How Your SME Benefits by Embedding a Culture of Privacy.
Start-ups and other small to medium-sized enterprises (SMEs) often overlook privacy as they build their business. They may view the regulations as something larger entities need to be concerned with. They may feel privacy inhibits innovation. Or may consider regulations as a barrier to being competitive.
However, SMEs shouldn’t view privacy as an inhibitor to their business. Taking a proactive approach to how personal data is handled can lead to many significant benefits. While privacy regulations do, in some respects, carve out exceptions for smaller businesses, building a culture of privacy early on can help you establish this foundation and create competitive advantages. Plus, when your organization scales to a size where the full force of privacy regulations kick in, less effort will be needed to make that transition.
So how can companies benefit from a proactive approach to privacy culture?
Reduce friction to sales.
Taking a privacy-centric approach can improve the efficiency of your sales funnel. Earlier this year, Cisco released their Data Privacy Benchmark study. The report indicated 67% of companies experienced reduced sales delays by having invested in privacy practices. In addition, it indicated the average delay due to privacy issues was 4.2 weeks.
An important consideration for SMEs is that while they may fall outside the scope of regulations, their customers may not. In many cases, privacy regulations spell out requirements a company’s vendors need to meet. Your customers are ultimately responsible for the personal data they collect and will be subject to the punishments in the event something happens.
If your organization hasn’t considered privacy, you’re putting your sales efforts at risk. It will take time to get the right answers your customers need to ensure you can meet their privacy requirements. Understanding exactly what data your product is using, how it’s processed, and where it’s stored is the first important step.
In addition, there are the business processes that are required to address certain requirements in privacy regulation. For example, are you prepared to properly handle ‘right to be forgotten’ requests from your customer if they need to comply to GDPR? If your competition already has this in place and can readily respond, you run the risk of being left behind in the sales process.
Arm your sales team with the information they need regarding your privacy practices up front. Ensure they are aware of some of the important questions that may come up in customer discussions and be prepared to quickly address anything you may have not considered. Doing this work upfront will reduce any friction from questions around privacy and allow your sales team to be more successful.
Build trust.
Trust is crucial to gaining and retaining customers. According to a Deloitte Canada Survey, 90% of consumers would be likely to sever ties with an organization if the entity used data unethically. Failure to retain customer trust could result in significant impacts to your organization’s bottom line.
Data privacy plays a major role in creating customer trust. There’s an increased awareness of how personal data is being used, or misused, that has eroded trust in many sectors. Your organization will need to invest time and energy to build trust with your customers but this can be lost in an instant. However, the payoff for this investment is longer-term relationships resulting in customers that will be more likely to share data and use additional services.
Being transparent with your customers is a key step to building this trust. Ensuring you have gained proper consent and clearly identified how you intend to use their data is an important first step. You also need to ensure you’ve built a culture of privacy within your organization to ensure proper use of data is maintained. Plus you need to define clear retention policies to identify when data is no longer needed.
Communicating these guidelines to your customers will put their mind at ease and allow you to build the necessary goodwill. And in the event a breach does happen, it may reduce the risk of a significant customer backlash.
Reduce potential of data breaches.
Companies are increasingly at risk of experiencing data breaches. And this isn’t just the domain for large corporate enterprises. Even smaller organizations run the risk of having their systems compromised. Experiencing a data breach can play a significant role in building trust as noted above.
Data breaches are also incredibly costly. The IBM Cost of a Data Breach Report from 2019 indicated the average cost of a breach was $2.74 million (US$) for organizations with less than 500 employees. For smaller companies, incurring these costs can inhibit their ability to meet their growth targets.
A recent report from data privacy platform Osano indicated there is a correlation between strong data practices and risk of a data breach. The study found companies with poor privacy practices were 80% more likely to experience a data breach. Taking the time to consider privacy and embed this into your organization can help you reduce the chances you’ll be the next data breach headline.
Organizations that establish good privacy practices will typically include security as part of that process. It’s a core principle within Privacy by Design and is central to ensuring data you collect is safe from harm. Therefore, it stands to reason that those organizations who proactively consider privacy will enable stronger security practices. Taking this step will help reduce your risk of a data breach. This can ensure customer trust isn’t eroded and limits the potential of incurring financial loss due to a breach.
In the event a data breach does happen, you will be required to report it to the appropriate authorities. And privacy officers may investigate your company to examine why the breach happened and the extent of the damage. Being able to show you’ve taken steps to mitigate risks may allow you to put your organization in a more favourable position with the authorities and may translate to some leniency on any potential repercussions.
Increase attraction of investors.
For SMEs looking to raise funds that can propel their business forward, investing in privacy can contribute to acquiring investment. The Cisco Data Privacy study indicated that 73% of companies were able to leverage their privacy practices and make their company more attractive to investors.
For SMEs, this can be a difference maker. While some start-ups can bootstrap their ventures, many rely on funding to allow them to continue building their business. Establishing a positive, privacy-forward image can contribute to attracting investor attention.
Venture capital firms have increasingly been taking privacy practices into consideration as part of their company evaluations. As an example, Georgian Partners, a venture capital firm in Toronto, incorporates an element of trust from proper data usage as part of their practice. Companies that haven’t established privacy policies run the risk of missing out on potential funding opportunities.
Taking the time to invest in privacy allows you to show investors you’ve taken the collection of data seriously. It can help them be more at ease in investing knowing there is one less risk they are taking by investing in your company.
Reduce efforts for compliance.
While your business may not currently need to comply with privacy laws, most companies aspire to grow beyond this stage. At some point, you’ll need to ensure you comply with privacy regulations in the jurisdictions you operate. Given the myriad of regulations out there, GDPR in the European Union, CCPA in California, and PIPEDA in Canada just to name three, it can be time-consuming to establish proper practices.
By considering privacy from the outset of your business, you will be able to establish a culture around data protection. This can pay dividends as you grow as you will need to invest less time building out a privacy practice. Your employees will be comfortable with the idea of privacy and will be embedded into their thinking as they build out next generations of your product. There will be efforts needed, but not having to start at square one will reduce the load and allow you to invest more time in your organization’s continued growth.
SMEs have multiple competing priorities to address with limited resources. While privacy often takes a backseat, it is an important consideration for smaller companies. It can provide many benefits for your business and contribute to your growth. Build it into the culture of your organization. And ensure it receives appropriate attention in your product development and business processes. It could contribute meaningfully to your success.
