·  Legal News, Analysis, & Commentary


Privacy Pays: How Personal Data Protection Becomes an Asset

— June 11, 2020

The way you protect your consumers’ personal data affects your business income. Why is the implementation of personal data protection measures not only a legal requirement, but a profitable investment as well?

Data privacy has always been an important issue for any business. Not surprising since data is everywhere. In today’s digital world, people do not feel confident about the privacy and security of their data, especially given the numerous of recent data breaches. Therefore, more and more consumers are careful in choosing service providers and pay more attention to their data privacy policies.

Personal data protection is a business requirement

It is important for consumers to gain control over how companies that have access to their personal data collect and proceed it. This can be your competitive advantage. This is where data privacy becomes an asset. 

Companies that implement privacy protection measures, as well as organizational and technical measures of protection and provide consumers with such control are more likely to succeed and gain consumers loyalty. As a result, it helps to drive more sales and increase an income. Moreover, if you are a startup, it is more likely to gain investments with strong data protection policy.

On the other hand, non-compliance with the privacy requirements and data breaches result in a loss of consumers trust and, consequently, decrease an income and damage your reputation. 

Personal data protection is a legal requirement

Companies that have not yet put in place data privacy measures of their consumers or clients as to business purposes are still required to do so considering data privacy regulations and financial risks for non-compliance.

  1. Personal data protection becomes an imperative with the new strict regulations (General Data Protection Regulation (GDPR) in EU, California Consumer Privacy Act (CCPA) in the USA, as well as similar legislation in other states). Under these regulations, businesses are obliged to not only collect and maintain the data in accordance with the new rules, but also to provide the consumers with mechanisms to realize their rights. Such rights include, among others:
  • the right to know what types of personal information are collected, and for what purposes, as well as where personal data is being shared (both under GDPR and CCPA);
  • the right to access (both under GDPR and CCPA);
  • the right to opt-out of any sale of personal data (under CCPA) / consent withdrawal (under GDPR);
  • the right to personal data deletion/the right to be forgotten (both under GDPR and CCPA).

Businesses are also required to have strong internal data security policies and implement organizational and technical protection measures.

  1. Financial losses because of non-compliance.

    Man in a dark room wearing a skull half-mask and glasses, data from a computer screen reflected in his glasses; image by Nahel Abdul Hadi, via
    Man in a dark room wearing a skull half-mask and glasses, data from a computer screen reflected in his glasses; image by Nahel Abdul Hadi, via

Above-mentioned regulations set high penalties for non-compliance. Considering the type of violation, GDPR sets a fine of €10 million to €20 million or 2 to 4 percentage of annual worldwide revenue, whichever is greater. For example, recently Sweden has fined Google with $8 million for right-to-be-forgotten violations.

Under CCPA, the Attorney General may impose a penalty of up to $2,500 per each violation and up to $7,500 per each intentional violation, if business failed to become CCPA compliant in 30 days. Moreover, each consumer affected with data breach is entitled to bring a lawsuit and ask for recovery of $100 to $750 per incident, or actual damages, whichever is greater.

Personal data protection is a reputational requirement

A company’s reputation deeply depends on how it handle the consumers’ personal data. If data breach occurs, it will obviously affect a company’s reputation and lead to loss of consumers’ trust and loyalty. Gaining new customers after this is not as easy as may seem.

Considering this, compliance with data privacy regulations, putting in place strong privacy policies will safeguard your business reputation and increase a brand value.

To sum up, it is worth to invest in data protection regulations compliance as well as in internal organizational and technical instruments of data security for any business that deals with personal data. Data protection implementation helps to meet consumers` minimum expectations on how their personal information is handled, as well as to increase an income in perspective.

Companies that are on the same page with their consumers as to data protection are more likely to stay in the market than companies with low privacy standards.

Join the conversation!