Build vs Buy: Why You Should Never Build for Privacy

<- Back to all Blogs
4 min Read   |  Published: Thu Oct 15 2020
In a world of budget cuts, in which companies increasingly seem to be asked to do more with less, companies often face the dilemma of build vs buy. For some businesses, there may be no choice but to build, especially if there is no vendor that matches your unique requirements. For others, it may be a cultural choice to build – but is this always the right approach?
When should any organisation build instead of buy? Well, that’s not so straight forward, in part due to the moving parts and commercial impacts these decisions can have. But let’s look at the debate from a privacy perspective. Privacy is easy right, right? Well, not really. Data Privacy is a complex, often global matter. Just this week Morgan Stanley was fined $60 million for a breach of Personal Data Privacy for failing to properly decommission a data base filled with personal data. The world of Data and Privacy is changing, and continues to change, and change fast. We see new regulations coming into play around the world, all with their own variations of what is deemed acceptable with respect to a company’s approach to Personal Data.

These challenges need solving – so how best to do so? The size of an organisation and its development team should not automatically dictate that a company builds. Take Facebook and the recent Schrems II decision. Facebook has thousands of developers. They are one of the world’s largest tech companies. They have built their privacy framework, and yet they have failed. Why? Because like nearly every organisation, they are not experts in Personal Data Privacy. Like many organisations, they built something they thought to be good enough, and yet which failed them when it mattered.

Companies need to rethink this build strategy, especially in light of Personal Data Privacy. Just because a tech team believes they can build it does not mean they should. In fact, 95% of organisations are much better served when they buy a purpose-built solution. The reasons why are self-evident: your developers are not lawyers. They don’t understand the governing law, nor its global impact. They are not Privacy experts who face the complexities of Global Privacy Regulations day in, day out. Purpose-built platforms are designed and built to handle the complexities of an ever-changing landscape, both from a legal and technology perspective.

This is the same reason organisations use purpose-built CRM and billing systems, as it allows them to save time, effort and cost, and remain focused on their true goals and ambitions. Companies that try to build everything will always expose the business in other areas, delaying projects and missing opportunities. Oftentimes, even if a company does decide to proceed with a build, seldom do these projects arrive on time and on budget. In addition, technical debt grows exponentially year on end. There are significant advantages to buying rather than building, beyond simply having a product fit for purpose. They will be quicker to implement, the costs are predictable, and if you select the right partner it should improve the service you’re able to offer to your own customers. By contracting an expert third-party service provider, you are entrusting an important, perhaps even vital role to a third party. This is no different to outsourcing a CRM or billing system. Using a third-party Privacy provider to solve your end-to-end Personal Data Privacy is the smart move, and allows the business to remain focused on its core tasks whilst providing a quicker route to compliance. This is especially true in a world where already complex data regulations grow increasingly stringent. The business can then evidence to customers and regulators that it uses a recognised solution to provide the necessary end-to-end Privacy.

Companies that build their own Data Privacy Platforms, or Consent & Permissions frameworks, need to think about the business holistically, and escape the siloed view. Our own experiences have led us to witnessing time and again organisations putting band-aids on core problems, often due to the decision made to ‘fix’ these issues in-house. This is not a risk any company should take with their customer’s personal data, or indeed their own reputation. The cost of getting things wrong extends beyond the obvious fines and financial damages. Brand damage, particularly for publicly listed companies, can be irrecoverable.

For any organisation today still examining the questions of build vs buy, ask yourself – why did we buy a CRM system? Why did we buy a billing system? The same answer holds true for Privacy. Interested in the world’s only Zero Risk End-End Privacy Platform? Get in touch here.