Accepting your responsibility to protect personal data will help you overcome the first hurdle.
However, GDPR should be seen as an opportunity to instigate your digital transformation, improve overall processes and customer relations, and improve your marketing by feeding it with relevant data.