Content, Governance, Risk and Compliance, Content, EMEA, Europe

GDPR Data Privacy Practices Spark Better Business Results, Study Says

Organizations worldwide cultivating GDPR data privacy practices are showing better business results, a new Cisco Systems study said.

The networking giant’s just released 2019 Data Privacy Benchmark Study confirms that businesses adhering to data privacy practices of the General Data Protection Regulation (GDPR) experience shorter delays in their sales cycles and less destructive data attacks. To gather data for the research, Cisco surveyed some 3,200 security pros in 18 countries, 2,900 of whom were familiar with the privacy processes at their organizations.

Three top level observations from the study:

  • Customers are asking more questions during the buying cycle about how their data is captured, used, transferred, shared, stored and destroyed.
  • Organizations are benefiting from their privacy investments with shorter delays in sales cycles to address customers’ data privacy concerns, fewer breaches and a lower cost from data breaches than those not ready for GDPR.
  • Privacy-related benefits are providing competitive advantages to organizations making data privacy investments.

10 key findings:

  • 59% of companies are meeting all or most of GDPR’s requirements today, with another 29% expecting to get there within a year.
  • The top challenges to getting ready for GDPR are data security, employee training, and keeping up with evolving regulations.
  • 87% of companies reported delays in selling to existing customers or prospects, up significantly from last year.
  • 74% of the GDPR-ready companies were impacted by a data breach in the past year, compared to 80% of the organizations less than a year from GDPR readiness and 89% of those  farthest from being GDPR ready.
  • 87 percent of companies are experiencing delays in their sales cycle due to customers' or prospects' privacy concerns, up from 66 percent last year, likely due to customers' increased privacy awareness.
  • Sales delays by country varied from 2.2 to 5.5 weeks, with Italy, Turkey and Russia at the lower end of the range, and Spain, Brazil and Canada at the higher end.
  • Top reasons for sales delays included investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization's privacy practices, or redesigning products to meet customer privacy needs.
  • GDPR ready organizations experienced shorter delays due to privacy concerns in selling to existing customers: 3.4 weeks vs. 5.4 weeks for the least GDPR ready organizations.
  • GDPR-readiness varied from 42 percent to 75 percent. Spain, Italy, UK and France were at the top of the range, while China, Japan and Australia were on the lower end.
  • Only 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000, compared with 64 percent of the least GDPR-ready companies.

The bottom line: Organizations should work to maximize the business benefits of their privacy investments, which may go beyond the requirements of any particular privacy regulation.

“Organizations have a long way to go to maximize the value of their privacy investments. Our research shows that the market is set and ready for those willing to invest in data assets and privacy may be the path forward to get there,” said Michelle Dennedy, Cisco chief privacy officer.

Future iterations of the data privacy study will take a closer look at how benefits businesses gain from investing in data privacy are changing over time, particularly as customer expectations evolve, Cisco said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.