Mudit Kaushik & Vasundhara Shankar on 'Comply, Not Complain: Data Privacy for the Win'

With the advancement of technologies, modern businesses hold the superior capability of data collection and surveillance. Without proper regulatory and protection measures, the customers' personal data can be misused in various ways, leaving a negative impact on the businesses as well. For a business, sub-optimal data privacy outcomes their reputation and valuation. As a result, governments worldwide have started to table laws regulating data collection, usage, storage, and protection based on fundamental privacy principles and practices.

Vasundhara Shankar, the Founder & Managing Partner of Verum Legal, has worked with several business organizations and technology-focussed startups, helping them in legal structuring and other regulatory & compliance works. On the other hand, Mudit Kaushik is a lawyer whose expertise lies in Intellectual Property and Data Privacy. Together in this article, they reflect on how data privacy can be maintained in modern business practices.

As consumers are rapidly adopting digital transformation, businesses can now collect and store a hefty amount of consumer data that can improve their customer engagement and help them scale their businesses, analyze consumer behavior, and serve their users better. Data enables a business to understand better their customer base and the unmet needs in the market. It can be extremely advantageous in tracking the customer behavior and market trend, which can ultimately help in products & services development, personalized advertising & marketing.

Clearly, data is the currency that gives businesses a competitive edge and transforms them in the modern marketplace. However, with so much customer data with them, these companies also have increased responsibility of protecting that data from any kind of misuse by internal or external stakeholders. According to the University of Maryland data, a hacker attack appears every 39 seconds. IBM’s Cost of Data Breach Report 2020 shows that the average total cost of a data breach was a whopping $3.86 million!

More importantly, the privacy-awareness is high among the younger population, and they are concerned more about their personal data than ever. According to Salesforce’s third State of the Connected Customer report, 63% of customers feel that most companies fail to use their data transparently. In comparison, 54% believe that most companies do not use their data in a way that can benefit them. But, what recourse do these users really have against these companies? “In the midst of growing distrust among the customers, data privacy policies can help the businesses to win the hearts of their customers, resulting in a good customer generation and retention along with company revenue,” says Vasundhara Shankar. While external policies and documents are of immense importance Vasundhara, also stresses the importance of building better internal data protection systems.

Unsurprisingly, India is leading the world with the highest fintech adaptation rate in comparison to the lower global average. The value of digital transactions in India reached INR 6 trillion in January-August 2021 from INR 4 trillion in 2020. The pandemic and prolonged lockdown, Government’s Digital India campaign, and demonetization have also acted as a catalyst in the process of digital banking in India. However, digital financial services also pose privacy risks that harm consumers, merchants, markets, and nations alike. Many digital platforms in India suffer from design faults, making them vulnerable to hacking threats - and is a lack of appropriate legislation a reason for worry? Perhaps yes, according to Vasundhara Shankar. She says, “Centralized storage of data increases the chances of a data leak, and with the growing concern of innovative ways in which commercial transactions are taking place, digital payment systems must be regulated, and laws must be redesigned to focus on aspects of security, privacy and encryption principles to safeguard every digital transaction.”

According to Mudit Kaushik, “While data thefts can be damaging to any business, they can also be easily avoided by following simple data privacy and security principles and policies. To ensure your business continuity, you must invest in the right methods that are proven to be effective in your industry.” First, a company should lay out a well-thought-out strategy that suits the company. They also must protect all data that is being collected and stored by them using defensive firewalls and protective software.

Vasundhara adds that companies should also consider building robust internal policies and data flow structures to ensure the team handles data securely. As India is rapidly transforming into a digital society, the Indian Government plans to introduce the Personal Data Protection (PDP) Bill inspired by the GDPR.

Therefore, companies should take professional help to ensure compliance with privacy laws, internal measures, and de-identification of data to save their customers and businesses alike from any damages. Informed lawyers and legal professionals may help you understand data privacy's ethical and legal foundation to maintain your customers’ trust and use data productively.