The Sunny Side of Privacy Laws and Compliance Mandates
Enterprises are faced with a growing onslaught of data and increasing data privacy regulations. Those regulations include the General Data Protection Regulation (GDPR), which regulators began enforcing in May 2018.
These businesses often see protecting data from misuse and abuse as a procedural chore and financial burden. Some organizations even look at data privacy regulation as a legal nightmare.
Such organizations often respond by throwing resources at the problem. That may involve appointing a chief data officer (CDO) and other professionals to enact and enforce restrictive policies, while bracing for costly non-compliance fines at the same time.
But rather than seeing data privacy initiatives as a necessary evil, organizations should look at them as an opportunity for positive change. Data privacy efforts can be valuable in enabling businesses to build trusted relationships with their customers.
In a world in which customer experience is paramount but distrust and misinformation are rampant, there’s no better time for organizations to have a 360-degree view of their data.
Acknowledging the Challenge
Data privacy legislation exists in many markets. And more regulation in this arena is coming.
The biggest so far is the European Union’s GDPR. It compels all companies that touch EU residents’ data to maintain highly restrictive practices with regard to personal data.
Most enterprises have changed business practices and allocated the necessary resources to ensure GDPR compliance. Some of those that didn’t have been hit with big penalties. But what is most important to know about GDPR is that in an environment with ever-increasing data volumes, this law is based on the foundational belief that the consumer controls private data.
Meanwhile, the first major data privacy law in U.S. is the California Consumer Privacy Act (CCPA), which took effect on January 1 of this year. With CCPA’s enforcement date looming in July (with seemingly no delay despite the global pandemic), other U.S. states are also considering their own versions. There may also soon even be a national standard. This genie is not going back into the bottle.
Other government mandates reflect similar priorities. For example, the Foundations for Evidence-Based Policymaking Act (FEPA) passed in 2019 with the backing of respected data advocacy groups. One aspect of FEPA – the Open, Public, Electronic and Necessary (OPEN) Government Data Act – calls on agencies to designate a non-partisan CDO and nudge the federal government into using data to guide policy decisions.
Considering the Opportunity
Can all this really benefit the bottom line?
It’s too soon to tell with CCPA. But we do have findings on GDPR.
The Deloitte “A New Era for Privacy: GDPR Six Months On,” based on a May 2018 survey of consumers and organizations, showed that compliance can lead to greater trust:
- 67% of respondents said being able to control their personal data easily has an impact on the level of trust they have in an organization. And just more than half (51%) said they felt GDPR gave them more control of their personal data.
- 44% of respondents said they believe organizations care more about their customers’ privacy following the implementation of GDPR than they did before it. That held true regardless of whether respondents were within or outside of the European Union.
- 26% said they feel that organizations have fundamentally changed the way they handle personal data in their efforts to address GDPR compliance.
This indicates there is an opportunity for businesses to change consumer perceptions. When there’s more trust, there’s greater willingness by customers to share data, which drives targeted marketing and other initiatives that benefit both businesses and consumers.
Engaging the Executive Suite
However, none of this will happen without executive engagement. That’s why interest in CDOs is both heartening and deceptive.
We’ve gone from a handful of CDOs in large enterprises in 2010 to more than 10,000 today. But should they primarily manage compliance and security? Or should they focus on enabling authorized access to relevant data to drive collaboration and deliver value?
No CDO or other data-sensitive executive has the luxury of doing only one or the other. It’s also ridiculous to assume that data can be leveraged exclusively by the CDO. That’s like believing that only the CFO needs to be financially responsible or that the CTO alone is tech-savvy.
Legal and compliance executives will create perimeters for authorized access. When the data is at rest (as in the data lake) or in motion (as in business applications), the CISO or CRO are critical guardrails. There are multiple technologies involved, which means the CTO and CIO have big roles. The CFO will authorize data-related initiatives and track boosts to the bottom line. And line-of-business executives will use the data comprehensively to make critical decisions.
The true goal is data intelligence, an elevated state through which data is trusted and shared by all authorized users to enable digital transformation. It’s not enough for a few executives to become data-savvy. Every member of the C-suite must be informed and engaged in cloud initiatives, analytics and data-driven decision-making.
If in-house data keeps growing in volume and business potential but remain a footnote on board members’ decks, that information is a wasted strategic opportunity. It also leaves room for competitors to step in and take market share.
Regulatory mandates can be onerous. But if compliance requires massive changes, it indicates that business processes are lacking. Consumer data privacy should be an ethical priority for businesses instead of just a regulatory requirement. Using data the right way to drive operational decisions pays big dividends in earning customer trust and driving repeat business.
About the author: Stan Christiaens is co-founder and CTO of Collibra, the data intelligence company that accelerates trusted business outcomes by connecting the right data, insights and algorithms to all data citizens.