The value of your data privacy investments.
When GDPR came into being on 25 May 2018, well over a third of companies globally were not ready for the EU data privacy regulation, according to the latest research from Cisco.
In terms of which regions were the most ready, Spain won out, citing 76% of organisations ready for GDPR in time for 25 May 2018. This is followed by Italy at 72%. At the other end of the scale in Europe, Russia had the lowest number of firms citing readiness at 46%, followed closely by Turkey at 47%.
Across the Atlantic, the US and Canada came in at 57% and 60% respectively, while Mexico led the charge in Latin America at 73% readiness.
Asia, meanwhile, sees China at 42% readiness, Japan at 45% and India on top at 65%.
While 41% of firms continue their push for readiness, those firms that were ready in time for implementation have found that being GDPR-ready has brought some unexpected and welcome benefits to their operations and business-growth efforts.
The research highlights that benefits include operational gains such as shorter sales delays and reduced number of records impacted after a data breach. For small business in particular, the increased agility that comes from this means greater flexibility of resources and increased returns for your business as it grows.
In terms of shorter sales delays, the research finds that while 87% of organisations report having sales delays due to customer privacy concerns, those that were GDPR-ready on 25 May 2018 experienced delays of 3.4 weeks, versus those that were the least GDPR-ready, who cited a 5.4-week delay.
Thus, the least prepared organizations have average delays that are nearly 60% longer than those who are most prepared.
This two-week advantage offers obvious opportunities for enhanced agility and business growth.
Also of note, GDPR-ready firms experience fewer and less-costly breaches. According to the research, of the firms that experienced a data breach post-GDPR implementation day, the least GDPR-ready firms had 212,000 records impacted.
This figure sees a massive drop to 79,000 records impacted at GDPR-ready firms.
System downtime is also affected by GDPR, dropping by almost a third from 9.4 hours at the least GDPR-ready firms, to 6.4 hours at GDPR-ready firms.
The time saved from reduced system downtime can be spent elsewhere in the business, meaning increased agility and innovation, which 42% of GDPR-ready firms report experiencing.
Elsewhere, organisations reported increased competitive advantage and investor appeal, both of which offer clear pathways to business growth. Along with this, improved operational efficiency was reported by GDPR-ready firms. In total, a whopping 97% of GDPR-ready firms are seeing one or more of these unexpected benefits.
“Organisations have a long way to go to maximize the value of their privacy investments. Our research shows that the market is set and ready for those willing to invest in data assets and privacy may be the path forward to get there.”
Michelle Dennedy, Chief Privacy Officer, Cisco
It’s clear now that GDPR means so much more to businesses than just being a regulatory framework for data security. It serves as an important foundation on which to build operational efficiency by reducing downtime and breach-associated costs, while increasing key business-growth areas, such as innovation and competitive advantage.
“This research provides evidence for something Privacy professionals have long understood – that organizations are benefitting from their privacy investments beyond compliance. The Cisco study demonstrates that strong privacy compliance shortens the sales cycle and increases customer trust.”
Peter Lefkowitz, Chief Digital Risk Officer,Citrix Systems and 2018 Board Chairman, International Association of Privacy Professionals (IAPP)
Read the full 2019 Cisco Privacy Benchmark Study here