New Delhi- Data security & privacy have unfortunately remained afterthoughts for businesses over the last few years despite the digital vulnerabilities exposed as a result of large-scale digitalization owing to the COVID-19 pandemic. The first few months of 2020 saw nearly 36 billion customer records exposed due to lax data security. But, this is just the tip of the iceberg. Further research indicates how unprepared majority of the businesses are when it comes to containing and resolving data security issues. Businesses take an average of 207 days to identify a data breach and nearly 77% of businesses have no response plan in place.
This lack of a comprehensive data security system is taking its toll on businesses. The average data breach costs a company USD 3.86 million. Consumer trust is also at an all-time low, with nearly 43% of consumers believing that their data isn’t adequately protected and up to 83% of businesses reporting sales delays due to data privacy concerns from customers.
It goes without saying that businesses have a larger responsibility towards the data of their customers, and under the prevailing conditions, it’s understandable that 92% of consumers want businesses to be proactive about data protection. So how should businesses, especially those in India, step up to allay these concerns?
Complying with the EU’s General Data Protection Regulation (GDPR) can be an antidote to the data privacy concerns of both consumers and businesses.
The GDPR is admittedly one of the toughest data protection laws in the world. It became enforceable on May 25, 2018; and is applicable to all businesses providing services or monitoring web-based activities in the EU. GDPR affords consumers improved protection of personal data, transparent access to data, restricts certain data from being processed, and mandates strong encryption procedures for data.
Compliance with GDPR is no walk in the park, with non-compliance attracting fines of up to USD 261 million. So why should Indian businesses comply?
Research indicates that GDPR-compliant businesses have a reduced sales delay of nearly 40%, are nearly 25% less likely to experience a data breach, and if a data breach does occur, they have a shorter system down-time. Some 84% of customers are more loyal to companies with strong security protocols & for every dollar spent on GDPR-compliance, businesses make USD 2.70 in associated benefits. Indian businesses specifically can leverage this to expand into foreign markets and boost trust among regional customers.
The implications of GDPR are even more stark for businesses in the Indian financial sector. Surveys indicate that finance is among the most trusted sectors with 44% of the customers stating that they trust financial service providers with their data. However, financial data is also among the most at-risk, with nearly 21% exposed sensitive files, the highest among all sectors.
Businesses in the finance sector, therefore have a much greater responsibility to their customers’ data and must take appropriate steps to shore up their data security.
SignDesk, a provider of KYC verification and compliance solutions, is one of the few RegTech companies in India to have achieved GDPR compliance. Despite the lack of a dedicated data privacy law in India, SignDesk believes that businesses must take the first step when it comes to securing customer data. Digital trust is an important factor in finance, and SignDesk is looking to utilize this to reassure customers and expand into new markets.
Krupesh Bhat, SignDesk’s founder, states, “Businesses in finance must be careful and transparent when processing customer data, purely because of how sensitive and important this sort of data is to customers. As providers of compliance automation solutions, we feel an onus on ourselves to lead the way when it comes to data protection.”
Ashok Kadsur, co-founder of SignDesk, observes that GDPR compliance is beneficial in more than one way to the Indian businesses – “Sales delays due to privacy concerns, especially from overseas clients, used to be nearly 5 weeks. They’ve gone down to a week since we’ve been GDPR-compliant. Customers are much happier knowing how their data will be processed, and leveraging GDPR compliance has already become a sort of a competitive advantage for us.”
GDPR, despite not being the official data privacy law of India, is still a well-recognized global benchmark of data security. As digitization ramps up, Indian businesses must start viewing data security as more than just a compliance requirement. GDPR compliance affords numerous advantages to Indian businesses all of which must be leveraged to remain competitive and provide assurances to customers.