5 reasons organisations need to prioritise privacy
An increasingly connected world means that more data flows between companies, countries and continents. Generally, data can be split into two categories: personal data and business data. In the event of a data breach, both sets of data have the potential to inflict damage on businesses. The repercussions of a data breach can include reputational, financial and intellectual property damage.
In the past two years, a wave of privacy regulation has hit organisations on both sides of the Atlantic. In Europe, the General Data Protection Regulation (GDPR) came into effect in May 2018 to protect consumer privacy. The California Consumer Privacy Act (CCPA) followed shortly after, with Brazil the latest country to address privacy concerns.
These 5 reasons highlight the benefits of prioritising privacy.
1. Return on investment
Consumers have become considerably more data aware in recent years and expect privacy to be a central part of a brand’s identity. Data privacy has gone from small print to front page news and is now seen as a business investment that returns significant business benefits. For every euro spent on privacy, the average company receives €2.40 in benefits, such as operational efficiency, financial agility and business innovation, according to Cisco.
Other business benefits related to data privacy include:
- making companies more attractive to investors
- building loyalty and trust with customers
- mitigating losses from data breaches
- reducing sales delays.
Boards and senior leaders are recognising that investment in privacy creates business value. As data privacy fills more of the news agenda, the public will be more enticed to learn more about the topic. People generally understand their basic data protection rights and will hold companies accountable.
2. Financial penalties
The European Commission designed the GDPR to make non-compliance a costly mistake for businesses of all sizes. So far, more than 250 organisations have been penalised for non-compliance with fines totalling over €450 million. GDPR violations are divided into two tiers which can be categorised into the less severe infringements and the more serious infringements.
The former could result in a fine of up to €10 million, or 2% of the company’s worldwide annual revenue. The latter has an upper limit of €20 million, or 4% of the company’s worldwide annual revenue.
Google and Facebook have been hit hard by these fines, some of which are still pending for legal reasons. Danish taxi firm Taxa 4×35 was fined €160,000 for not deleting or anonymising its customers’ data. GDPR fines loom for companies of all sizes and not adopting best practices in privacy protection could be too costly not to adopt.
3. Business reputation
It takes years for businesses to build a reputation and earn the trust of consumers. With more thought being given to how personal data is used, consumers are conscious of how brands approach privacy protection and what steps are being taken to protect their data.
Brand value represents a significant amount of a company’s market capitalisation and privacy related incidents pose a direct threat to a company’s financial value. Facebook learned this lesson the hard way. After the Cambridge Analytica scandal, user growth slowed and shares dropped 19%, wiping €105 billion off the social media giant’s market capitalisation. The biggest ever one-day drop in a company’s market value.
For businesses, constantly analysing consumer behaviour and taking part in the privacy conversation is a step in the right direction. Long-term success depends on the ability to earn the confidence of consumers.
4. Consumer confidence
The popularity and availability of review sites means that anyone can be an influencer. Customers, and in particular millennials and Gen Z’ers, are more likely to share experiences online. These experiences can amplify positive or negative messages and reach a host of potential customers.
According to Salesforce, 92% of customers say that trust in a company makes them more likely to buy more products or services and 86% more likely to share experiences.
The younger generations tend to have a better understanding of how their personal data is used and as time goes on, businesses will be dealing with more tech savvy customers who expect more in return for their data.
Transparency is crucial in customer relationships. People are more willing to hand over their personal data when they have control over what’s being collected. Sites with strong privacy policies will be in a better position to gain the trust of the consumer and generate more sales.
5. It’s the right thing to do
People own their data, not you.
Consumers are the true owners of their personal data, but once the data is shared, data controllers are responsible for protecting it.
Businesses with a large, loyal customer base have a moral and legal responsibility to look after their customers’ data. Whenever people trust a company with their personal data, it is often with some reservation.
And rightly so.
Numerous companies have made headlines over the years for data breaches and with the GDPR and other state and national laws being introduced, data protection will continue to be at the front of consumers’ minds.
With some exceptions, the bottomline is that people have the final say about their personal data, not the company that stores it.