Is data protection now core to business success?

The motion was seconded by Sacha Wilson, senior associate at law firm Bristows. Opposing the motion was Richard Robinson, vice-president at Cambridge Analytica Commercial, seconded by Debi Bester, chief executive at innovation agency Department of Change.

Runacus, proposing the motion, began by outlining three reasons why customer data protection is at the core of successful businesses: competitive advantage, compliance and trust.

The most successful businesses are reliant on data, he said. “The biggest companies in the world today by market capitalisation are all data-driven – Amazon, Alphabet, etc all rely on data. It’s core to their model, core to their development and core to their very existence.”

Referencing the well-worn metaphor in industry circles that ‘data is the new oil’ in terms of its value to businesses, he said that unlike oil, our reserves of data are growing exponentially, rather than depleting. He proposed the idea that rather than oil, “data is our glue and binds together disparate parts of business, ensuring they come together to operate effectively.”

Referencing the forthcoming General Data Protection Regulation (GDPR), which comes into effect from 25 May next year, he said that in his conversations with businesses who are currently implementing changes, protecting customers’ data is acting as that glue, “bringing together every aspect of an organisation to make them much more customer-centric”.

He argued that transparency fuels the collection and retention of data, fostering trust between consumers and brands. “An effective and authentic data protection strategy allows you to be transparent with your customers. I believe that transparency rewards greater success.”

Furthermore, when businesses show customers they are protecting their data, he argued, they are more likely to share it. He quoted a study from Columbia Business School, which found that 75% of consumers will share data with a business that communicates an effective and credible data protection strategy.

Rebuilding trust

Protecting customer data could help to rebuild trust that consumers have lost in brands, he suggested. While consumers will pay more for a product or a service from a brand they trust, trust in advertising is also at an all-time low. As all modern marketing is data-driven, he argued, “protecting customers’ data will be a vital element of re-establishing trust with consumers”.

The cost of businesses losing that trust is “massive”, he said, quoting an IBM statistic that the average data breach costs a business $3.6m, with each lost or stolen record costing $141.

In his speech opposing the motion, Cambridge Analytica’s Robinson acknowledged data’s value and importance: “Don’t get me wrong, my company has built its business off data and data science.”

He agreed with Runacus’ emphasis on the importance of trust in brands: “Protection of data is incredibly important – for those who don’t protect it, that can have a detrimental effect on their business. And by protecting data you can build trusted relationships and equity."

However, he said that it was inaccurate to state that data protection is “now the core” aspect of business success.

The issue of data protection is not a new one, he said. Protecting customers’ data has always been important, but he said the motion fails to recognise what has been built in terms of data protection best practice up until now. “There are a lot of businesses which have been built upon protecting data, understanding it and utilising it properly and professionally,” he said.

He went on to argue that the motion failed to acknowledge the “dramatic shift” taking place in terms of who is in control of data and brand relationships with consumers. “We’re seeing a 180 shift in who is in control of the data – from brands to consumers.”

Focusing on the motion’s phrasing of “the core”, he said businesses are successful for a myriad of reasons. “It’s not that there is one core aspect [of business success]. There is a cocktail of killer applications that mean a business will, or will not, be successful.”

Lots of businesses have failed, he argued, not because they weren’t protecting customer data but because they spend too much money or aren’t making enough money, or are providing a poor customer service.

Losing customers

While he acknowledged trust is key, he again noted that data protection is just one element of that. “You can lose customers and trust at the drop of a hat, at poor or low-quality products, at consistently poor customer service, and of course if you lose data. But it’s just part of that.”

He concluded by saying that the motion is “not based in today’s – and certainly not tomorrow’s – reality”, adding that “it’s business as usual to have these best practices in place”. 

Wilson, senior associate at Bristows, seconded the motion by discussing the importance of compliance, and the far-reaching consequences of non-compliance. He began by reminding the audience that data protection is much broader than just security.

“Anything you do in business will be impacted by data protection, whether you like it or not – because there isn’t a single business today that is not affected by digital transformation, and part of that is having a closer relationship with data.”

He highlighted the harsher penalties being introduced by GDPR as one consequence of non-compliance. There is far more regulatory attention on data protection than ever before, meaning the stakes are now much higher for businesses.

There has also been an "unprecedented" shift in consumer perception of data, he noted. “Years ago, it would have been unheard of for a business changing its privacy policy to make headline news. Now, if businesses like Spotify and Facebook change their privacy policy, it gets into the news and there’s an outcry on social media.”

Bester, chief executive of Department of Change, seconded Robinson in opposing the motion, arguing that data protection is a fundamental element companies need to get right, rather than a business differentiator. “Data is not the core aspect of business or even a core aspect – it’s hygiene,” she said.

She also argued that the differentiator of business success lies in how companies use data. “Just protecting all this data isn’t going to lead to success.”

The debate was then opened to comments from the floor. Among the ideas put forward was the observation that some of the world’s best-performing companies haven't necessarily protected customer data and therefore it shouldn’t be viewed as a core aspect of success. Another suggestion was that the basis of success is not data protection and that this motion would set the bar too low, that it is those companies who draw intelligent insights from that data that will be successful.

The vote was in favour of the motion.