Are the costs involved in making IT systems compliant with regulations worth the trouble?
The future of business will be driven by insights into customers, their choices, their preferences and their consumption patterns. Today we have technologies that can be invasive and breach customers’ privacy, considering we are living in an uber connected world. A couple of years ago cab aggregator Uber published a survey on how its customers used escort services in the US. Search engines have the kind of insights into its users no other company has. There are algorithms making sense out of every piece of communication you initiate on cloud email platforms. In essence these companies has granular information on your likes and dislikes and preferences. It’s similar with other online operators. Amazon will have your online purchasing profile and Swiggy knows your favourite dishes. The good part of it is that enterprises will have actionable insights into potential customers, nevertheless there’s a potential of security breach.
The good news for customers is that privacy regulations are catching up with changes in technology. General Data Protection Regulation (GDPR), which came into force in May 2018, makes it mandatory for companies that transact in the European Union (EU) to protect customer privacy. GDPR is landmark legislation in the sense that it makes it mandatory for enterprises to get potential customers’ consent before data processing. It requires companies to anonymise collected customer data to safeguard privacy. GDPR has strict rules as to how companies should handle the transfer of data across borders. GDPR also requires certain enterprises to appoint a data protection officer at the C-level to ensure customers’ privacy.
GDPR sets precedence for other countries around the world to protect individual privacy in a hyper-connected world. What will this mean for enterprises in general?
Costs of complying to privacy laws
From an implementation standpoint enterprises will end up spending a lot more on compliance. A simple data breach in a GDPR compliant regime could cost enterprises 4 per cent of their gross revenues. For a company with $1 billion revenue this could mean a few millions in penalties. Compliance to data privacy laws will mean that enterprises will have to introduce more stringent data security measures that will mean more spends in terms of Information Security.
As enterprises will have to get into an ‘opt-in’ mode for customer information they will be required to tweak all customer facing applications to be compliant to privacy law requirements. Many companies that have already made investments in analytics software will have to spend more to make them compliant to privacy laws. A study by a leading international research consultancy of 300 CIOs on a global scale found that 60 per cent of them were spending $1 million on GDPR compliance and 12 per cent said their costs will be over $10 million.
It’s clear that compliance to privacy laws will bring in increased pressure on IT teams as they will have to tweak their applications and systems to meet the most demanding regulations of privacy laws.
Impact of privacy laws on reputation
In any regulatory regime driven by privacy laws, reputation will be of paramount importance. Companies will have to establish trust with their customers, as they will have to opt them in for sharing personal data. Today our personal information like phone numbers and addresses are being traded in the market and we get spammed a lot. GDPR places huge fines on companies that violate these laws. These fines could go up to 4 per cent of the enterprise’s gross revenues.
Will privacy laws prevent enterprises from taking advantage of new technologies to gain deep customer insights? We don’t think so. Privacy regulations like GDPR will make enterprises more responsible and they will be forced to build their reputation as the trusted guardians of customer data. They will still have access to customer insights as long as they can convince them that their data is secure and will be used in an ethical way to serve them with products and services.
Photograph: TheDigitalWay /Pixabay.com
