Indian CIOs Will Be Tested As Data Governance Becomes Critical

If there is one job profile that is going to become more critical than ever before, it is the role of CIOs in organisations in India. The CIO role, which was traditionally more technology-oriented, will become a well-rounded role comprising technology, governance, and regulatory compliance. It will be a role that can make or break organisations and businesses.

With every passing day, technology and data are becoming more and more critical for organisations. Today, for a large number of organisations, core businesses are based on data, competitive advantages are built on data, and sustenance and survival of organisations rely on understanding and usage of data.

India is presently the third largest startup ecosystem, with most unicorns having built their business model based on technology and data. Indians are consuming more data than ever before. An average Indian consumes about 20GB of data per month, which is expected to more than double within five years. Internet penetration is expanding rapidly in the country, with more than 900 million internet users at present. 5G networks have reached more than 500 towns and cities and is expected to cover the entire country within the next two years. In fact, India has one of the cheapest average price of 1GB data globally. This explosion of data makes the case for data governance extremely prudent.

The government of India has realised the importance of data governance, including data privacy. The draft Data Protection Bill was released for public consultation in November 2022, and is expected to be enacted into law soon. The government has taken a consultative approach in the whole process, including taking views of a large section of stakeholders. The proposed bill has balanced the needs and rights of citizens, with respect to privacy and the compliance burden on corporates. It provides various rights to citizens, thus protecting their interests. It enables the startup ecosystem to innovate and co-create, and has the scope for cross-border data flow with certain specified countries, which may be crucial for many tech companies and MNCs to continue operating seamlessly in India.

The draft bill also has penal provisions and hefty fines for non-compliance and loss/misuse of personal data, which would mean that corporates dealing with data would need to put in place robust systems and processes to handle the same.

CIOs, who would be leading technology and data initiatives in organisations, therefore, not only need to focus on technology but also need to ensure compliance, process enablement, and governance. Any miss here may prove costly for the company, resulting in a loss of brand reputation and customer confidence, significant monetary fines, or penal proceedings.

The upcoming regulatory changes like the Data Privacy Bill would mean that CIOs would play a crucial role in brand-building, ensuring competitive advantage, and overall survival of organisations in the future.

Globally, tightening of personal data protection and privacy norms has been seen, including General Data Protection Regulation coming into force. Thus, CIOs need to take the regulatory role with utmost sincerity and seriousness, as it is the direction in which governments are progressing.

In order to ensure that CIOs keep pace with the changing times and regulations, they should focus on five critical aspects:

• Start early and be prepared: CIOs should not wait for the final Data Protection Bill to be passed in the Parliament and enacted into law. They need to start now and prepare themselves. Two immediate tasks should be to conduct a comprehensive data audit and prepare a team, including a data protection officer, to handle all future needs.

• Security and privacy in design: CIOs should re-look at the design and architecture of all applications and data models and bring in security and privacy at the design phase by default. Any future application should be implemented only with this framework in place. Additionally, the cybersecurity and cyber response team in the organisation should work under the aegis of the CIO, and appropriate tools and mechanisms need to be put in place.

• Keep scope for continuous improvement: A mindset and framework for continuous improvement must be inculcated and implemented. A feedback loop should be in place to ensure that the system adapts to further changes in the regulatory environment, and any scope of process and system changes are duly captured on a regular basis and implemented. Similarly, data audits need to be a regular process.

• Training and capacity building: While the CIO and his/her team lead the data governance drive, it is the responsibility of each person in the organisation to ensure its compliance on a continuous basis. Therefore, a robust program for regular training and capacity building for everyone in the organisation must be put in place on an immediate basis.

• Holistic view: Finally, the CIO needs to take a holistic view of the organisation from a data governance perspective, including its impact on other functions, processes, and systems. Given the criticality of the CIO’s role after the regulatory changes, organisations should have the CIO as part of the board or the CIO should be asked to report to the board on a periodic basis.  

While regulatory changes would test the CIO’s role, it also offers new opportunities for organisations as well as the people working in this role. If the CIOs are able to play their role well, it would open up multiple opportunities for organisations:

• Organisations would be able to use data for customised and personalised services and solutions, thus bringing sharper focus on customer-centricity.

• With safeguards in place, people will feel more confident in sharing their data, which would bring down the cost of customer acquisition and cost of service delivery in various industries, thus leading to a win-win situation for both parties.

• The next few years would bring forward organisations excelling in ethical data usage and compliance, thus creating deeper brand loyalty and scope of success for such organisations.

• This would also open up greater opportunities for the uptake and mainstreaming of Web3, which gives greater control of personal data to individuals. This would bring in greater innovation, especially in this segment, with India leading the way.

• Overall, we would see innovation in data governance, privacy-enhancing technologies and solutions, and customer-centric data practices. This would see multiple industries and organisations evolve into a far stronger position than they are in today.  

Organisations, including CIOs, should welcome these regulatory and data governance-related changes as they are expected to be beneficial for both the industry as well as consumers, leading to a win-win scenario in the long run.

Devroop Dhar is co-founder at Primus Partners.

The views expressed here are those of the author, and do not necessarily represent the views of BQ Prime or its editorial team.