SEEING THE OPPORTUNITY IN PRIVACY REGULATION

(Published in Forbes Africa August 2018)

From the news, to social media and dinner party conversations, privacy is the talk of the town. Not only do organisations not take our privacy seriously but we don’t take it seriously ourselves. This has to change.

Google is tracking our every move, they know what we are doing, where we are doing it, and who we are doing it with. Facebook has every bit of information we so freely share with the world. WhatsApp tracks our conversations and uses the data to target advertising at us. These are just some examples we know about, and, it would seem, condone.

And don’t think you can simply adjust your privacy settings and be safe. Regardless of your privacy settings, Google (and allegedly their third-party partners) know your location, your movements and patterns. This is supported by all the information you volunteer on social media. Your phone is listening to you and recording you one hundred per cent of the time. The manufacturers have different responses to how long they keep the information for, but no one is denying that they are gathering, using, and sharing our most private information. Our watches are tracking our activity, our cars tracking our behavior, and our loyalty cards tracking what we spend our money on. Already, all medical records and lab results are available to any medical practitioner, and estate agents can access almost limitless information about us simply by knowing our address.

 We are also constantly coming up with strategies around topics such as ‘customer centricity’, ‘big data utilisation’, and ‘customer obsession’. What do these strategies actually mean? How are they practically implemented? And what is the trade-off? Can we be obsessed by our customer without using the data to our own advantage, rather than to the advantage of our client?

Chasing after our strategy, we collect information we don’t need, keep it for longer than is essential, and share it with the highest bidder (in the worst case) or don’t protect it (as a semi-best case). Have an honest look at your own organisation.

Do you absolutely need every piece of information you gather from your client, in order to provide the service they require from you? Do you destroy any information you no longer need, or do you hang on to it for ‘trending’ or ‘statistics’? Have you, or do you, share information with third parties? If you do, it is to the benefit of the customer?

This is why Protection of Personal Information Act (POPI)General Data Protection Regulation (GDPR), Privacy Shield, and a myriad of other regulations are being brought in.

 And to all the companies not taking privacy seriously, try this one out for size: How would you like to pay out R10 million or spend 10 years in prison for a POPI breach, or 10 million Euro or 2 per cent of your company’s global annual turnover (whichever is higher) for a GDPR breach?

The regulators are already inundated with enough complaints, concerns and requests for assistance that they cannot keep up. Regulators are gearing up to deal with these complaints with speed and efficiency.

But, let’s forget about all the doom and gloom for a moment, and take a peek behind the veil, uncovering the incredible opportunities that these regulations offer us on a silver platter.

 Opportunity 1 – building trust

We could use our own compliance with these acts as an opportunity to change our relationship with our clients completely by showing our clients that we care about their privacy enough to give it the necessary attention, and taking the time needed to communicate with them regarding their rights in the process. This, in turn, creates a bond of trust between company and client.  It gives each client facing team member an opportunity to create honest conversations with their clients, and every support team member a chance to understand the impact they are having in their clients’ life.

Research has proven that trust is the most important factor in all relationships – be it personal, with clients, or with staff or third parties. It gives our clients an opportunity to change their perception of us as their service provider, and could potentially start reversing the general feeling of skepticism and lack of caring we experience as consumers.

By the same token, we need to hold our staff, our partners and our suppliers accountable for their role in protecting the privacy of our clients. Creating a trusted bond with these third parties means that we can openly and honestly communicate our processes, ensuring that they share our commitment to protecting our clients’ personal information.

 Opportunity 2 – An effective breach management process

As part of a privacy programme, it is essential to have a robust, yet simple process to be followed consistently by all staff, for all privacy breaches.

This is the perfect opportunity to initiate and embed ‘Privacy by Design’, and commence process automation throughout the organisation. Paying attention to the breach management process/register and system facilitates the design of the ‘new normal’. It makes all staff aware of the regulations, the impacts, as well as the need for transparency and accountability.

Opportunity 3 – Automation and efficiency

We have an opportunity to re-look all our policies, processes, procedures and records management. By adopting a ‘Privacy by Design’ approach to everything we do in our organisations, we will systematically and irrevocably start changing the culture in the company, and thereby our client experience.

This is where the opportunity scales up a couple of notches!  Once our processes are documented, we are in a position to identify our repeatable or repetitive processes, and starting building RPA for these, thus freeing up our humans’ valuable time to deal with escalations and real customer interaction.  RPA will take your organisation to the next level – and your Privacy Programme could be your lever.

Some of the most successfully transformed companies have used their privacy programme as a springboard to kick-start their transformation. Whether the strategy is to move to a private block-chain, or new cloud partnerships, to implement a new workflow/imaging/records management system, or simply to re-engineer your business processes to impact your bottom line, using your privacy programme as the catalyst is highly recommended, and proven to work.

The bottom line is: If you have been waiting for an opportunity to reinvent your company, or need a little shove to get started, or your client relationships have become a little stale – why not use compliance to privacy regulations as your spring-board to a new, efficient and profitable organisation? Give us a call, and we will help you Adapt your company to the Future!