Data Privacy is no longer a compliance check box, but is rapidly evolving into a Revenue Driver
A fundamental shift in the Data Privacy landscape is underway
Data Privacy is no longer a compliance check box, but is rapidly evolving into a Revenue Driver as it dictates customer trust, competitive differentiation, customer acquisition and retention.
A few trends and statistics demonstrate this major shift:
Customers are becoming increasingly intentional about what types of data they share, with whom, and only for specific, relevant purposes; and they want a ready-to-view record of it.
According to a 2022 OpenText India survey, more than a quarter of consumers (27%) said they would no longer use or buy from a company they were previously loyal to if it failed to respond to a Data Subject Access Request (DSAR) — formal requests made by individuals to companies to modify, access, or delete their data.
Three in ten (31%) said they ****would no longer use or buy from a company if it shared their personal data with third parties for anything other than its specified purpose.
Customers are regularly inundated with news of high-profile consumer-data breaches dominating news cycles over the years such as:
The 2018 breach of 1.1 billion Indians’ AADHAR data, and
The 2019 Facebook breach that exposed the PII of 533 million users.
Customers (both existing and potential) now pay attention to:
A) How much importance organizations give to protecting their data, and
B) How well they communicate it.
A 2023 survey by Home Credit India found that 70% of the surveyed borrowers expressed the need for transparent communication regarding the usage of personal data.
A 2022 survey by Opentext in India concluded that 83% of consumers would be willing to pay more to use or buy from an organization that has explicitly committed to protecting personal data.
Certain industries matter more to customers: In a 2023 LocalCircles India survey, 69% of consumers held banks and financial services providers responsible for the breach of personal data. 75% said Telcos were responsible for the same.
There have also been multiple reports of the rise of Data Brokerage: the practice of buying, aggregating, selling, licensing, and sharing individuals’ data in an online marketplace.
Customers are now willing to pay for personal data visibility software (and some already are) to give themselves more control and visibility of their data like DeleteMe and Incogni which allows them to monitor and wipe their personal data from the internet.
2022 also saw a 72% increase in the total volume of Data Subject Requests (DSRs) compared to 2021, with deletion requests as a primary driver for the increase, according to Datagrail.
The Bottomline:
Consumers now evaluate a brandʼs reputation on data privacy in the same way as they judge more traditional factors such as the quality of product or service. Therefore, the cost of a data privacy failure will be felt directly on the revenue column and not just in the form of regulatory fines.
This is a significant challenge, given that a recent EY India survey revealed that 50% of the surveyed organizations are yet to acquire the required skill sets to implement the DPDP Act.
However, with the right guidance and capabilities, this is a huge competitive differentiation opportunity for those that can get Data Privacy right. Here’s what companies can do to achieve that:
- Formulate and lay out a transparent Data Privacy Policy that is not only compliant with the latest privacy regulations, but also explicitly communicates how the company collects/manages data at every stage of customer engagement and who it shares it with.
- Build an efficient consent management process and a live data inventory system in partnership with a trusted technology partner that has a deep understanding of how Privacy works. Acquiring and retaining customers is already an expensive endeavour, thus having clear consent management and the ability to respond to DSRs is of enormous consequence to revenue.
- Fortify your tech stack with a comprehensive Cyber Security strategy to prevent and respond to data breaches. If a serious data breach occurs, promptly report it to the relevant authorities such as the Data Protection Board in India. Prompt intimation not only prevents major regulatory fines, but also signals to the customer that you are transparent in your dealings with their data.
- Reassure customers that the misuse of their data would be prevented at all costs. This could be done using notices, media releases, and statements made my senior leadership in the news.
- Get accredited from third-parties/standards bodies that validate your practices and people (i.e. SOC/ISO2, PrivacyTrust Certification, CIPP, CIPM)
All in all, treating Data Privacy as a pejorative for compliance teams simply isn’t enough anymore.
Having a comprehensive data privacy and security strategy as well as managing the customer perception around it will be the holy grail in any data fiduciary’s quest for customer retention and acquisition to increase their top-line. Brands seen as guardians of personal data will not only safeguard themselves from legal repercussions, but see a measurable impact on revenue.
