A smart, risk-based approach is vital to long term success
How much do we need to invest to achieve data privacy? Didn’t we already fix this in the run up to May 2018?
These two questions are being asked by many business leaders – and not only because they face a future of tighter data privacy regulation. For forward-looking businesses, the need to protect data reflects its commercial value as an asset – and, if misused, its potential to become a liability.
Above all, it’s the importance of a ‘single customer view’ to delivering the seamless services customers expect – and the simultaneous need to meet customers’ increasingly stringent expectations on trust – that’s making data privacy a business critical issue.
The fact that data privacy is becoming a permanent priority makes it essential for data privacy spending to be smart and efficient. So a better question for organisations to ask may be: How should we invest to achieve data privacy?
The short answer is that firms need to establish a meaningful link between their customer data strategy, data risk profile and their data privacy spending.
After all, every business uses data in a different way. Risk profiles and risk appetites vary widely, depending on a range of factors. These include firms’ industries, locations, business models, complexity, data maturity, processes and size.
Our experience also shows that a failure to connect strategy, risks and responses often leads to disproportionate and ineffective spending. Without a disciplined approach, firms struggle to prioritise their investments. They are also more likely to resort to improvised or manual fixes when a smarter approach could pay lasting dividends and a competitive advantage.
But what does a smart data privacy spending programme look like? In our experience, the most successful investments follow a number of key steps. They should:
When it comes to data privacy, businesses are at the start of a long journey. The best practice models of the future are yet to emerge. In the meantime, approaches to data privacy will need to develop in parallel with evolving technology and business models. A risk-based approach and the smart use of technology, outsourcing and other innovative tools will ensure that data privacy spending is not just about compliance, but achieves lasting business improvement.
To discuss this topic further, please contact:
Matt Malone - Partner, Head of Risk and Regulatory Transformation
Martina Algeri - Manager, Data Privacy
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.