Posted: 02 May 2022 8 min. read

How can data privacy be a business enabler?

A differentiator, not simply an obligation

In advance of the CYBERUK 2022 conference taking place at ICC Wales on 10-11 May, Luke Webber, director in cyber risk at Deloitte, looks at data privacy and how it can be a differentiator for many businesses.

With both consumers and businesses becoming more reliant on technology, they are also becoming more data savvy and risk conscious. Data privacy, data protection laws and increasingly knowledgeable consumers creates a set of challenges that organisations must address in order to remain competitive and legally compliant.

Deloitte’s Digital Consumer Trends Survey 2021 revealed that 74 per cent of UK consumers are concerned about how companies they interact with online use their personal data, but it also showed that even though consumers are well aware of the risks, they are continuing to expand their online activity nonetheless.

Data insights

More people with an increased buying power plus access to more choice has resulted in consumers making better informed decisions before they purchase a product or service. So if your business is not already looking to consumer data to inform your strategy – now’s the time. Analysing and interpreting data, and the insights you derive from it, can be a game changer.

And this doesn’t just apply to B2C businesses and consumer or client data. It also applies to your suppliers and information that B2B businesses gather as well.

Data collection is increasing at an incredible rate. Even more so during the pandemic as organisations increased their digital footprint to preserve connectivity and continue to deliver goods and services. And it’s not just new and emerging businesses that have moved towards online platforms, established businesses have had to raise their game to compete in this fast, evolving marketplace.

Data as a differentiator

Many businesses recognised that data privacy regulations, like GDPR when it came into effect in 2018, could be an enabler. As well as making sure they were compliant, many organisations used it as opportunity to explore the business potential of their data sets and identify the various kinds of value that data holds for them, often reaping benefits such as competitive advantage, improved reputation and business enablement as a result.

What’s more, the rapid emergence of artificial intelligence, plus a sophisticated digital experience and marketing tools such as the Internet of Things (IoT), facial recognition, increased use of cloud and software as service technologies, have greatly enhanced the business opportunities provided by data and data-insights. And this is the key - intelligent use of data is a market-differentiator, driving growth in all sectors when used effectively. So you might want to ask yourself, is your business using the opportunities and value data provides to set yourself apart from the competition?

Equally, privacy conscious consumers are increasingly seeking greater assurances that their data, and trust, is not abused. Consumer buying decisions can be influenced by the trust they place in organisations when collecting and using their data. And this is the kind of trust and confidence your business should aim to inspire in your own clientele, throughout your business and in your supply chain.

Maximising the opportunity

With the bar raised on privacy, are you maximising the opportunities to demonstrate your business’s commitment to data and privacy? Here are some steps you can take.

  1. Make sure your organisation’s commitment to data privacy is clear. Use clear, transparent messaging externally to your customers and as well as internally for your staff so they understand how important it is to you, your business, its reputation and position in the market.
  2. A wide range of stakeholder engagement is required - there are few compliance topics that have implications across such a wide range of areas – so this messaging should come from the top. You and your senior leadership team must be aware of and understand your business’s high risk processing activities, and you must take action to engender an awareness of data privacy considerations at all levels of your organisation and supply chain.
  3. Build and maintain a clear view of the data you collect, hold and use at all stages of the data lifecycle, including third parties and flows of data across multiple regulatory landscapes.
  4. Commit to comprehensive ‘record of processing activities’ (RoPA) and assess legal and regulatory compliance. The RoPA should be sufficiently detailed, for example listing all data processing, the exact usage of the data, the technical and organisational measures that you have in place for the protection of the data, who is affected by processing. A fundamental risk analysis should also be included in a ROPA.
  5. Set out roles and responsibilities for how privacy risk is managed, and how it is monitored and assessed.

Broader implication

All in all, you should consider data privacy at an early stage when designing new processes in all areas of your organisation. Building data privacy into regular reviews so it will become part of a routine assessment will ultimately help to ensure that your business’s systems and services – both existing and new - are legally compliant.

But you should also think about the broader implications: What are you actually going to do with the data you collect? What’s your strategy? Is this an opportunity for you to define and cultivate your organisation’s strategic relationship with data? When combined with analytics and integrated into your business model, your organisation can start to make the most of its data, leveraging it and harnessing it to create added value.

What is CYBERUK 2022?

CYBERUK is the UK government’s flagship cyber security event, taking place on 10-11 May 2022 at ICC Wales in Newport, with the theme of ‘cyber security for the whole of society’. For thought leaders in cyber security and technical professionals from the UK and around the world, the event will also showcase Wales’s thriving technology sector, encompassing research, academia and design.

Deloitte is proud to sponsor the conference’s Cyber Ecosystem Zone, bringing together key stakeholders, success stories, and partners from across government, industry and academia to celebrate the six themes that support the UK’s cyber ecosystem: trust, partnership, innovation, talent, resilience and growth.

You can find out more about the cyber ecosystem in Wales here.

Key Contacts

Luke Webber

Luke Webber

Director

Luke has over 20 years’ experience of working with clients across multiple sectors, primarily the public sector, delivering data and analytics platforms and an array of digital and technology transformation programmes and services. Luke bridges technology risk, business objectives and the constantly evolving cyber-security domain to help clients define and execute strategic intent, rooted in organisation value and objectives. Working across public and private security, technology and change functions, Luke helps clients and departments evolve and address technological and business operating model transformation in highly regulated and governed environments.