GDPR was introduced in May 2018, prompting businesses across Europe to revisit their approach to handling customer personal data. While a majority of organisations have made an attempt to meet the regulation requirements, it is estimated that more than half of UK businesses are still not compliant.
As part of the Cisco Cybersecurity Series 2019, Cisco’s Data Privacy Benchmark Study examined some key differences between organisations that are GDPR-compliant and those still working on their data management.
The report found that GDPR-compliant business are already seeing a number of benefits.
Shorter sales delays due to customer’s privacy concerns
87% of respondents to the Cisco report claimed to experience sales delays caused by customer concerns about privacy. This has risen from 66% in the time since GDPR has been introduced and the general public have become more aware of the way that businesses use their information.
Ensuring that the data you store is relevant to your business needs and well organised makes it more easily accessible. On average, the report found that GDPR-compliant organisations experienced a delay of 3.4 weeks in such situations, compared to the 5.4 weeks experienced by non-compliant businesses.
Less likely to have experienced a breach in the last year
A vast majority of companies report having suffered a data breach, with Norton reporting that over 4 million records have been compromised in 2019.
A greater understanding of the data a business holds can lead to a greater understanding of the risks associated with that information. This can allow organisations to protect themselves more effectively against cyberattacks.
While 74% of GDPR-compliant businesses still need to reinforce their defences, it is still significantly more likely that a non-compliant organisation will fall victim to a data breach. Cisco reported that 89% of the businesses farthest from GDPR compliance suffered breaches.
Fewer data records were impacted
Of the organisations that were impacted by cyberattacks, GDPR-compliant companies suffered less of an impact.
On average, the number of records impacted for compliant organisations was 79,000. While this isn’t a small number, it does pale in comparison to the 212,000 records compromised in data breaches suffered by non-compliant businesses.
System downtime was shorter
The time impact of data breaches was also significantly shorter among GDPR-compliant businesses. System downtimes associated with cyberattacks was on average 6.4 hours for compliant organisations. Companies that are least GDPR-ready experienced average downtimes of 9.4 hours.
Overall costs are lower
The result of all the above contributing factors is that organisations following GDPR guidelines are getting more quantifiable monetary value out of their data.
As well as saving time and resources wading through unnecessary information in their day-to-day business, GDPR-ready organisations are likely to suffer a less severe financial impact if they are involved in a data breach. The Cisco Data Privacy Benchmark Study reported that 37% of GDPR-ready companies had a loss of over $500,000 last year, compared to 64% of the least GDPR ready.