With or without data? That is not the question anymore. Successful innovations, from fintech, robotics, autonomous systems, machine learning, to other types of artificial intelligence, increasingly require vast amounts of data. The more qualitative data is gathered, the more you can improve your products and services, and consequently attract more customers. In turn, the more customers you can attract, the more data you can collect, effectively improving your innovation’s competitive edge. However, the privacy aspects are often overlooked when processing personal data, which is a shame. Besides the impact on customers, it will significantly diminish the value of your innovation and scare off investors, especially in the wake of the even stricter privacy rules and significant fines of the EU General Data Protection Regulation (GDPR).
Privacy awareness makes your innovation more valuable
As of 25 May 2018, the GDPR will directly be applicable, requiring many legal, technical and organizational changes on how to handle personal data. In view of these new rules, you should also start with investing in privacy from the commencement of your company. In the end, it pays off and is, therefore, a smart thing to do. From the investor’s point of view, if you are looking to invest in or purchase innovative startups, it is currently usually out-of-question that you should closely scrutinize the privacy compliance level first, and thereby the value of the data, in order to be able to achieve your objectives.
Awareness on privacy and security is increasing, unfortunately fueled also by increased threats. The recent WannaCry ransomware attack, which took valuable data of organizations hostage, was an example of a hard lesson. It showed that it is necessary to invest in protecting valuable assets. Companies are also increasingly faced with espionage by others looking to steal valuable data and intellectual property.
At the same time the number of publicized data breaches are increasing, and are often not caused by sophisticated attacks, but rather by human errors and lack of security, leading to (reputational) damages and even large class action law suits and settlements. In the Netherlands, companies are already obliged to notify serious data breaches to the data protection authority and impacted individuals. The even stricter data breach rules of the GDPR will arguable lead to even more notifications of data breaches that become public. Such incidents have an immediate impact on the value of your data and company. There are many examples of investors pulling out, and significant reductions in purchase prices due to such incidents.
The upside of privacy compliance: digital trust
Instead of just looking at the threats, it is even better to look at the positive side of why it is smart to invest in, and secure privacy compliance. In the first place, protecting privacy is the good thing to do. Just imagine how you would want other companies to handle your data. Secondly, the higher the confidence level of customers regarding privacy, the more willing those customers are to provide their data. Demonstrating good privacy practices can become a selling point, and prevent customers from shunning your company. Thirdly, privacy compliance is essential to fully exploit the value of your data. If privacy has not been taken into account when collecting the data, this could have as a result that the data may not be used to achieve your objectives.
Collecting personal data in breach of the privacy rules, may even lead to the situation that the data – on the order of the data protection authority – will have to be deleted altogether, making your analysis of the data worthless. Instead, if you make some investments in privacy from the start, for example building your app with privacy-by-design in mind, having good and clearly understandable privacy statements and obtaining valid consent tailored to your innovation and business interests where necessary, will help ensure that you can use the data to the fullest extent.
Level of privacy compliance maturity also essential for investors
From investors’ perspective, it is also crucial to take the privacy compliance maturity of a startup into account before making an investment. The same holds for larger companies looking to purchase innovations, data or technologies. Similarly, investors looking for an exit strategy should, during their investment, persuade and compel the startup to make and keep their data processing GDPR-proof. Otherwise, as an investor or larger company, it is likely that you will have to write off on your investment. It may also open you to significant liability, such as claims from individuals and sanctions imposed by supervisory authorities.
Becoming aware of the importance of privacy compliance is one thing, but how to implement the strict privacy rules may be another. Surely, with the assistance of dedicated privacy specialists both startups and investors can find their way through the difficult privacy requirements, and as a result they can pride themselves in making privacy compliance a catalyst for innovation.
Elisabeth Thole and Özer Zivali for Accenture Innovation Awards