A recent KPMG study, surveying 2,000 adults and 250 business leaders in the USA, reveals fascinating – and worrying – insights into how corporate data practices and consumer expectations are shifting.
Let’s look at some key findings.
The executives surveyed were clearly not comfortable with the status quo:
Of course, this is not good for individuals but it also suggests a high degree of stress for staff at these entities responsible for, and reporting on, compliance. At a human level, this is clearly a suboptimal situation for all concerned.
But these organisations are missing out – Privacy compliance doesn’t hamper revenue and profit, it grows it.
It’s the first time we’ve seen statistics like these on the level of awareness executives have around the ethics – and perhaps legality – of their personal data processing. So Keepabl reached out to Orson Lucas at KPMG US. Orson is a Principal, Advisory, and the Privacy Services Leader who produced the August 2021 report Bridging the Trust Chasm.
We discussed the survey results and asked Orson for his expert view on whether organisations can improve their compliance culture and eradicate this unethical behaviour without jeopardising revenue and profit?
Orson’s response couldn’t be clearer:
‘Absolutely – in fact, this should be the primary goal of a well-conceived privacy program. But culture is the key word: it’s incumbent on board and executive leadership to establish and enforce a culture grounded in respect for consumer privacy rights.’
Orson continued (our emphasis), ‘Doing the right thing, for the right reasons, is ultimately good business sense and will not only not jeopardize, but will contribute to increased revenue and profit. But to be successful, it will require some forethought and planning (and likely, investment) to build the right capabilities and set the right cultural tone’.
There’s a lot of data out there to back up Orson’s statement.
Cisco’s 2021 Data Privacy BenchMark Study confirmed for the second year running that return on Privacy spend is attractive, with 35% reporting benefits at least 2X and 7% even getting 5X or more than their investment.
And importantly, these benefits hit key areas where all businesses should want to win, with Cisco reporting that ‘more than two-thirds of respondents felt they were getting significant benefit [in 6 key areas, see the image below] … up significantly from around 40% from the year before’:
Who doesn’t want to reduce sales delays, mitigate security losses, enable innovation, achieve operational efficiency, build trust and make their company more attractive?
And reducing regulatory risk seems a good idea that will only get better over time…
Late July 2021 saw Amazon fined $887m by the Luxembourg Data Protection Authority. According to Amazon, the fine related to how they show customers relevant advertising. It’s a huge sum.
As was the €225m fine on WhatsApp by the Irish regulator, a record sum from Ireland, for lack of transparency in the Privacy Notice provided to users. The fine was also a large increase on the regulator’s reported initial proposal of €30-50m, which the other European regulators strongly felt was far too low.
While these huge fines are likely to be appealed, they show a clear direction in enforcement for breach of any aspect of GDPR – neither of these were concerned with Security for example.
That’s a big statement, we know. But you can see in our case studies that our customers not only save organisations time, cost and stress on Privacy compliance, our solution helps assess and manage risks and handle breaches, makes compliance more efficient, and provides valuable insights – important when you’re looking to change culture. Do contact us to see what we can do for you.
The Schrems II decision came out nearly 2 years ago, on 16 July 2020. Given the enormous data flows from the EEA and UK to the USA, and many unanswered…