IT Brief India - Technology news for CIOs & IT decision-makers
India
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cloud Services
#
Compliance
#
CX
Fines for mismanagement of data expected to reach $1Bn
Fri, 25th Aug 2023
Author image
By Catherine Knowles, Journalist
Follow us

By 2026, fines due to mismanagement of subject rights will have increased tenfold from 2022, to total over $1 billion, according to Gartner.

Gartner defines subject rights requests (SRRs) as a set of legal rights that enable individuals to make demands and, in some instances, changes for clarity regarding the uses of their data.

Nader Henein, VP Analyst at Gartner, says, “For security and risk management (SRM) leaders in B2C organisations, automating subject rights or consumer privacy rights management has become a basic requirement and a prerequisite for building trust. The management of SRRs can enhance customer trust levels by providing a positive privacy user experience (UX).”

However, inefficient handling of SRRs and an immature privacy UX can erode the benefit from millions of dollars spent on developing positive customer sentiment.

Business impact of poor or inefficient handling of SRRs

Organisations handling data must address SRRs in a defined time frame, Gartner states. Poor or delayed responses to SRRs can negatively impact an organisation's trust with its customers.

As a result of long waits for a response, customer experience (CX) and sentiment are also negatively impacted. In addition, regulators regularly impose fines for failure to comply. These rulings also mandate prompt execution of requests.

SRM leaders should take the opportunity when they receive an SRR to engage with privacy-aware customers. Henein says, “Data subject rights should not be treated exclusively as a legal requirement. To support positive customer sentiment, the organisation’s privacy UX should be developed with the same care as any customer-facing service.”

In addition, many jurisdictions require digital organisations to address the privacy rights of their employees. Data held on incoming, current, or past employees is worthy of the same care as data pertaining to customers. The highest cost per request is often attributed to employees’ SRRs rather than those coming from customers due to the complexity and the volume of data.

Henein says, “To ensure data subjects receive responses within acceptable time, cost, and scale limits, SRM leaders should consider establishing a foundation of metrics around SRRs."

The evolution of SSRs

Henein says, “While the need for scalable subject rights delivery and fulfillment will not go away, the demand for more automation will lead to a faster move toward a zero-touch model."

“This model will enable users to self-serve informative rights through a privacy portal where individuals will be able to browse their information in detail and understand how it is being used and by whom.”

Maintaining a manual SRR process renders an organisation more likely to face regulatory fines and suffer associated reputational damage. It also entails maintenance costs. By contrast, being transparent about, and involving customers in the SRR process and implementing a more automated approach to SRR fulfillment offers clear benefits to organisations.

Related stories
New report reveals stark divide in global AI progression
How to ensure your finance transformation project is an unqualified success
Gartner unveils top four data & analytics trends for 2024
Extreme Networks unveils Extreme Labs innovation hub
PIA unveils revamped Android VPN app with Shadowsocks integration
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Dropbox unveils new features for remote work, enhances Microsoft integration