Most companies will have to put digitalization on their business agenda. However surprisingly many neglect to ensure that the digital agenda complies with applicable legal frameworks or, in other words, to make the company "digitalization ready".
Fully benefiting from the advantages of digitalization is very much about analyzing various kinds of data, such as monitoring traffic patterns, the music preferences of a certain listener, wear and tear of a wheel bearing, or the behavior of a specific category of consumers.
Often the data analyzed can directly or indirectly be associated with a specific person and will thus qualify as personal data. Some may wonder why this is significant, since processing personal data has not really been considered a risky business in the past. But this environment is changing.
The new EU data protection regulation enters into force later this spring and within two years, companies will face sanctions that should make any board member and manager concerned about how personal data is processed within the organization.
It is clear that the EU is taking the integrity of its citizens and their personal information seriously. If the digitalization work that has been carried out is not aligned with the forthcoming regulation, this may not only result in a full stop for a prosperous business but it may also make a successful exit impossible.
Many potential buyers will waver when they realize the target they are about to acquire may be fined up to 4% of global turnover or 20 million Euro, whichever is higher, for failure to comply with data privacy regulations. The danger of running afoul of the regulation is very real, as data protection compliance cannot be achieved swiftly by means such as implementing a specific policy, but must be carefully considered as part of the digitalization process.
In light of the impending requirement for IT systems to be designed to ensure privacy for users, data protection matters should be considered as early as possible during system design. Redesigning a software product because data protection obligations were not considered strategically important from the beginning is obviously a situation that should be avoided.
However, even if the sanctions are sufficient to make companies ensure they are "digitalization ready", data protection is about so much more than being legally compliant. It is also about creating confidence among customers and business partners that the services provided are secure and beneficial.
Individuals are increasingly subjected to surveillance and analysis, online and in the physical world via technology such as geolocation services - and they are also becoming aware of this fact. The companies that can create trust among customers and potential customers will have a greater competitive advantage than others, as people will be more willing to provide them with the personal data that all companies crave.
Transparency and providing customers with a sense of control over their data will be the key to successful data collection. Thus, by ensuring data protection compliance at an early stage of the digitalization process, companies will avoid harsh sanctions and build up a competitive advantage that could pave the way for success.