Data privacy can be a game-changer for customer loyalty in the digital world

Early January 2021, Facebook-owned WhatsApp, one of the most popular messaging services, alerted its users that they were updating their privacy policy. WhatsApp indicated that it reserved the right to share user data collected from its parent company, Facebook. This led to a severe backlash and triggered a huge migration of users to other platforms, such as Telegram and Signal. In the next few days, Signal became one of the most heavily downloaded apps on Google Play Store and the Apple Store. Alarmed by the adverse reaction, Facebook postponed its decision to adopt this policy to later in the year. The WhatsApp incident is a prime example of the significant importance that users today place on their digital privacy.

New realities

With organisations adopting digital strategies, each enterprise is treading a fine line between respecting consumers' rights and using data for a business's benefit. Depending on the use case, privacy templates are now being redefined. In the current Indian context, citizens are concerned that the Arogya Setu contact tracing app and the Aadhaar card are putting their personal data at risk. In the pre-pandemic era, contact tracing apps would appear to violate personal privacy. Today, these apps have become an integral part of our lives and are seen as a critical function to rapidly track and notify individuals who have come into contact with someone that has tested positive for Covid-19 in a bid to reduce infection-related risks.

The Covid-19 pandemic has accelerated the creation of large remote workforces, and many companies are using employee monitoring software to keep tabs on productivity. This has blurred the lines between what is and is not permissible. In addition, employees as well as users are now more aware of the implications of privacy and are increasingly asking questions on how their data is going to be used. The combination of a distributed workforce and the use of both corporate-owned and personal devices for work purposes also leads to significant challenges when it comes to managing data privacy.

Additionally, with government authorities in the process of streamlining data privacy laws, more organisations are getting prepared to comply. However, this is no easy feat, as data can be dispersed across an organisation, and businesses need to understand how privacy can be managed holistically.

For any enterprise, there are many regulations to follow, especially if the enterprise belongs to a regulated sector such as banking, healthcare, or insurance. This has massive implications from a data privacy perspective. This is also compounded by the fact that every major organisation is grappling with a huge deluge of data.

The India perspective

Indians too have started taking protection of their personal data seriously. A recent survey by OpenText revealed that 84% of Indian consumers would pay more to do business with an organisation that is committed to protecting their data privacy – surpassing UK (49%), Germany (41%), Spain (36%), and France (17%).

The survey, conducted amongst 6,000 Indian respondents, highlights the growing concern around the capability of organisations to manage personal data and keep it secure. The survey findings revealed that 24% do not trust the ability of third-party organisations to keep their personal information safe or private. The survey results depict the sentiments of Indians at a time when the country is rapidly going digital. India is making steady progress on its Personal Data Protection Bill. Despite a number of amendments yet to be finalized, the Bill is expected to be made accessible for discussion and stakeholder input once the updated adaptation is uploaded to the government's website.

While awareness is growing, it is still at a nascent stage. With more Indians downloading apps, the issues around data privacy are becoming bigger. For example, while a majority (78%) of Indian consumers broadly know how many organisations use, store or have access to their personal data (e.g., email address, contact number, bank details, etc.), 22% still “don't have a clue” about it. Additionally, three in ten Indians (30%) say they only have a vague idea of the laws that protect their personal data – compared to the UK (36%), Germany (32%), Spain (40%), and France (30%). The majority of Indians (61%) confirm that they are very aware of these regulations. 31% of the respondents have said that they would proactively get in touch with an organisation to see how it is using their personal data or to check if it is being stored in a compliant manner. Almost half of the respondents (48%) have already done so at least once.

Compliance is the key

Gartner estimates that more than 60 jurisdictions around the world have created or amended their data privacy laws, following the European Union's introduction of the General Data Protection Regulation (GDPR) in 2018.

Enterprises must ensure that their data privacy solutions can scale appropriately to manage the huge volumes of data being created. Being compliant also helps in establishing a company's reputation to use data respectfully in line with ethical standards. Enterprises should continuously look to establish data governance policies to ensure that their organisation is compliant. An Enterprise Information Management System can help to ensure organisations meet their compliance related requirements. Similarly, usage of analytics from this type of system can aid in the process of identifying Personal Identifiable Information (PII), in both structured and unstructured data formats. Wherever possible, organisations should look at automating processes that integrate an organisation's privacy programs to meet data privacy and protection obligations.

Gartner estimates that by 2023, 65% of the world's population will have their personal data covered under modern privacy regulations, up from 10% in 2020. This has huge implications for every enterprise, meaning organisations need to make this a strategic imperative and act right away to avoid exposing themselves to financial penalties and to ensure the data they process is not compromised.

This article has been written by Isaac Rajkumar, Managing Director, India and Senior Vice President, Engineering, OpenText