darren whittingham - Fotolia
How can a compliance strategy improve customer trust?
Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity.
While many companies are feeling overwhelmed by the pressure of compliance with EU's General Data Protection Regulation, state data laws and potential U.S. federal regulations, Nader Henein, a fellow of information privacy research at Gartner, offers a new perspective on compliance strategy: Companies should evaluate their current data privacy practices ahead of possible regulations and focus on improving their existing relationships with consumers to instill confidence.
Editor's note: The following has been edited for clarity and length.
How can companies make privacy compliance strategy a business benefit?
Nader Henein: What [GDPR and privacy regulations] want organizations to do is to take better care of people's personal details. And that's just good for business. More and more, consumers -- you, me and everyone else -- are willing to cross the street, go to a competitor and pay a little bit of a premium if that's where we believe our information is best cared for.
What consumer doesn't want more rights? Especially when it comes to privacy, in the wake of Cambridge Analytica and other data breaches. It's a good platform -- it's topical, it's current.
If you look at these regulations just from a compliance perspective, it's going to be a big cost. You're going to spend a bunch of money getting to a baseline that is not going to be organically maintained, because you forced everything in that direction.
But if you aim to be the safest place for people to come and do business, the safest place for them to store their private moments, the safest place for them to transact, then you've got a key selling point and you achieve compliance on the way there.
The privacy regulations put the individual's best interest first and foremost. Previously, what's right for the individual was not necessarily what's right for the organizations. The kinds of fines that the GDPR brings into scope puts both of those in alignment. So, effectively, treating people's information well is also good for business. And that's the take behind all of these regulations -- they want to make it so painful to not follow the rules that following the rules is also good for business.