Research unearths inadvertent GDPR business benefits

Man checking GDPR compliance

Organisations compliant with the European Union's (EU) General Data Protection Regulation (GDPR) are reaping the rewards in a host of unforeseen ways.

Beyond the set of expected GDPR benefits, such as better protection against data breaches, businesses keeping on top of data protection are able to foster a greater environment for innovation and attract investors.

Cisco's latest data privacy benchmark study assessed how prepared organisations are for GDPR, as well as how the new regulations, which have been in force since 25 May last year, are affecting them.

The researchers found that 59% of companies across the world consider themselves GDPR-ready, with a further 29% expected to be compliant within a year. Incidentally, UK organisations are marginally better prepared than average, with 69% of firms considering themselves compliant.

Among expected GDPR benefits is a lower likelihood of suffering a data breach, and lower scope for damage, according to Cisco's research.

The probability of sustaining a breach is only 74% for a GDPR-compliant organisation, against 80% for a firm that will be compliant within a year, and 89% for one that will be ready in more than a year.

The effects of a breach, too, are relatively muted. Just 79,000 records are impacted in a data breach for regulatorily compliant organisations against 100,000 and 212,000 for firms that will be there within a year, and more than a year, respectively.

Meanwhile, the amount of downtime suffered on average, 6.4 weeks against 8.1 weeks and 9.4 weeks, reinforces the positive effects GDPR is having on data security.

But almost all, 97%, cited at least one of a host of benefits not directly related to data protection, while three-quarters cited at least two.

For instance, 42% of firms said GDPR compliance has improved the scope for innovation due to already having the right data controls in place.

Moreover, 41% of organisations said they were able to gain a competitive advantage against others, and the same number cited achieving operational efficiency from already having data organised and catalogued.

Over a third, 37%, of firms also said they were able to reduce pre-existing sales delays due to privacy concerns from customers. A similar number of organisations, 36%, also suggested they had gained additional appeal from investors.

"These results highlight that privacy investment has created business value far beyond compliance and has become an important competitive advantage for many companies," the report concluded.

"Organizations should, therefore, work to understand the implications of their privacy investments, including reducing delays in their sales cycle and lowering the risk and costs associated with data breaches as well as other potential benefits like agility/innovation, competitive advantage, and operational efficiency."

The researchers said that future research will focus on exploring how these benefits are changing over time, as both regulation and customer expectations continue to evolve.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.