Data privacy has grown in importance to the point that there are now several major regulatory structures globally: Europe’s GDPR, California’s CCPA and Australia’s Privacy Act to name but a few. Actually there are now over 100 jurisdictions with privacy regulations at various stages of maturity, and a number of them, such as the GDPR are extra-territorial.
That’s a whole range of jurisdictions and complexity facing multinational businesses, so the risk of doing something that is no problem under one jurisdiction but considered a data breach in another can be considerable. More significantly, privacy regulations do not operate in a vacuum - personal data is subject to many other regulations, some of which may take precedence in certain situations.
However, simply being compliant will not make a business successful. Other considerations such as competitiveness, ethics, social responsibility, cybersecurity etc are key drivers that will impact how businesses interact with personal data. In short, successful organisations need to facilitate a collaborative team effort across multiple functional areas - we refer to this as personal data governance.
Of course, you can only have effective collaboration if all the relevant stakeholders are working from the same trusted and up to date view of the personal data ecosystem so that they can synchronise their activities, whether that be compliance, cyber-security, transformation, customer experience or privacy.
Not just a question of ticking boxes
Most importantly, organisations need to understand that keeping up-to-date with your obligations is not a box-ticking exercise. When the UK’s ICO fined British Airways more than £183m for a data breach earlier this year, Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.”
As she notes, organisations are dealing with something that is deeply personal to their customers. That is why the business risk is about much more than the regulator - it is about reputation and duty of care to the individual. The 147 million people whose data was breached by the Equifax scandal are not going to be in any hurry to use Equifax’s services again.
Any business keen to determine the ROI of data governance need only look at the fines that breaches entail – and more relevantly, the costs of mitigating the breach, the reputational impact on other members of their data supply chain and the lost revenue of customers who go elsewhere because they no longer trust the company to keep their data safe. This is not a compliance issue, it is a commercial issue.
Trust and digital transformation
The result of all this is that Personal Data Governance has become a key strategic business challenge. Organisations need a single trusted view of their data so that they can operationalise their governance activities and remain competitive.
At a time when many companies are attempting to manage digital transformation, and deal with customers who are hungrier than ever for data-driven relationships, trust has become one of the most important factors in business. It will only grow in importance as a primary driver of revenue and has to sit at the core of any digital transformation strategy.
This is not something you do for the regulators to avoid big fines – it has to be something you do because it is vital to your business.
If you would like to know more about how trust-hub can help create a strategy for Personal Data Governance that goes beyond ticking boxes, please get in touch.