Gartner Blog Network

Make money with privacy by having privacy make money

by Bart Willemsen  |  February 17, 2020  |  Comments Off on Make money with privacy by having privacy make money

If, like me, you worked in privacy about ten years ago, you’ve probably felt like that ghost rider on the freeway. Listening to the radio, knowing for sure you were doing things right, you hear an emergency broadcast announce that there’s one ghost rider around where you are driving. Seeing the headlights come your way you may have thought ‘Just one? They’re ALL headed in the wrong direction!’

But things have changed. Some estimated in 2019 that almost out of nowhere, half a million organizations have appointed a data protection officer (DPO). Earlier this year, Cisco published an interesting privacy focused study (see here). It’s interesting to see the wider variety of good things that come from ‘getting it right’. Gartner clients have already reported back a variety of benefits including reduced storage cost and improved customer retention. Cisco concludes that benefits also include “reducing sales delays, mitigating losses from breaches, enabling agility and innovation, achieving operational efficiency from data controls, making the company more attractive to investors, and building loyalty and trust with customers“.

Now we’re talking.

Cisco also reports observing an average annual privacy spend of respondents to be $1.2M.

And that resonates. Early 2017, we estimated that the average initial spend for GDPR in year one would be around $1M in the U.S. and €1.2M in the EU. Not a one-off, the privacy discipline is here to stay. We’re talking dozens of jurisdictions worldwide working on updates or drafts of modern privacy laws. To see that things are growing, the 2019 Gartner Global Risk and Security Survey demonstrated that the average budget, dedicated to privacy in 2019 grew to $1.7M. Is that all?

Many capabilities ‘also’ relevant for the privacy cause are paid for by others. CIOs, CDOs, IT Execs, CISOs, you name it. How many CISOs can transparently say that their 2020 budget has grown, say, 4.7%, “of which 2.94% is because privacy”? I bet not very many.

One interesting finding in the Cisco study was this: “The average ratio of benefits to privacy spend was 2.7:1 (i.e., for every dollar spent on privacy, the organization received $2.70 worth of benefit). Almost half of the participants in the Study (47%) are seeing greater than a two-fold return on their privacy investments“.

I repeat: spending 1 dollar earns you 2.70. Spending an average of $1.7M in 2019 should yield then $4.59M. Of course many benefits have multiple causes beyond privacy alone. Moreover, there are no direct P&L posts where you can see this returned to pocket. But good governance, a trustworthy and intentional approach towards the customer and enhanced control over the entire personal data lifecycle simply are felt. And that’s what matters.

One colleague put it like this: What if a restaurant company spends 1 Million on building insulation.

  • As a result they spend 30% less on heating and cooling,
  • reduce employee sickness by 20% ,
  • food spoiling by 25%
  • and increase average customer stay by 20%.

Another colleague highlighted an interesting piece I had not yet seen: General Manager Insight: Apply the Kano Model in a Digital Development Organization to Meet Unspoken Needs (Gartner paywalled research). The Kano model’s axes of Implementation Level & Customer Satisfaction help attribute and assess the value of privacy without a direct cash connection.

A friend of mine likes to wear T-shirts with silly prints. One says ‘Have you hugged a Privacy Pro today?’ I’m thinking of printing new shirts too. A bit more text: Have you given them the means to do their job right? Do you see how getting privacy right simply makes you and your wallet look good? Have you upped your 2020 privacy budget and will you do the same next year?


Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Bart Willemsen
VP Analyst,
4 years at Gartner
11 years IT Industry

Bart Willemsen is a VP Analyst with focus on privacy compliance, risk management and all privacy-related challenges in an international context. With detailed knowledge of privacy in various jurisdictions, he's also proficient in security and risk management strategies. Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.