2019 has started with a data privacy bang. The French National Data Protection Commission (CNIL) has fined Google around $57 million for privacy violations under the GDPR. The ruling was based on non-compliance with consent to process data as outlined in the General Data Protection Regulation (GDPR). Discover why Data privacy is the fundamental right of us all.
Although Google may appeal the decisions, the company looks set to be the first in a long line of companies who face the GDPR guillotine. Privacy group None of Your Business (noyb), who are behind the complaints made against Google to CNIL, have also set out ten test cases showing violations against Article 15 of the GDPR. The year 2019 looks set to be the year that data privacy came home to roost.
The question remains: Is data privacy just a hassle, a compliance tick box exercise that benefits no one except the data protection agencies?
Disclaimer: This blog article was written by our compliance experts for general information and does not claim to provide legal advice. To understand the full context of your organization, please consult with a privacy compliance and/or legal professional.
Data privacy is the fundamental right of us all, but what is it and is it of any real value to the business as well as the customer? Headlines point out the fines applied to big name organizations when they disregard data protection laws.
Data privacy is part of something much bigger – it is part of building trust and in turn relationships. When data privacy is not respected, you end up with data breaches like the massive “Collection #1” which exposed around 773 million personal data records to the world of the cybercriminal. Data breaches and data privacy are part of a complex web of inter-relationships between services and people.
In this article, we will look at both sides of the data privacy coin, where it impacts the company and where it hurts the individual. Data privacy, in a digital world built on data, has to be pivotal to all that we do – doesn’t it?
We have seen the fines when data privacy laws like GDPR are violated, and no doubt there will be many more to come – but what else happens when data privacy is not respected? We’ve gathered 9 reasons why data privacy is important for today’s businesses.
Data privacy is so much more than encrypting data. Privacy is about user control and choice.
The GDPR places the ethos of “consent” as a central pivot of the lawful reasons for processing personal data. Consent is not just about ticking an “I agree to share” tick box. When you design a system with privacy as a remit, you design for your customers.
This shows in the way that you create interactions with those customers. The Privacy by Design (PbD) ethos sets a stage for better relationships. When you omit to use PbD the results cut across many aspects of the business, including:
Related Post: GDPR: Privacy by Design
If you don’t take care of your customers’ data, those customers pay you back by walking away. This alone is proof that data privacy equates to good relationships.
If you don’t take care of your customers’ data, those customers pay you back by walking away. This alone is proof that data privacy equates to good relationships.
A study by Ponemon on “The Impact of Data Breaches on Reputation and Share Value” found that 65 percent of customers lost trust in a company that maliciously or accidentally exposed their personal data. The data privacy penny has dropped, and customers demand respect for their data. A study by Privitar found that 78 percent of customers feel “violated” if a company does not protect their privacy. A full 68 percent would stop using the service if they did not use adequate measures to protect personal data.
Share prices are the first to hit the fan when a breach happens.
However, fines around privacy violations can also add salt to the wound. Comparitech, performed an analysis on 24 companies to see how data breaches affected share price. They found an average drop in share price of 2.89% within 14-days of a data breach. Also, higher share price drops hit companies that had exposures of highly sensitive data, such as financial information. Lastly, the negative impact on share price from a data breach continued for an average duration of about 6 months after the data leak.
We have already seen the levels of fines starting to come in since the GDPR was enacted. Meeting the requirements of data privacy and protection regulations is becoming more complicated and costlier, and this is in addition to any fines that may ultimately be issued for non-compliance.
Estimates of between $390-520 per employee to implement GDPR have been calculated. But if you don’t implement the requirements of data privacy laws like GDPR or the California Consumer Privacy Act (CCPA) then you will be fined.
Related Post: GDPR Compliance and Data Privacy
Ultimately, if customers are unhappy and share prices drop, sackings will follow. When the Equifax data breach of 2018 unfolded, as well as the approximate $275 million cost of the hack, the CSO and CIO both resigned.
Related Post: How to Succeed in Your First 100 Days as CISO
The loss of privacy costs a company a lot of money and has seriously detrimental effects on reputation. Data privacy is not just a technical term, it is a personal stance. Your customers lose out big time when you do not respect their privacy.
Identity theft has been at record levels for several years now. Javelin Research found that in 2017, 16.3 million U.S. customers had their identity stolen as a cumulative loss to themselves of almost $17 billion.
We all want to live in a world where we feel free to be ourselves.
Privacy of our data is central to this ethos. This is being reflected in calls by organizations like the EU’s Horizon 2020 NGI_Trust project which is looking to fund work in the area of privacy, security, and surveillance.
The fundamental right to privacy by an individual is a win-win. By applying this right in the design, development, and use case modeling of your services and platforms you build in trust.
Our world is based on relationships. Some are good, some bad. All are built upon trust to one degree or another.
In the digital world, we need to translate the real-world trust that we develop over time into online experiences. Data privacy is part of this relationship building exercise, but data privacy is about respect as much as it is about data protection.
The security and privacy of personal data, whatever form and type it takes, must become part of wider governance of any organization of any size. This, then, is translated across a wider remit of trust and mutual trust drives good relationships.
The old adage “the customer knows best” has met its digital equivalent in the form of personal data privacy. The customer wants you to be respectful towards their data. This respect will be reciprocated in brand loyalty. Being privacy respectful truly is a good thing for everyone.
Want to learn more about data privacy and how you can meet your privacy obligations in your organization?
Watch our webinar “Level of privacy compliance - How to measure ? (2022)
