Data privacy and security : are businesses immature ?

1
189

No need to explain why data are both a major challenge and a major opportunity for businesses. This summer, an IBM study showed that 73% of CEOs were convinced that data was going to play a major role in their business in the next years, with a 15% ROI expected on their cognitive computing initiatives. However, if everybody is having a passion for data and what it can bring to business, it seems that there’s not enough awareness on security and privacy.

Recently a couple of things surprised me.

Banks are not up to the mark regarding security

It started with a Cap Gemini consulting study on the state of the art of data security in the banking industry. 83% of customers trust bank regarding data security, surely a consequence of the image the industry has built and wants to project. But the reality does not look that nice.

As a matter of fact 21% of data security and privacy professionals working for banks are confident in their ability to detect a cybersecurity breach and the study shows that only 29% of banks offer both strong data privacy practices and a sound security strategy.

The upcoming GDPR chaos

Regarding data privacy, the hot topic in Europe is, of course, GDPR (General Data Protection Regulation) with which every single business will have to be compliant in May 2018.

A survey conducted by IDC in France shows that only 9% of businesses are compliant today. 19% expect to be compliant by the end of 2017 and 30% in 2018. What means that 42% are absolutely nowhere.

Even worse, these 42% are barely aware of GDPR and what it implies. 27% already know they won’t be compliant in may 2018 and the rest keep their fingers crossed.

Cherry on the cake, 1 out of 4 only did conduct an audit to assess their situation and needs regarding GDPR.

Being lax on data security/privacy will come with a costly price

Let me just remind that lack of compliance can result in a fine up to 4% of the company turnover and that there’s no doubt that authorities will want to make examples in the first months.

But fines are not what will cost the most : the price to pay on the market may be huge. Seeing these challenges as regulatory issues only is an evidence of a short sighted view.

GDPR compliance and a sound data security/privacy policy is an opportunity to build trust with customers that are more and more aware of the risks related to personal data, their theft or misuse. There won’t be no data business without ethics and trust. If justice does not do its job, consumers will choose data-responsible companies against those they don’t trust.

As a matter of fact I have a very bad news for businesses hoping these regulatory changes will be unnoticed by the customer. A study conducted by SAS in the UK shows that 15% of people expressed their intention to activate their new rights in the same month that the General Data Protection Regulation (GDPR) comes into force on 25 May 2018.

Too much casualness ?

Photo Credit : Fotolia.