Privacy as a Business Practice: The Challenges

By Makarand Joshi, Area Vice President & Country Head, India Subcontinent, Citrix

In the few months after GDPR, most of us received a flurry of emails titled, “Here is an update to our privacy policy” from large companies like Facebook and Google to the forgotten local gym and old magazine subscriptions. Europe is resolute to become the world’s foremost data privacy watchdog and the General Data Protection Regulation (GDPR) is only the first step towards it. By far this is the strictest law which enforces people’s privacy since the advent of the internet. The law is so stringent that is it capable of killing off data-driven services, unless companies work towards building the much-needed trust with its customers.

The post-GDPR challenges

While the implementation deadline has come and gone, many Indian firms are still grappling with how GDPR affects their business operations.

In addition to the need to overcome the above misconceptions, there is also the worry that spending on GDPR may not be over just yet. According to a survey conducted by the International Association of Privacy Professionals (IAPP) and EY, members of the Fortune 500 will spend a combined $7.8 billion to ensure they are compliant with GDPR. Companies had been rushing to hire lawyers and consultants in addition to investing in new IT infrastructure and software to help prepare them for GDPR.

Makarand Joshi, Area Vice President & Country Head, India Subcontinent, Citrix

However, the journey to GDPR compliance is not a sprint - it’s a marathon that will continue for many months and years. Whether it’s educating their employees on compliance rules or even hiring data protection officers, companies will have to invest in ongoing resources to ensure that they are always GDPR-compliant. Some companies have even started building a GDPR budget which includes costs associated with IT, legal and cybersecurity.

What’s next?

There is no doubt that data is now the new currency in today’s digital economy and no data is more valuable than personal information. Think about being able to assume a person’s identity just by connecting few pieces of information from name, address and date of birth. And imagine the value of being able to collect, collate and sell such information.

GDPR is just the beginning to more data protection acts. More countries across the globe are beginning to realize the importance of data privacy and security. Closer home, a recent finding from EY suggests that 70% of their Indian respondents view data protection, privacy and compliance as growing areas of concern. However, we are making steady progress toward becoming a data secure nation with the introduction of the Sri Krishna Committee Report and the draft Personal Data Protection Bill for India.

In some ways, GDPR has served as a much-needed wake-up call for companies to handle its customers’ personal data with respect and care. Instead of seeing this as a burden, companies need to treat privacy as a practice that is as important as customer service - placing the needs of the customers first. Companies that focus on the interests of the individuals, which includes protecting their personal data, can gain a competitive edge when compared with competitors who have taken a more passive approach or even ignore their responsibilities to protect their customers.

Both privacy and security controls have now become the two key factors that customers are looking for before making any purchasing decisions, be it for something as important as creating a new bank account or signing up for a new gym membership. Being able to show that your company can use data in responsible ways can establish trust with your customers and ultimately, bring additional values to your business. At the end of the day, the opportunity is there for companies to change its mindset about privacy and those who can seize the opportunity will win.