Busy CFOs might see privacy as an unwanted burden on their schedules. But failing to invest in privacy is a false economy when it leads to fines and reputational damage.

By NIGEL JONES, Co Founder of The Privacy Compliance Hub

As the Chief Financial Officer (CFO) of a growing business, we know you often find yourself wearing many hats. One of the most senior people in your organisation, you’re constantly juggling the reality of spreadsheets and budgets with the ambitious business goals and vision of the CEO. You’re wary of costs, apprehensive about risk, and need investments to pay off – quickly. The last thing you need is a hefty fine from the Information Commissioner’s Office (ICO) because the organisation isn’t privacy compliant.

We get it. Here are 10 questions for CFOs to consider:

1. What have I done so far to address privacy? 

This won’t be the first time you’ve heard about the importance of privacy compliance, or complying with the General Data Protection Regulation (GDPR). But what have you done so far to tackle this challenge? Are you confident your organisation is on top of its responsibilities and is handling data legally, transparently, ethically and responsibly?

2. Can I afford to ignore privacy?

We know you’re busy but you really can’t afford to ignore this, if only because of the fines increasingly dished out by the ICO. Already in 2021, we’ve seen American Express fined £90,000 for sending marketing emails, and a £200,000 bill handed to a Leeds-based claims management firm for making nuisance calls. Beyond the fines, there’s also the cost of a security breach itself.

3. What’s the risk to the business’s reputation?

A data breach or ICO fine won’t just hurt the business finances, it’s also damaging for its reputation. A third of UK organisations lose customers after a data breach, and four in 10 customers say they’ll never return to a business after a security issue.

4. Won’t this just slow the team down? 

If anything, building confidence among the team by teaching them about privacy compliance and how they should and should not handle data will have the opposite effect. By knowing exactly what data is being collected and for what purpose, your team will feel empowered to spot new insights and create new solutions.

5. Shouldn’t I just hire someone to delegate this to?

We’ve found the most effective way to make sure an organisation takes privacy seriously is by building a culture of continuous privacy compliance across all departments – from legal and marketing, to finance and sales. Everyone handles data in some shape or form and, with 90% of breaches down to human error, it’s definitely a good idea to get everyone involved.

6. How do I make privacy cost effective?

As the CFO, we understand you want the numbers. The great thing about the Privacy Compliance Hub is it’s a flexible solution with a fixed monthly price. Trust us, it’s much cheaper than those ICO fines and we can guarantee there won’t be any surprises waiting for you at year end.

7. How do I keep up to date?  

The world of privacy moves fast and we (kind of) understand that not everyone is as fascinated by it as we are. We’re constantly updating the Hub with new tips and guidance on the latest updates and regularly refresh training modules so your employees will be kept up to date too.

8. Are investors and other stakeholders interested in this? 

Absolutely. If you’re eyeing an exit or expecting to open an investment round, part of the due diligence process will consider your approach to privacy and data protection. Compliance done right can positively affect a valuation, and demonstrate to all stakeholders that you’re on top of what can be a real risk to any growing business.

9. How about clients? 

Ignore privacy and you’re likely to be seen as too risky to do business with, particularly if you’re working with clients in heavily regulated industries like fintech or healthtech. Being able to demonstrate good practice will boost the confidence of everyone who deals with your company.

10. How do I solve this effectively once and for all? 

Talk to us. The Privacy Compliance Hub is a simple-to-understand framework that teaches your whole organisation how to understand, care about, and commit to a culture of continuous privacy compliance. It’s easier than you might think.