Data protection has a bad image in many companies. However, it is worth reflecting on the topic once again. In practice, it often helps to strengthen companies.
Heiko Gossen, expert for data protection and information security at migosens, provides an overview of the data protection requirements for companies in the following article.
Is data protection a problem?
The fact that data protection is not held in high regard was demonstrated a few years ago by the enormous resistance of many companies to the GDPR. It was implemented anyway, as it is mandatory for companies and very important and beneficial for consumers. However, it was only a few months ago that many media outlets reported that one in three companies had not yet implemented the GDPR. This could result in painful fines: The fact that these are now also being levied is shown by the large number of fines imposed in recent years. These affect both small and large companies, as the case of the Meta Group (Facebook) shows, for example, which has already had to pay fines in the billions. In Germany, the fines against H&M (€35 million), Volkswagen (€1.1 million) and Notebooksbilliger.de (€10.4 million) are among the best-known cases. A total of around 500 fines have already been imposed for data protection violations in Germany alone.
But what is the actual problem with implementation? Many companies complain above all about the high level of bureaucracy involved and the lack of legal certainty. Data protection tends to be seen as an enemy that stands in the way of the company’s success. It therefore prevents the company from developing freely. Companies with this attitude will therefore only integrate data protection into their processes at a late stage or perhaps not at all.
A good example from practice is the documentation obligations that companies have to comply with. The additional work involved takes up a lot of time and energy – and in everyday working life, this is seen as a nuisance. When it comes to documentation in the register of processing activities, the disgust seems to be particularly high.
Unfortunately, companies with this attitude are entering a downward spiral, because no company can avoid data protection any longer. Those who fail to take the necessary measures today will have to make even more demanding improvements in the foreseeable future. This, of course, entails enormous risks, which could, for example, disrupt or even halt the company’s development. In addition, companies let their competitors pass them by without putting up any resistance. More on this in a moment.
Data protection: better than its reputation
Solidly implemented data protection also represents tangible added value for companies. It is not so much an obstacle to the success of the business, but rather a real benefit: those who invest correctly here benefit from the growing trust of customers, business partners and employees in the company. This is because these groups evaluate data protection from a different perspective than a company. They understandably want their data to be handled responsibly.
Data has become extremely valuable. Anyone who has ever been the victim of identity theft knows very well what it means to lose control of your own data. The damage is often not only financial, but social and community life can also suffer. Identity theft is a crime that is very typical of our time and can have a massive impact on the lives of victims. More and more people are aware of the importance of their data. Phishing and other modern data-related crimes have also become common.
For this reason, well-implemented data protection in a company can lead to greater customer loyalty and more positive reviews. But it’s not just about people wanting to feel secure, they should be. Data breaches do not announce themselves, as criminals in particular work in secret. As a result, data theft is usually only noticed when the damage has already been done. Many affected companies even try to conceal data theft. This only exacerbates the scandal – and with it the damage to their image and the legal consequences.
Sustainable data protection, on the other hand, has the power to underline the reliability of a company. This in turn leads to a clear competitive advantage. Indirectly, data protection can also increase a company’s efficiency, as the processes and responsibilities are clear. It is important to realize that data protection has long since become a significant economic factor and is not simply an annoying obligation.
Data protection allows for innovation
Data protection creates trust. This is especially true in times when people have become more aware of their rights and potential dangers. Hesitant companies should bear in mind that trust has a real value. Many people are prepared to accept higher prices if they are justified. This applies to both B2B and B2C relationships. In addition, there is an increased likelihood of being shortlisted for contracts in the first place, as more and more clients not only expect data protection requirements to be implemented, but are also increasingly asking for them. More orders and higher revenues create room for innovation.
Data protection also helps to minimize risks. This is because the measures used to secure personal data also protect company and trade secrets. This applies not only to the increasing crime surrounding data theft and phishing attacks. Companies also run risks vis-à-vis the authorities if they do not comply with data protection requirements. Not every company is like Meta, which can simply pay its fines and still hardly have to fear any loss of image among its users. Those who think about data protection at an early stage and keep at it in the long term have to accept fewer risks and have more capacity for innovation.
Data quality is another point that companies should focus on. The often maligned record of processing activities (RPA) offers great potential if it is managed well. Contrary to what is often assumed, it is not only used to fulfill documentation obligations. It also helps to make previously overlooked dependencies visible, as it links information together. This can be beneficial for numerous departments.
Risks relating to data protection
Data protection can feel good when companies recognize its usefulness and play their cards well. First and foremost, customers, business partners and employees may benefit, but the effect on the company can also be positive. However, there are risks that I don’t want to withhold from the reader.
This includes viewing the data protection officer (DPO) as an opponent. As they play a significant role in growth, it is very important to work together as equals and pull in the same direction. Another risk lies in pretending to be data protection. Many companies write phrases such as “We take the protection of your data very seriously” on their websites. But in practice, there is not much evidence of this. Companies should be aware that consumers often recognize such platitudes and tend to evaluate them negatively.
Conclusion
Data protection is more than just an annoying obligation. Consistent implementation not only fulfills legal requirements, but also strengthens the trust of customers, business partners and employees. Solid data protection creates competitive advantages, increases the efficiency of internal processes and minimizes risks such as data theft. Companies that understand data protection as a growth factor and actively implement it can set themselves apart from the competition. It is important to see the data protection officer as a partner and not just implement pro forma measures. In this way, data protection becomes a real success factor.