Ann-Maree Blake, Partner
On face value, while most businesses will be aware of the legal reasons to adhere to data protection and privacy regulations, they may not see the financial or commercial benefits. These have traditionally been seen as matters of necessity allied to a desire to avoid financial penalties due to non-compliance. In 2021, times have changed and investing in data protection and privacy compliance now confers huge competitive and commercial advantages.
Data protection and privacy investment is no longer seen as pure cost
According to a benchmark data privacy report by network technology specialists Cisco in 2020, the returns being seen by businesses worldwide on their investment in data protection and privacy are significant; the report found:
- Most organisations surveyed are seeing extremely positive returns on their privacy investments, with around 40% reporting a return of at least twice the amount invested.
- More than 70% of businesses say they are now gaining significant business benefits from their investment in data privacy, including improved operational efficiency, agility, and innovation.
- According to the businesses surveyed, 82% said that privacy certifications such as ISO 27701 and Privacy Shield are a genuine buying factor when selecting a product or vendor.
- For every one pound invested in data privacy, businesses are now seeing around £2.70 worth of improvements to their data loss mitigation, agility, innovation, customer loyalty and other key areas.
Adding all of these factors together, it is easy to see that making careful and strategic investments in data and privacy processes and systems can likely confer a competitive advantage over those businesses that are not taking these matters as seriously.
Business decisions are increasingly based on data protection and privacy compliance
In a time when most organisations lacked an understanding of GDPR and data privacy matters, business decisions (such as purchases, investment, merger/acquisition decisions) were not centred around the compliance of other businesses. This is now very different. When purchasing products such as software technology solutions, prospective customers want to understand the type of data stored in software, how it is held, how long for it, and where it is transferred to. Software technology vendors who don’t understand GDPR to the extent of their customers will be discounted in favour of those who do. According to the Cisco survey mentioned above, sales delays related to customer privacy concerns have been rising over the past three years. They report that whereas in 2018, 65% of businesses were reporting sales delays, for this reason, this is now 87%, due in large part to the enforcement of GDPR. As such, businesses need to understand not just how data privacy and protection is important for their own operations; they also need to be extremely clear about how this affects their potential client base.
This issue impacts more than just IT businesses. Law firms that handle vast amounts of data for clients using e-Discovery need to be able to show that they are fully compliant with all data privacy and protection regulations and that the data they have been entrusted with screening is in safe hands.
GDPR compliance is essential for investment
When the Information Commissioner’s Office (ICO) is issuing fines in the hundreds of millions (as was the case with the £183m fine of British Airways in 2019), it is entirely understandable that investors in businesses will want to see evidence of robust data law compliance before parting with their investment, whether in an existing enterprise or a start-up. This is confirmed by the Cisco study, which confirms that firms investing in data privacy and protection are reaping rewards in terms of their attractiveness to potential investors. This is further backed up by EU-Startups.com, which states, “GDPR has a profound impact on how most organisations operate and has radically changed how start-ups receive investment. Investors want to find out if the premises of the start-up breaches GDPR and, crucially, if GDPR will impact customer behaviour considering the start-up’s business model and affect its viability… Start-ups must see GDPR compliance as part of their business strategy and a way of generating trust with investors in their business models to attract further investment”.
Final words
In the age of COVID-19, organisations are also becoming increasingly aware of the importance of investing in data protection and privacy due to the changing trend of working from home. When businesses were mainly office-centric, it was easier to keep control of data; this is much less so when staff are based in their own homes across the country.
Ultimately, data protection and privacy are no longer seen from the perspective of cost; it now confers significant competitive advantage given that it is a primary factor behind sale and investment decisions. GDPR compliance can also have unexpected and unintended consequences due to the downstream effects of digital transformation and effective data management. This is because improved data management efficiency leads to a better customer experience, more effective risk management, a higher quality of data, which leads to improved marketing and even better cybersecurity. As such, it is a win-win for all concerned.
To find out how we can help you with data protection and privacy law matters, please contact Ann-Maree Blake (ablake@quastels.com), Partner in our Corporate/Commercial Team who specialises in Data Protection & Privacy.
Please note – this article does not constitute legal advice.
