Quite often there is the question raised by stakeholders about the return on investment for data privacy implementation. There is so much one can present with this. I’ve been in meetings where privacy ROI was questioned. In this article, I intend to summarise those answers for those stakeholders that still doubt the incredible return an organisation can gain from investing in a data privacy framework.
When organisations start their data privacy programmes, they usually think solely from the avoidance of regulatory fines and compensations. As one stakeholder mentioned in one workshop, why should we need to worry about these regulations when they keep changing and the only thing we keep hearing about is the fines. But these kinds of stakeholders exist sadly and fail to see the big picture.
First, when an organisation understands the privacy risks embedded in the whole business processes within the organisation; using a risk-based approach, it can begin to mitigate those identified risks and eliminate any risk that can put the revenue of the company at risk.
More importantly, when dealing with various vendors, the data privacy programmes would help companies identify various vendors handling critical data and help them input the right auditing framework.
One key thing that stakeholders must consider is the vision and mission of the company. As an organisation, if for example, your vision is to “Do no Evil”, then by all measures, all your processes would have to be transparent and void of any approach that would ring of any evil feature. Therefore, the company should align the ROI metrics with the key objectives of this critical message. In most cases, stakeholders overlook their mission statement when building the privacy programme. Merging these two can make stakeholders see the bigger picture.
Another ROI that implementing privacy programmes can work on is to establish targets and find improvement opportunities. A particular company wants to collect certain information for a particular business process but upon analysis, the developers argue that the project can be achieved with lesser data, and this will enhance the security of the process and minimise man hours in completion of the job. Thanks to the privacy analysis carried out before the commencement of that project they could see the risks and tease out other beneficial features.
For any data privacy protection programme to be effective, there are three main considerations that organisations need to pay attention to, and these are people, process, and technology. The major feature is the people here. A company, as they say, is only as good as its people or in order words, people make the machine work. So, one important element of the ROI in investing in data privacy programmes is that the people in the business learn skills that not only enhance them but also begin to align with the missions and visions of the business. A robust privacy programme will enhance those three features but will shine critical light on the people factor.
There is no privacy programme implementation without its own ROI. Stakeholders need to align it with their mission and vision, and it would present itself in various ways.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: firstname.lastname@example.org