On May 25, 2018, the General Data Protection Regulation (GDPR) will enforce the biggest overhaul in data protection the European Union has seen in over 20 years. The new laws will apply to every organization that processes personal data within the EU and every business that sells goods or services to its citizens. The increasing importance of integrating security and privacy into a business strategy means GDPR can provide an effective Unified Communications framework – even for American companies that don’t operate in European markets. Preparing your UC strategy to incorporate GDPR protocols can provide important benefits – and protections – for your organization. Here’s why:
Most data breaches affect U.S. companies
The primary objectives of GDPR are to give EU citizens more control over how organizations collect, protect and use their personal data. The regulations will also force organizations to report any breach of personal data that affects consumers’ rights and freedoms within 72 hours. If these parameters are not met, business could face fines of up to $24 million or 4 percent of their global turnover.
Digital security provider Gemalto recently did the math and revealed that over 9 billion data records have been “lost, stolen or compromised” since 2013. Additionally, the latest Breach Level Index reported 918 data breaches in the first half of 2017, 801 of which affected U.S. organizations. By comparison, the UK, the country with the second most breaches, only had 40.
In short, most security breaches affect U.S. companies and citizens. Despite this, there is currently no single, unifying law that regulates the collection and use of personal data, only separate state and federal laws that can sometimes contradict one another. But with the number of data breaches only set to increase, there’s never been a greater need for stricter data privacy laws like GDPR that help make people’s personal information safer.
Reputational damage costs money
In addition to giving consumers greater control over how their personal data is used, GDPR will seek to reduce the amount of personal data that companies collect by default. As a result, businesses will need to adopt “privacy by design” into all processes and services to comply. They also must be able to demonstrate that suitable data protection measures are not only in place, but also being continually monitored.
Deloitte recently identified 14 business impacts of a cyberattack. The accounting giant argues that the true cost of many data leaks is hard to measure because “above the surface” impacts dominate valuations. While the cost of breach notifications and regulatory fines are easier to measure, factors such as lost value from customer relationships and intellectual property are harder to place a value on. Therefore, Deloitte believes that 90 percent of a cyberattack’s impact is impossible to measure.
Even with the difficulty of assessing the actual cost of data leaks, the estimates that exist do not make good reading. NewVoiceMedia’s research estimates that businesses lose $62 billion a year due to damaged customer relationships, and Centrify’s report calculates that immediately after revealing a data breach, companies experience an average stock price decline of 5 percent.
Considering the potential tangible and intangible costs of a cyberattack, the benefits of building GDPR-strength privacy protection into all processes become clear.
Trust builds positive customer perceptions
Nine out of ten businesses still haven’t made crucial updates to their privacy policies ahead of GDPR, according to a recent UK survey. In isolation, this stat makes it possible to assume that British businesses see the new laws as more hinderance than help. However, by viewing GDPR as an opportunity to drive best practice in data integrity, the regulations present forward-thinking companies with a great chance to improve customer trust levels.
Last year, the Heartbleed and WannaCry cyberattacks compromised the personal data of businesses all over the world. At the same time, Uber, Yahoo and Equifax – companies used by millions of people – have admitted to being breached by huge hacks. In our interconnected world, no business exists in a bubble where they can afford to neglect their responsibility to keep customer data safe and secure.
Organizations that handle personal data will be under more scrutiny than ever before. People are now more aware of how companies use their data, and consumers are demanding more robust and transparent data handling processes. In this context, becoming GDPR compliant, creating privacy controls and adopting good data security practices will help to breed trust in customers.
GDPR represents a fantastic opportunity for U.S. organizations to review their data protection policies. By adopting key concepts such as privacy by design, data transparency and confidentiality into your Unified Communications strategy, organizations can create a competitive advantage over businesses that don’t. The time between now and May 28 provides a great opportunity to update your UC strategy to help you manage all the forthcoming implications of GDPR compliance a lot smoother.
In highly competitive markets, where customer service is now a crucial differentiator, adhering to the principals of GDPR will build trust with consumers and ultimately drive more sales.
By Ashley Unitt, NewVoiceMedia Chief Scientist
Powered by WPeMatico