Within Cisco’s 2019 Data Privacy Benchmark Study, 59 percent of organizations reported meeting all or most requirements, 29 percent expect to do so within a year, and 9 percent will take more than a year. Interestingly, Indian stood sixth globally with 65% of Indian organizations showing higher preparedness towards meeting most or all of the GDPR requirements.
According to the report, organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments. The study validates the link between good privacy practice and business benefits as respondents report shorter sales delays as well as fewer and less costly data breaches.
The European Union’s General Data Protection Regulation, which focused on increasing protection for EU residents’ privacy and personal data, became enforceable in May 2018. Organizations worldwide have been working steadily towards getting ready for GDPR.
“This past year, privacy and data protection importance increased dramatically. Data is the new currency, and as the market shifts, we see organizations realizing real business benefits from their investments in protecting their data,” said Michelle Dennedy, Chief Privacy Officer, Cisco. “At Cisco, we absolutely believe in both protecting our customers and driving business success by maximizing the value of data and minimizing risk.”
Those organizations that invested in data privacy to meet GDPR experienced shorter delays due to privacy concerns in selling to existing customers: 3.4 weeks vs. 5.4 weeks for the least GDPR ready organizations. Overall the average sales delay was 3.9 weeks in selling to customers, down from 7.8 weeks reported a year ago.
Vishak Raman, Director, Security, Cisco said, “India has greatly improved upon its GDPR readiness with its fast evolving data privacy ecosystem, which is primarily because of a collaborative approach by the government and private organizations. However, there remains a huge scope for Indian organizations to increase their investments in people, and technology controls to meet customer privacy requirements faster.
GDPR-ready organizations cited a lower incidence of data breaches, fewer records impacted in security incidents, and shorter system downtimes. They also were much less likely to have a significant financial loss from a data breach. Beyond this, 75 percent of respondents cited that they are realizing multiple broader benefits from their privacy investments, which include greater agility and innovation resulting from having appropriate data controls, gaining competitive advantage, and improved operational efficiency from having data organized and catalogued.
More than 3,200 global security and privacy professionals in 18 countries across major industries responded to the Cisco survey about their organizations’ privacy practices. Key findings include:
87 percent of companies are experiencing delays in their sales cycle due to customers’ or prospects’ privacy concerns, up from 66 percent last year. This is likely due to the increased privacy awareness brought on by GDPR and the frequent data breaches in the news.
Sales delays by country varied from 2.2 to 5.5 weeks, with Italy, Turkey and Russia at the lower end of the range, and Spain, Brazil and Canada at the higher end. Longer sales delays can be attributed to areas where privacy requirements are high or in transition. Delayed sales can cause revenue shortfalls related to compensation, funding, and investor relations. Delayed sales also can become lost sales if a potential customer buys from a competitor or decides not to buy at all.
Top reasons cited for sales delays included investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization’s privacy practices, or redesigning products to meet customer privacy needs.
By country, GDPR-readiness varied from 42 percent to 75 percent. Spain, Italy, UK and France were at the top of the range, while China, Japan and Australia were on the lower end.
Only 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000, compared with 64 percent of the least GDPR-ready companies.