Data Privacy: A Growth Opportunity for Businesses


According to a barometer carried out on the occasion of Data Privacy Day, 92% of respondents feel concerned about the protection of their personal data on the Internet. These concerns are ubiquitous, both for users and for the companies that deal with them. But what about the responsibility of the latter in this area: which department should assume responsibility? The product or legal teams? How can they work together to make it a data privacy guarantor company?

In companies, the protection of personal data is generally the responsibility of the legal department. According to a recent study, 27% of Data Protection Officers claim to be attached to the legal department. This is explained historically by the fact that regulations in this area emanate from several jurisdictions and interact with other legal obligations. Typically, product or security team functions, such as compliance officers, engineers, and product managers, are also present on data protection teams. However, this field is gradually emancipating itself by becoming a department in its own right in certain organizations. This is already the case for some major tech players who process large volumes of data, such as Apple and Google for example, which already have more than 30 members within their Privacy team. But overall, the whole company must be concerned and must grasp the notion of data confidentiality, from the manager to the quality engineer. The product and legal teams complement each other and bring different aspects and perspectives, but that responsibility lies with each. It is not only a legal field, but also a technical work, and should be considered as such.

This is where the DPO, the Data Protection Officer, comes in. Its role, as stipulated by the GDPR since 2018, is to ensure the company’s compliance with the regulations in force relating to personal data and to ensure the confidentiality of the data processed. Thus, the DPO allows teams to take advantage of data analysis to gain competitiveness without taking risks from a legal point of view.

The use of the Internet has changed a lot over the past 15 years, and Internet users are increasingly aware of the risks associated with their online activity. But legislators are struggling to follow the evolution of uses and generally react too late to put in place the measures required to regulate online activities. Companies are then faced with a dilemma: wait for the legislators or adopt the principles of Privacy by Design, established by the GDPR to ensure optimal protection of personal data from the design of a new technology. On the other hand, the authorities also have the possibility of imposing high fines to compensate for infringements committed for years, with the aim of encouraging companies to opt for Privacy by Design.

Respecting data confidentiality thus takes on a negative image, because it is perceived as an obligation, generating additional costs through fines or resources allocated to compliance, rather than as a strategy from which one can take advantage. Indeed, GDPR compliance is perceived as a constraint for 60% of respondents, and 34% say they have difficulty getting operational functions on board on these subjects. Indeed, the level of acculturation on these subjects is still too low.

The companies that seize it and see it as a business opportunity are still too few.

By considering privacy as a real investment, companies show their customers that their concerns are taken into account, and manage to gain their trust. But despite the desire of certain functions of the company to seize data protection as a competitive advantage, 28% say that the lack of access and listening to general management is an obstacle to the conduct of their missions. . This is why management support is crucial, so that the concept of confidentiality is put at the heart of the company’s strategies and its business objectives.

Finally, close collaboration must be established between the product teams and the DPO, or any person in charge of privacy, to discuss the changes and the training to be put in place so that the teams take ownership of the concept. The Data Protection Officer is not just another position in the company. With consideration from the company’s management and trades, he can support the company in its growth.

Slowly but surely, confidentiality is becoming a selling point with consumers and a competitive advantage in its own right, as the public is increasingly aware of these issues.





Source link -97