Privacy as a marketing tool for your business
Privacy compliance is often perceived as a ‘legal hassle’, ‘money-burner’ of ‘necessary evil’. But is that true? I want to challenge this. There is so much focus on penalties, and too little attention on the benefits of privacy compliance. But did you know that companies that invest in privacy, get better business results and benefit from those investments? Could Privacy actually be a marketing tool for your business?
GDPR as a ‘necessary evil’
My bet is that most companies would rather prefer to avoid the GDPR altogether. I often receive the question: does my company really need to comply with the GDPR, even if I am not a large company such as Google, Facebook or Uber? The answer is: yes. Regardless of your business, sector or customer group (B2C or B2B), there is a big chance that the GDPR applies to your company, whether you like it or not.
According to a global study of Cisco (2019 Data Privacy Benchmark Study, ‘Maximizing the value of your data privacy investments’) performed amongst 3200 security professionals in 18 countries, and across all major industries and geographic regions, only 3% of the respondents did not believe that GDPR applied to them. That is 96 respondents out of 3200, which is still a high number, for international companies.
The GDPR applies to all organizations that are located in the European Union (EU), or that process personal data of individuals in the EU. These ‘individuals’ may not only be your customers, but also your employees, suppliers or business partners. The GDPR also applies directly to your business if you offer your products or services in the EU (even if you did not sell anything in the EU). That means that most companies that operate internationally will have to deal with the GDPR anyway. This means that the same principles apply to all companies, although the size and focus of the GDPR efforts varies per sector and business. It is no wonder that the GDPR is seen as a ‘necessary evil’. But what if you could turn Privacy into a business benefit?
The ROI of Privacy
There are already many articles about the potential high penalties under the GDPR, which can lead up to 20 million Euros or 4% of the worldwide turnover, whichever is higher. But should you only comply with the GDPR because of the high penalties? My answer is: no.
From my experience, using the threat of potential penalties can be effective to grab the attention initially, but too much focus on penalties can lead to ‘GDPR fatigue’. Or worse, it can have a counterproductive effect. It could lead to a simple ‘risk calculation’, like: ‘What is the risk that we will actually get a penalty?’ This does not seem a sustainable strategy. It is more effective to point out the benefits of privacy investments.
Benefits of privacy investments
According to the same Cisco study, there is a direct link between good privacy and business benefits.
These business benefits consist of:
- Organizations that invested in their privacy compliance experience shorter sales cycles, by addressing customers’ data privacy concerns more efficiently and effectively, compared to other companies;
- Strong privacy compliance increases customer trust;
- GDPR-ready organizations experience fewer data breaches, because they invest in awareness and data breach prevention;
- When data breaches did occur, fewer data records were impacted, and system down-time was shorter (because they invested in system resilience and adequate back-ups);
- As a result, the total cost of data breaches was lower than other organizations who were not GDPR-ready.
These benefits can give your business a more competitive edge, lower your (potential) losses and can even increase your company value (investors look into privacy as well!). This should be a compelling reason for companies to invest further in privacy.
But there is one more obstacle that is stopping many businesses from investing in privacy: the perceived costs of privacy compliance.
Privacy should be within everyone’s reach
The legal principles of the GDPR are not entirely new (we had a Privacy directive and law many years before the GDPR), and the GDPR mostly contains the same principles as before, and that apply to everyone. Privacy is one of the basic rights in the EU Charter of Fundamental Rights.
Nonetheless, there is a common misconception that privacy is something ‘very complicated’. Because of this misconception, many small and medium-sized companies (SMEs), think that privacy is very expensive and only something for large companies that can afford to hire lawyers, and avoid privacy compliance altogether.
However, the opposite is actually true: because privacy is a basic fundamental right that applies for everyone, privacy should be within everyone’s reach. And who says that Privacy should be expensive? Although it is recommended to hire privacy lawyers in certain situations, there are already many online tools and guidance available, to get your business started with the GDPR and get your privacy basics right.