Data Privacy Newsletter: ‘Data Privacy’ Matters – July 2022
One of the silver linings over the dark clouds of the COVID-19 crisis is an unprecedented, expeditious and accelerated advancement in the technology space with a transformational shift in ways of doing business. The resultant technological disruption, coupled with ‘work from home’, fast evolving government and regulatory directions, and increasing pressures from the clients on strict adherence to state of art data security practices in this pandemic, organisations today are faced with a dynamic and most challenging task of data privacy. Businesses are exposed to various categories of data such as personally identifiable data (“Personal Data”) 1 , financial data, medical data and sensitive data. Data privacy is a central pillar for businesses, without which the foundation of business will be weak.
A. Data Privacy matters to your business – Why?
1. Data privacy is a legal necessity and no longer an optional practice
Data privacy is a legal requirement if you do not comply and work within the ambits of law you are exposed to litigation or action by regulators. Data privacy no longer earns you brownie points with clients rather the lack of data privacy is a deal-breaker. Yes, data privacy involves a cost of compliance but not complying can lead to penalties, fines, litigation, cancelling of contracts and government scrutiny.
Data protection regulations across the globe are witnessing major developments and restructuring. Globally, data protection laws have an extra-territorial jurisdiction, they require businesses accessing/processing Personal Data to adhere to the compliances, and develop and implement processes to safeguard such Personal Data. The General Data Protection Regulation (the “GDPR”) triggered an overhaul of global data protection laws. The GDPR introduced crippling fines to the tune of up to €20 million ($24.1 million) or 4% of annual global turnover (whichever is higher). Many countries including India are moving towards the GDPR-inspired legal framework.2 Data Privacy April 2021 Volume-3 I © 2021 LegaLogic I This newsletter is for informational purpose only and should not be treated as legal advice.
2. Implications of data breaches and security concerns
Data breaches and leaks are critical threats to business and revenue. According to an IBM report, the average cost of a data breach in 2020 is $3.86 million. Data breaches impact all organisations large or small and the loss of revenue for all organisations is significant. The cost of data breaches keeps on increasing based on various factors
- time and effort spent on dealing with data breaches,
- loss of critical data and suspension of critical IT services,
- lost opportunities due to loss of reputation, customer confidence, impact on valuations and investor relationships,
- compensation and penalties imposed by law,
- increasing vulnerability due to remote working environments.
3. Data privacy matters to your clients and has an impact on your reputation
A client would be confident in conducting business with organisations that recognise the value of Personal Data, accept the importance of data privacy, demonstrate that they have been diligent while sharing Personal Data with third parties, are transparent about their data privacy compliances and have included privacy practices as a part of their offerings. These days businesses are dependent on various external resources:
- Businesses may be using third-party platforms to display their offerings such as Amazon, Flipkart, Shopify
- Subscribe to email marketing tools
- Customer relationship management platforms such as Salesforce.
Interdependency between business organisations results in sharing of Personal Data. Data privacy is a major challenge where there is sharing and transfer of data. This demands having robust contractual obligations in place that require third parties to adhere to certain data security standards and practices that will safeguard businesses from any liability.
4. Data privacy is not a cost of compliance but an investment to grow your brand value and reduce losses
Investing in data privacy is inevitable, though it comes across as an increased burden on business and has a cost of compliance. However, data privacy can be viewed as an investment and has a positive impact on a business. A company’s approach to the implementation of data privacy makes the difference on whether the money spent will be a cost or an investment. Investments in data privacy can result in positive returns over time by:
- reducing sales delays
- reducing losses from data breaches
- creating efficient systems for data handling
- increasing trust among stakeholders and clients
- additional competitive edge and attracting investors.
B. Addressing data privacy issues and achieving data privacy compliance
Data privacy is now a prerequisite to survive in the market. How well you embrace data privacy will be one of the deciding factors for your success. Practical Data Privacy Checklist for businesses that will help any business assess their privacy compliance and take the first steps to achieve data privacy compliance.
1 Some examples of personal data are name, home address, phone number, identity information, location data, personal preferences, website cookie data, employee data, biometrics, data that is not directly identified but derived from profiling of individuals, medical information and history, etc.
2 Available at: https://www.legalogic.co.in/alertdetail.php?idProductitems=64 Last accessed on April 29, 2021.
3 Available at: https://www.thehindu.com/sci-tech/technology/how-much-does-a-databreach-cost-in-2020/article32452996.ece#:~:text=Photo%20Credit%3A%20Reuters- ,The%20report%20suggested%20the%20average%20total%20cost%20of%20a%20data,from %20%243.92%20million%20in%202019. Last accessed on April 29, 2021.
4 Available at: https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-databreach.html#:~:text=This%20include%20a%20combination%20of,bad%20publicity%2C%20a nd%20regulatory%20fines.
5 Available at: https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/2020-dataprivacy-cybersecurity-series-jan-2020.pdf Last accessed on April 29, 2021.