How CFOs Can Leverage GDPR to Increase Value

GDPR-for-CFOs.jpg

By Ray Kruck

Everybody’s heard about the EU General Data Protection Regulation (GDPR), but many erroneously think it’s just another “IT issue”. On the financial end, stiff penalties could severely cut into a company’s bottom line. The insightful CFO, however, sees compliance to be a value investment instead of an IT budget line item. 

For forward-thinking CFOs, it’s time to dig deep into the issue. Start by telling your team, “From now on, privacy and data security are as much financial opportunities as they are technical challenges.” 

Here are a few of the challenges and opportunities they should consider:

Financial Vulnerability Blind Spot

Part of every company’s financial responsibility is to uncover and eliminate liabilities and risk. If you were aware of a threat to 4% of annual global turnover or a €20M loss, would you make it a priority? If not - and your enterprise is found to be in breach of GDPR - get ready to pay the piper. Who’s at risk? Any company with any one of the following: a website, email, online marketing, SaaS solution delivery in combination with at least one EU citizen consumer of any of these services - must comply with GDPR.

Furthermore, data controllers like Microsoft and Facebook are enforcing compliance to their downstream technology partners and requiring strict adherence to GDPR or risk losing API access. For SaaS vendors, loss of API access kills business - period. 

Brand Position Jeopardy

Given the widespread enforcement of GDPR and similar initiatives in Japan, Australia, Singapore, and China, it’s safe to say that every company should be much more interested in protecting the privacy of their clients. This shift occurs on various levels as government and public opinion are starting to consider privacy a human right. As a result, brand value can suffer tremendously if a security breach leads to personal data exposure. 

Facebook’s value plunged $37 billion in the wake of its recent data controversy. Although the social media giant has since recovered, the same cannot be said of Equifax whose stock price tanked 34% after their data blunder came to light in September 2017. Six months later, the price still hovers around $125 per share from a high of $145 before the drop.

GDPR Adherence as a Business Necessity

Increasingly, larger enterprises are making procurement decisions based on third-party vendor risk and determining how to consolidate their authorized vendor list as a way to mitigate compliance risk. If you're a technology supplier (e.g. data processor), a major concern is how the large platform players and primary controllers (Facebook, Google, MSFT, etc.) will engage regulators over GDPR compliance breaches. 

Increasingly, a vendor’s security profile becomes a key selling point and ensures that current contracts remain intact.

Compliance Tactics to Maintain Value 

To preserve the value of an organization from a digital security and regulation standpoint, two options are available:

  • In-house solution - This may be the best option for the largest and most complex corporations. This means a homegrown task force that fully grasps the nuances of digital risk and the corresponding regulation. New hires or intensive training of current staff require an in-depth cost/benefit analysis. 
  • Consultants - For the majority of enterprises, this option makes the most sense. New practices and automated systems can be implemented quickly on an ad hoc basis with periodic updates and audits.

In both cases, the appropriate technical solutions must be implemented to detect, monitor, and manage the digital security ecosystem. Tools such as artificial intelligence are fast becoming part of the industry’s best practices. Advanced analytics and intelligent automation, such as the tools Tugboat Logic provides, can target policy gaps, guide controls, and even help establish awareness training.

Max Out ROI

The results of these changes can go beyond simply closing deals and avoiding bad press. When implementing better security measures, you can also weave in other improvements, such as:

  • Data silo removal
  • Improved data quality
  • Less data redundancy
  • Optimized data lifecycles, storage, and management
  • Better data validation and analytics

Interventions that maximize data value and security lead to improved business metrics. For instance, a compromised desktop consumes IT resources and leads to lost employee productivity, and this resource drain can be clearly measured over time. Security solutions that protect assets from infection serve to conserve resources which translates into demonstrable cost savings. 

The Secure Future

Security has always been about protecting asset value. Now, more than ever, a company’s most valuable assets are digital. Enterprises across the globe are called to step into a new reality that includes better privacy protection, more transparency, and healthier bottom lines.

Learn more about GDPR readiness. Download our free GDPR SOLUTION GUIDE.