As new data protection regulations come into force, smart businesses are already reaping the rewards of an effective data privacy strategy that goes well beyond just compliance.
Data has long been touted as the new gold and the latest data protection regulations to come into force – the POPI Act – are, along with European and US counterparts, attempting to tame the wild west in the middle of the gold rush.
POPI – Protection of Personal Information – is the South African equivalent of GDPR in Europe and CCPA in the US – and will be finally ratified over the coming days. While each have their regional nuances, these regulations essentially urge firms to organize their data, store and use it correctly. The regulations give consumers and individuals rights over their data and illicit harsh penalties on firms that fail to comply.
However, the smart businesses are already seeing these data protection regulations, not as a business inhibitor, but to gain business and competitive advantage.
A recent report from tech giant Cisco provides strong evidence that companies that invested in a full compliance strategy are reaping the benefits beyond just data protection. The overwhelming majority of companies surveyed (97%) said that at least one of the benefits of compliance was not directly related to data protection, while 75% of respondents said there were at least two indirect benefits.
Here are six reasons why we think data protection regulations are the perfect business opportunity.
Data protection regulations – Use data to make informed decisions
One of the main stipulations of the POPI Act and other data protection legislation is understanding and insight into the data you have. But data visibility isn’t just about ticking that compliance box. Once you have visibility and knowledge of your data you can leverage this information to make more informed decisions.
For legal departments, who by their very nature create and keep vast swathes of information, this has immediate bottom-line benefits. For example, by understanding it’s real estate portfolio better, Hub International was able to reconfigure its portfolio and save thousands of dollars straight to the bottom line.
More importantly, gaining insight over your data allows you to have a better view of your clients and by better understanding their businesses you can offer more informed counsel and higher levels of client service.
Data protection regulations provide an opportunity to get your data in order
There’s much truth in the saying ‘if there isn’t a deadline then nothing gets done.’ And in many ways, it’s the same for data. It’s only the onset of GDPR, CCPA and POPI that has forced many companies to examine their data. But unlike that deadline, a data strategy isn’t a one-off achievement. Just 12 months after GDPR was implemented in Europe, GDPR 2.0 came into force – the ePrivacy Regulations. POPI and CCPA will likely be the same – as the way organizations handle data continues to change, so the laws that govern that data will also continue to adapt.
That’s why so many organizations have taken this opportunity to get their data in order. Not only is data the goldmine that can help you make more informed decisions, but taking this time to structure and organize it properly puts your company in a prime position for adopting a more advanced data strategy such as using AI and analytics to gain competitive and client advantage. And you’ll be in good shape to hit the deadline when the regulations morph yet again.
Reduce reputational risk
Fear, uncertainty, and doubt (FUD) was a selling technique used by data security firms back in the early 90s when companies didn’t understand the value of their data. Now 30 years later the media is filled with enough horror stories of data breaches, regulatory fines, and the catastrophic damage that information leaks can have that security companies no longer need to resort to FUD tactics.
The risk though compared to 30 years ago is now double; not only for not being non-compliant and the financial repercussions this entails, but the added reputational damage of having a data breach.
According to the Cisco study, those companies that have invested in a data privacy strategy are were less likely to have experienced a breach in the past year (74% vs. 89%), and when a breach occurred, fewer data records were impacted (79k vs. 212k records) and system downtime was shorter (6.4 hours vs. 9.4 hours).
Conversely, companies that use these regulations to get their data in order are enhancing their reputation by demonstrating that they are taking their clients’ data seriously.
Unite your organization
One thing that many organizations still struggle with is that data is the responsibility of everyone. While many have appointed a Chief Data Officer – up from 12% in 2012 to 68% in 2018, the role isn’t proving to be as successful as many had hoped. HBR reports that only 28% of respondents to a recent survey said the role is successful and established. Data is created by all departments and therefore should be jointly owned from across the business.
This cross-departmental ownership doesn’t just help prevent data silos; it prevents human silos. Conversations around data storage, usage, and analysis are taking place and not just within legal and IT departments – marketing, sales, research, manufacturing – everyone is coming together to better understand what data they hold, why and what advantages it can help drive, all overseen by the board.
Gain competitive advantage
There are going to be some organizations that have used these regulations as a tick box exercise; they’re simply doing the minimum that needs doing to achieve compliance. No doubt that will be one or two of your competitors.
But by consuming these regulations more readily, the smart organizations are already seeing a competitive advantage. According to the Cisco study, 41% of organizations cited a fresh competitive advantage, and 42% of companies said that meeting new standards is helping them to broaden innovation thanks to the right data controls being in place.
Not only as previously mentioned, can you get a more in-depth understanding of your clients and their businesses to offer a better service, but companies are using their data to better understand their own business and ignite innovation and new thinking. Regardless of what you discover, your tick-box competitors won’t uncover anything that helps their business in the same way.
Boost your employee proposition
It’s not just your clients that will gain confidence in your organization by demonstrable proactive data handling, it’s also your employees. In the event of a data breach, it wouldn’t just be your customer data that malicious cybercriminals could attack – it would also be the large quantity of employee data on your servers and systems. You’ll likely hold even more personal information on your employees and therefore their data should be just as well protected as your clients.
Boosting staff confidence in your data security and use, not only ensures they can then project this confidence when speaking to clients, but it helps ensure morale and trust are established inside your organization.
Whether data is the new gold or the new oil, data regulations present the perfect opportunity to start digging and using what you find to reshape and transform your business. It’s the smart businesses that are already part-way through this process, and that, in the long run, will be using data to power their businesses. It’s the smart businesses that are already part-way through this process, and that, in the long run, will be using data to power their businesses to create competitive advantages, make better, more informed decisions and have happier staff and clients.
Contact us to learn how our Legal Services team can help you manage general risk and compliance with less cost and greater efficiency.