By: Silindile Mbuli, Legal Counsel for Africa at Refinitiv
In the last few years alone, we have seen a significant increase in the amount of data consumed globally.
For instance, studies show that people generate about 2.5 quintillion bytes of data every day, and there is currently about 2.7 zettabytes of data in the digital universe. In Africa, Nigeria, Kenya and South Africa online users are amongst the top 5 in the world that are most concerned about their online privacy. Data and privacy are one of the most important has aspects of modern-day life. For that reason alone, for companies to stay competitive in the digital era, data protection should be one of the top priorities for any company.
Ensuring privacy of customers is respected, and their data is held safe, is the minimum individuals will expect from companies they deal with, or invest money in.
The majority of Africa’s growing digital economy is made up of small to medium-sized businesses. Many of these businesses wrongly assume they are too small to be on the radar of a data breach. The truth is that it is all about the data, not about the size of your business. Therefore, it is imperative that businesses of all sizes need to understand the importance of protecting the data they hold. A major data breach occurs almost every day, with some breaches not being discovered until days, months, or even years after the fact. Headlines about, and clumsy responses to, a data breach, can destroy in days the trust built up over a decade with customers.
Increasingly, given the global nature of the data we hold, companies facing a data breach will need to liaise with multiple law enforcement and data protection authorities. Affected customers may need to be assisted and compensated, investigating the incident is both costly and time consuming, a breach may impact share prices, fines or other regulatory actions may be imposed – and there is still the issue of dealing with damage to reputation. The loss of customer trust has serious consequences for companies with IBM Security and Ponemon Institute estimating that about 36% of the total cost of a data breach is attributed to lost business.
While complying with privacy laws may seem like a cumbersome, time-consuming, and costly effort, it actually provides companies with significant advantages. Investing in a privacy compliance program can increase revenue generated from sales, strengthen your company’s data management processes, set your company apart from its competition, make it more attractive to investors, create greater capacity for flexibility and innovation, and ultimately build trust.
Some examples from the Cisco 2019 Data Privacy Benchmark Study of how you can stay ahead of your competition while also prioritizing privacy of individuals through data protection include:
- shifting focus away from monetizing user data which has the advantage of saving costs associated with data processing and storage;
- actively promoting privacy as a product feature and not having personalised advertising that requires analysing user data;
- focusing on training your employees (including senior management) to make sure rules around data protection are fully understood across all areas of the business;
- introduce alternative business models that promote innovation and respect the privacy of individuals;
- improve your data management processes. According to Forbes, by knowing precisely what sensitive information they hold companies can showcase their responsible approach and transparency, be able to identify and remove excess information, retain a database with relevant leads and customers thereby improving their data management;
- strengthen your data security. The South African Protection of Personal Information Act, for example, requires responsible parties to take appropriate technical and organizational measures to prevent loss of, damage, or unlawful access to, personal information. These measures are likely to help organisations reduce the overall impact of a data breach and strengthen customer trust.
These examples highlight the need for organisations to undergo changes not only to comply with privacy laws, but also to maximise the benefits of their privacy investments. Adequate data governance builds trust. It safeguards the reputation of your business, establishing you as a brand that people can trust with their data.