IT Voice : How can CX technologies with built-in data protection capabilities minimise the risk of data exposure?
Munnaluri : Data exposure often occurs because organisations have different people, from different teams, accessing data for their own purposes. Since CX functions are customer-facing ones, these teams often have access to sensitive customer data, which inadvertently increases exposure and therefore cyber risk. To authenticate users, compile relevant data, ensure complete deletion or modification across the company’s tech stack, and then return all data to the end user, CX teams are relying on spreadsheets, manual data queries, and ad hoc communication.
While businesses can increase cybersecurity budgets to protect their infrastructure, there are many contingencies to plan for because of the numerous third-party solutions and emerging threats in play. CX technologies with built-in data protection eliminates such manual and time-consuming data request workflows. When companies, especially those providing CX platforms like Zendesk, adopt a shared responsibility model and incorporate robust data protection mechanisms into their solutions, it empowers businesses with the flexibility, control and ease of use needed to mitigate cyber risk. Businesses can then determine who can access what data, and encrypt sensitive information, building resilience into their systems. This in turn reduces the risk of data exposure.
IT Voice : What are the benefits of having advanced data protection models built into your CX functions?
Munnaluri : Ensuring the protection of customer data is paramount for building and maintaining customer trust. Trust can make or break your business — because more than half the customers across the world will never give your brand another chance if trust is broken once. And a big part of trust building is safeguarding customer data. As businesses ramp up their cybersecurity programs, it can go a long way if third-party solutions in use also have safeguards built in. For instance, if CX solutions come with data protection integrations, it can ensure that businesses are in compliance with data protection regulations like the Digital Personal Data Protection Act. These solutions automatically retain and delete customer data based on regulatory frameworks. It also ensures that a least privilege model is followed when handling customer data to ensure only people with the right level of access can view customer data they need to complete their work. Additionally, they provide encryption for customer conversations, adding an extra layer of privacy.
IT Voice : Why will data protection be a competitive differentiator for businesses looking to deliver trusted experiences?
Munnaluri : Data breaches have dominated headlines for a long time, particularly since businesses increased digitalisation. Furthermore, the annual cost of data breaches is massive. According to IBM’s Cost of a Data Breach Report 2023, a data breach costs Indian businesses an average of $3 million. These costs have gone up by 45% since 2020. In addition, they have to bear the reputational damage that stems from data exposure. Customer data being leaked on the dark web makes headlines all the time, negatively affecting business prospects and customer relationships. A recent study by Adobe showed that over two-thirds (66%) of customers across the world would stop doing business with a brand that experiences a data breach. It’s a clear indicator that data protection is good for business. If businesses adopt CX solutions built with data protection mechanisms, it will be a competitive advantage because it builds confidence in the brand.
IT Voice : How have recent regulations, such as DPDP (Digital Personal Data Protection Act, 2023) and others, influenced the way organisations handle personal data?
Munnaluri : Businesses by and large are captivated by developments in AI, particularly generative AI. It also means that massive amounts of data is being generated every single day. While businesses are curious about AI, Zendesk research says 87% are investing in cybersecurity and data privacy as a top priority as their businesses continue to handle high volumes of sensitive data, largely because many countries have rolled out data protection legislations like the DPDP Act in India. These regulations levy hefty penalties for non-compliance and businesses are gearing up to take measures to comply.
Since digital businesses have a wealth of employee and customer data to work with, they are experiencing roadblocks and challenges in data protection across the many disparate systems in which this data is stored. And they are now looking for customer experience solutions that help them tackle the data privacy conundrum because many (79%) feel that their vendors and partners could do better to address cybersecurity. These seismic changes in regulations and also customer expectations of data privacy are driving businesses to prioritise it. In fact, 89% say securing data privacy and protection is important to customer experience in the next 12 months.
IT Voice : What are some key challenges organisations face in complying with these data protection regulations, and how have they adapted their cybersecurity strategies to meet these requirements?
Munnaluri : The biggest challenge lies in keeping up with data subject access requests, data retention and deletion. The DPDP Act clearly defines the use of customer data, how long businesses can retain this data and the procedures to delete customer data. With mountains of data in play, it is a Herculean task to do it manually. There are many businesses who are collecting customer data for privy access requests, compiling it on excel sheets and then fulfilling these requests. Keeping track of what data to delete and retain is also time consuming. It’s with the help of CX technologies built in with data protection mechanisms that these tasks are automated. These technologies are designed to identify the data that should be retained or deleted and maintain comprehensive logs of pertinent information, thereby streamlining the fulfilment of privacy access requests. Given the volume of data in play, automation will play a significant role if businesses are to comply with these regulatory norms.
IT Voice : How do data protection regulations affect the development and implementation of cybersecurity technologies and practices within organisations?
Munnaluri : When it comes to data privacy and cybersecurity, the right amount of regulation is needed to balance the interests of customers and businesses which at times are at odds with each other. Too much regulation can impede innovation and agility in business operations. Globally, 66% of businesses say that data protection regulations are imposing significant limits on their personalisation efforts, which is important to delivering great customer experiences. Too little, and bad actors are given free reign to exploit sensitive information.
The reality is that cyber adversaries are constantly finding new ways to perpetrate breaches and they end up costing organisations a lot of money. A recent study by IBM showed that the average cost of a data breach for an Indian organisation is $2.3 million. Having a regulatory framework that is dynamic and responsive to the latest threats is necessary, and this dynamism pushes the data privacy and security industry to constantly innovate and evolve. It makes it imperative for businesses to constantly evaluate their security policies and practices. When businesses hold themselves accountable to the highest cybersecurity and privacy standards, it is a step in the right direction towards building customer trust, which is good for business.