Sustainable business models must ensure and document the correct processing of personal data to avoid that the basis for operations - and thus large values - vanish.
Most business processes use data that can be directly or indirectly linked to a person, be they employee, customer or supplier. The use of such data is at the heart of digitization, innovation and business development regardless of the size and activity of the business. The Privacy Act places many stringent requirements, including that businesses must be able to demonstrate ongoing compliance. This is true across all systems and categories of people where data is getting processed - whether they are employees, customers or other people with whom the business is interacting.
In the event of incorrect processing, demands may be made to cease processing and deletion of data. This can affect the entire business model of the business. It is also possible that one company buys another based on data. The purpose of the processing may prove incompatible with the original purpose and the basis for the transaction may lapse.
It is also an example of whether incorrect or inadequate due diligence in an acquisition can have major subsequent consequences on the value of the business.