Digital transformation grew by leaps and bounds during the COVID 19 pandemic, and India was no exception. A recent IDC India report predicts that digital transformation spending in India will reach $85 billion by 2026.
Every digital interaction and transaction that is part of this digital transformation is reliant on one core aspect—digital trust. More than 70% of Indian organizations have identified digital trust programs as a major technology investment area over the next two years, according to the latest study by IDC.ISACA’s State of Digital Trust 2022 survey report found that85%% of Indian respondents say digital trust will be more or much more important in the next five years. The survey also found that Indian respondents indicate that high levels of digital trust are more likely to lead to positive reputations (70%), stronger customer loyalty (61%) and more reliable data on which to make decisions (58%). With low levels of digital trust comes loss of customers, more cybersecurity incidents, and more privacy breaches, according to the ISACA report.
A key part of building this digital trust is protecting privacy. This is important not only from an ethical and moral standpoint, but also because there are various guidelines and regulations that require a certain level of data protection. While there is no standalone and comprehensive privacy law which is present in India, the right to privacy is a fundamental right emanating from Article 21 under Part III of the Constitution of India. Additionally, India’s Information Technology Act 2000, RBI’s “Guidelines on Regulation of Payment Aggregators and Payment Gateways,” the Bureau of Indian Standards (BIS) on data privacy, and the Ministry of Electronics and Information Technology codified Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. India’s Ministry of Electronics and Information Technology (‘MeitY’) also recently released the (long-awaited) draft Digital Personal Data Protection Bill, 2022 (‘DPDP Bill’) on November 18, 2022, and solicited all relevant stakeholders to submit their suggestions and comments (no later than December 17, 2022). This should soon become a bill passed by the parliament.
Protecting data privacy and strengthening digital trust can come with challenges, however. According to the Indian respondents of the State of Digital Trust 2022 survey, the most significant obstacles to digital trust are lack of staff skills and training (56%), lack of leadership buy-in (49%), lack of alignment of digital trust and enterprise goals (49%), lack of technological resources (47%) and insufficient processes and/or governance practices (41%).Regarding privacy, a lack of competent resources proves to be the biggest challenge for Indian organizations in devising an effective privacy program. Other barriers include a complex international legal and regulatory landscape (40%), and a lack of executive or business support (39%). Organizations in India also see skills gaps in candidates for privacy roles, including in 1) experience with different types of technologies and/or applications (71%), 2) experience with frameworks and/or controls (58%), 3) understanding the laws and regulations to which the organization is subject (52%), 4) technical expertise (50%), and 5) business insight (44%).
While facing all these challenges, organizations should consider conducting periodic audits and assessments of their privacy procedures to better visualize the types of data they collect, its flow within the company, storage timelines and locations, and initiate remediation steps to close any gaps. Indian organizations are also addressing internal privacy skill gaps with a combination of actions—training to allow non-privacy staff who are interested to move into privacy, increased use of performance-based training to attest to actual skill mastery, increased reliance on credentials to attest to actual subject matter expertise, and increased reliance on artificial intelligence or automation.
Here are some other key steps organizations should take in their digital trust journey:
- Prioritize trust. Organizations must give proper time and attention to building relationships and instilling trust.
2.Understand expectations of customers/stakeholders: An organisation’s customers and stakeholders’ expectations are different based on the products and services they transact and it is important to be attentive to these expectations.
- Have the right technology and process in place: Organisations must have policies and process with the right technology to support digital trust initiatives.
- Communicate: It’s important for organisations to provide transparent and open communication to address changes and concerns, as well as to keep a vigilant watch on social media and respond to negative communication there.
- Adopt a governance culture: Organisations must have a robust process for handling the trust relationship with policies, governing structures, and process for responding to incidents.
- Go above and beyond: Organisations should work towards not only meeting contractual obligations but exceeding expectations, which helps in building trust and loyalty.