Last year's General Data Protection Regulation sent organizations across the world - even those outside of the European Union - into a panic to secure and protect their users' personal data. Research published this week suggests that organizations that attained compliance with the rigorous regulation are poised to experience fewer breaches going forward.
That's at least what a new study, released today, posits.
Cisco's Data Privacy Benchmark Study (.PDF) maintains that GDPR ready companies have a lower probability of suffering a breach, having fewer records impacted by a breach, and a shorter window of downtime as a result of a breach.
Specifically the report suggests a lower percentage of GDPR ready firms were impacted, 74 percent, compared to orgs that that are a year away from GDPR compliance, 80 percent, compared to orgs that are more than a year from GDPR compliance, 89 percent.
GDPR compliance has also saved companies money according to the report. Overall costs associated with breaches have been lower; roughly 37 percent of GDPR-ready companies had a loss of over $500,000 last year. That's compared to 64 percent of companies who said they're more than a year away from being GDPR compliant.
For the report, one of the largest conducted in the eight months since GDPR took effect, Cisco surveyed 3,200 security and privacy professionals - individuals familiar with the privacy processes at their orgs - from 18 countries.
There are several statistics in the report that illustrate we’re trending in the right direction, compliance-wise. 59 percent of companies interviewed said they're meeting all or most of GDPR's requirements already; an additional 29 percent said they planned to get there within a year.
Nine percent said it would take them more than a year to get ready; a scant three percent said GDPR doesn't apply to their organization.
Meeting and maintaining GDPR compliance wasn't easy for respondents; 42 percent of organizations said meeting the data security requirements was the most difficult part; training employees, and keeping up with the evolving regulations also posed challenges for companies.
Three quarters of the organizations said they’ve seen additional benefits from their privacy investment. 42 percent said they’ve seen greater agility and innovation from having the appropriate data controls in place; 41 percent said they’ve gained competitive advantage and achieved operational efficiency from having data organized and catalogued.
While the bulk of this report is clearly positive news, it will be fascinating to see how companies fare in the long run, post-GDPR. Cisco says it's working on future research that will explore how the benefits of what it calls attaining privacy maturity are changing over time, in light of evolving regulations.
We still haven't seen the true impact of GDPR from a penalty perspective. Google was fined $57M on Monday by France's data protection authority for allegedly violating GDPR but the company contended the charges and said Wednesday it would be appealing the fine.
