By Kehinde Seun Ogundare, Country Head, Zoho Nigeria
Technology, as it stands today, acts as a catalyst for innovation and provides businesses with the means to expand their reach globally. Startups and SMBs now have the opportunity to compete in the global marketplace and easily develop a diverse clientele internationally with the help of the internet. Managing logistics, like international freight and shipping, for example, has become far easier.
However, despite the increased feasibility of global expansion for businesses, there remain several critical considerations that must be taken into account. One of the most significant among these is the data protection and privacy concerns that arise in the context of international operations. Businesses run the danger of breaking regional laws and regulations when they do not pay careful attention to data protection and privacy. Should hackers exploit vulnerabilities, organizations run the risk of experiencing operational disruption, as well as losing the trust and support of their clients.
Ensuring business and suppliers are compliant
As an initial step, it is essential to ensure compliance with various global data privacy laws and regulations, both for the business and its suppliers. It is imperative to note that these laws and regulations are not limited to markets where the business has established operations, and comprehensive compliance measures must be taken into consideration. The European Union’s General Data Protection Regulation (GDPR), for instance, applies to any company that has an EU citizen as a customer, regardless of where they currently live.
Take a Lagos-based company that only sells goods in its own city, for example, and assume one of their local customers is an EU national. The company has to be compliant with the Nigeria Data Protection Regulation 2019 (NDPR), which is a subsidiary legislation issued pursuant to the National Information Technology Development Act, 2007 (NITDA Act 2007), as well as the GDPR.
The consequences for anyone found to be in violation of data and privacy regulations are potentially severe. A breach of the privacy rights of any data subject under NITDA Regulation with respect to data controllers dealing with more than 10,000 data subjects carry a fine of 2% of annual gross revenue of the preceding year or payment of ₦10 million, whichever is greater. With respect to data controllers dealing with less than 10,000 data subjects, a fine of 1% of the annual gross revenue of the preceding year or payment of ₦2 million, whichever is greater, will be levied. GDPR offenses, meanwhile, carry fines of up to €20 million or 4% of the total global turnover for the preceding fiscal year, whichever is higher.
Privacy and security assessments should be included in due diligence processes for software vendors.
To ensure optimal readiness for data protection, it is crucial to implement sound database management practices, employ robust cybersecurity measures, and provide ongoing education to employees on the importance of data protection and privacy in the workplace. These things need to happen on an ongoing basis with businesses adapting as new threats emerge.
An area of vulnerability that businesses frequently neglect is the software and productivity tools they utilize. It is essential that businesses select tools from companies that not only adhere to the relevant regulations but also place a high priority on data protection and privacy. Aside from tools and offerings with robust privacy measures, vendors should present a business model that is not dependent on ad revenue and data monetization. These proactive measures considerably reduce the chances of a data breach. With the average cost of a breach now at $4.35 million USD, that’s an investment worth making.
Data protection is a must for businesses, especially those with a global presence.
Expanding a business globally demands an elevated sense of responsibility. Regardless of the size of the organization, it is crucial to recognize that similar challenges to those faced by large corporations, particularly with regards to data security and privacy, must be addressed. Consequently, a concerted effort is necessary to provide the highest level of protection for customers. This necessitates partnering with software providers who possess a commitment to data security and privacy.