General Data Protection Regulation (GDPR) applies to a whole array of companies, organizations, and public institutions that process personal data no matter the industry, size, or revenue, and not all of them have experience with such regulations and therefore are reluctant to invest in their compliance.

If you are working in a highly regulated industry, you may be more accustomed to complying with different specifications, standards, laws, or policies that regulate your everyday business.

However, even then, GDPR can be perceived as a financial burden with anti-competitive side effects driving companies to focus more on avoiding GDPR fines and less on compliance and related risks and benefits. If an organization adopts a similar attitude it can create a lot of additional challenges for privacy professionals  – 7 DPO challenges in 2020.

Fortunately, we live in a data-driven world and are not condemned to navigate under assumptions. We now know that companies who invested in their privacy programs have achieved impressive ROI and secured an upper hand on their competition.

Over the past few years, data privacy has evolved from “nice to have” to a business imperative and critical boardroom issue.Cisco Data Privacy Benchmark Study 2020

Most organizations are seeing positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend. Cisco Data Privacy Benchmark Study 2020

Why should you care?

In general, GDPR prescribes standards, rules, and requirements that organizations should follow in their compliance journey and strives to create a framework that will ensure equal rules for everyone when it comes to personal data processing. That means the same rules apply to everyone.

However, it is not just about leveling the playing field, it is also about protecting the personal data of individuals and allowing them to exercise their rights and have control over how their data is processed, by whom, and why. To quote one Linkedin article:

You can’t make an economic argument about a right. You either accept its value or you don’t.”

How much are companies investing in privacy

According to the Cisco Consumer Privacy Survey, the average annual privacy spend in 2019 was US$1.2 million. The average privacy spend of small businesses (250-499 employees) was $800,000. Among large enterprises (10,000 or more employees), the average annual privacy spend was $1.9 million, and 2% of these enterprises spent more than $5 million.

So why are all these companies willing to spend so much time, resources, and effort in their compliance for the sake of protecting personal data?

Get 14-days Free Data Privacy Manager Trial

Reasons companies are investing in privacy

There are, of course, numerous reasons why companies decide to invest in their privacy program. However, some reasons are more common than others.

1.Customer expectations

Customers have stated loud and clear, they expect transparency and trust, and are willing to take their business elsewhere as a direct consequence of privacy-related matters.

Cisco’s consumer privacy survey indicates 84% of respondents care about privacy, about their data, about the data of other members of society, and they want more control over how their data is being used.

Of this group, 80% also said they are willing to act to protect it, and among privacy-active respondents, 48% indicated they already switched companies or providers because of their data policies or data sharing practices.

Although it is difficult, from a customer position, to have a clear insight into a company’s compliance status, companies can give them additional assurance by implementing a customer-faced interface that allows them to communicate their requests and preferences, as well as provide information about your policies and steps you’ve taken so far.

2.Competitive advantage

The percentage of organizations saying they receive significant business benefits from privacy has grown from 40% in 2019, to over 70% in 2020. Benefits vary from operational efficiency, agility, innovation, investor appeal, brand value, and more.

Surprisingly, GDPR has shown how regulation can produce positive economic results and has pushed a lot of companies into their digital transformation, giving them a better quality of data and improved overall customer experience. Companies are also experiencing:

1. Maximized efficiency
2. Improved customer experience
3. Improved risk management
4. Higher quality of data
5. Better marketing
6. Improved cybersecurity

3. Company values

Company values should support your vision, your culture, and describe what fuels the company. They are the essence of the company’s identity – the principles, beliefs, or philosophy of values.

Right now, big technology giants are battling for your trust, Apple stating they want to be the only tech company you trust, and there is a reason why.

Supporting privacy as your company value means creating a brand that customers will identify with trust and transparency. It implies you are aware of what is important to them, so it is important to you too. Therefore, investing in privacy can also be seen as an investment in the company’s brand identity and customer relationship.

4. Fines and lawsuits

While GDPR fines should not be a propelling fuel for your privacy progress, we cannot deny that a lot of companies would never embark on their privacy journey if it weren’t for the potential fines.

GDPR recognizes two levels of fines:

LEVEL 1: The less severe violation can result in penalties up to €10 million, or 2% of the organization’s global turnover of the preceding fiscal year, whichever is higher

LEVEL 2: For especially severe violations, the fine framework can be up to 20 million euros, or up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher.

However, besides the financial aspect, companies are also trying to avoid bad publicity that comes along with GDPR fines, reputational damages, and maintain brand value and investor appeal. Recent research by FTI Consulting revealed that companies expect a 9% drop in their global annual turnover as a result of a data privacy crisis.

To sum up

Accepting your responsibility to protect personal data will help you overcome the first hurdle. However, GDPR should be seen as an opportunity to instigate your digital transformation, improve overall processes and customer relations, and improve your marketing by feeding it with relevant data.

If you are lookg for a guide for creating support for your privacy program download Guide for a Successful DPO