This time last year, companies around the world were scrambling to meet the requirements of the European Union’s General Data Protection Regulation, also known as GDPR. Designed to protect the personal data of EU residents, GDPR has had an impact far beyond just ensuring compliance with the management, storage, and sharing of personal data. And now there’s data to back up GDPR’s true impact in the form of a new privacy survey from Cisco.
In Cisco’s Data Privacy Benchmark Study, 3,206 respondents were asked about GDPR and the downstream effects of its implementation. Of that group, 97% reported favorable outcomes ranging from increased agility to operational efficiency, a new competitive advantage, reduced sales delays due to privacy concerns, and mitigation of losses due to data breaches.
While GDPR was initially seen as a major challenge to businesses, the regulation has served as a catalyst for improvements that have driven business efficiency and even reduced downtime associated with data breaches. At first glance, the results aren’t surprising. But upon closer inspection, it’s clear that by forcing companies to identify the location of personally identifiable data and to apply the appropriate protections, GDPR has led companies to pay close attention to the data lifecycle and develop stronger security measures.
Study respondents also reported a decline in data breaches and the costs associated with them.
Some other surprising data points:
- GDPR-ready companies were less likely to experience a breach (74% versus 89% for those farthest from being GDPR-ready), and their breaches, when they did occur, were less severe.
- When breaches occurred at GDPR-ready companies, they affected fewer records (79,000 records versus 212,000 records at the least-ready firms) and caused less downtime (6.4 hours versus 9.4 hours).
- Only 37% of GDPR-ready companies had losses of more than $500,000, compared to 64% of the least-ready firms.
As companies have designed GDPR-focused programs to quickly satisfy customers’ concerns about data privacy, they’ve also experienced a relatively faster sales cycle. As a result, the average sales delay related to privacy for GDPR-compliant companies shrank from 5.4 weeks for firms that were still upgrading their systems and processes, to 3.4 weeks for those that were already compliant.
Just under a calendar year from GDPR’s launch, compliance is still far from universal. In the Cisco study, total compliance varied by country from a low of 42% to 76%. Some respondents said they still had a way to go. In fact, only 59% of respondents said they currently met most or all of the requirements, and 29% said they’d be fully compliant within a year.
So what’s driving companies toward GDPR compliance? While the threat of punitive fines is certainly a motivator, monetary concerns aren’t the only factor sharpening data management practices. Companies around the world are rapidly learning that privacy goes hand in hand with security and customer trust. GDPR has served as the rallying cry many organizations needed to double down on privacy-related issues. In the process, their actions have supported a host of positive outcomes.
It’s crucial that enterprise companies cultivate a mature data environment that gives the end-to-end data lifecycle the attention it deserves. With valuable customer data at stake, privacy is no longer just about compliance—it’s integral to maintaining customer happiness, staying competitive, and achieving business goals.