How does GDPR affect a company’s risk of data breach?

When the EU's General Data Protection Regulation (GDPR) became enforceable, companies scrambled to comply. However, a new study from Cisco indicates that just 59% of organisations meet all or most of the requirements.

Lowest risk of data breach

Cisco's 2019 Data Privacy Benchmark Study also revealed that 29% of enterprises expect to comply with GDPR within a year. A further 9% said that it would take over a year to meet the majority of the requirements.

Despite this lack of compliance, Cisco also found that GDPR-ready enterprises benefit from the lowest risk of data breach. While the majority of companies reported a data breach last year, this impacted a lower percentage of the GDPR-compliant firms.

Overall, data breaches impacted 74% of compliant enterprises. In comparison, these breaches affected 80% of the organisations less than a year away from GDPR readiness and 89% of those farthest away.

Unfortunately, customer data privacy concerns continue to delay sales for most non-compliant organisations. In fact, 87% reported delays in selling to existing customers or prospects, which is up significantly from 2018.

GDPR-ready companies have lower overall costs

Once a breach occurred, GDPR-compliant firms experienced a significantly smaller impact. The average number of records impacted totalled 79,000, while non-compliant enterprises saw 212,000 records breached on average.

As a result, GDPR-ready companies also experienced shorter system downtimes associated with breaches. These enterprises had an average system downtime of 6.4 hours, versus 9.4 hours for organisations least ready for GDPR.

With fewer records impacted and shorter downtimes, it is no surprise that GDPR-compliant firms had lower overall costs associated with data breaches. Overall, just 37% of these companies saw losses from data breaches totalling at least $500,000.

In contrast, 64% of the least prepared companies suffered from losses reaching at least $500,000. According to the report, enterprises are now recognising the benefits of implementing privacy investment.

The benefits of privacy investment

As previously mentioned, there is a strong correlation between privacy investments and business benefits. As a result, Cisco found that more respondents are now recognising many of these advantages.

Cisco asked respondents whether privacy investment was creating benefits such as greater agility, innovation, competitive advantage, and achieving operational efficiency. In total, 75% of all respondents identified two or more of these benefits and 97% identified at least one.

Despite its obvious benefits, it emerged last year that tech giants were still not GDPR-compliant following the implementation of the legalisation. Consumer group BEUC uncovered that the policies of Apple, Google, Facebook, and Amazon were vague and unclear.

Moreover, Europe's Data Protection Board also received a formal complaint regarding its compliance with GDPR. Just five days after the regulation came into effect, Alexander Hanff, consultant at Singularity University faculty for Data Ethics, voiced his frustrations with the contradictory body in an email.