Organisations compliant with the European Union's (EU) General Data Protection Regulation (GDPR) are reaping the rewards in a host of unforeseen ways.
Beyond the set of expected GDPR benefits, such as better protection against data breaches, businesses keeping on top of data protection are able to foster a greater environment for innovation and attract investors.
Cisco's latest data privacy benchmark study assessed how prepared organisations are for GDPR, as well as how the new regulations, which have been in force since 25 May last year, are affecting them.
The researchers found that 59% of companies across the world consider themselves GDPR-ready, with a further 29% expected to be compliant within a year. Incidentally, UK organisations are marginally better prepared than average, with 69% of firms considering themselves compliant.
Among expected GDPR benefits is a lower likelihood of suffering a data breach, and lower scope for damage, according to Cisco's research.
The probability of sustaining a breach is only 74% for a GDPR-compliant organisation, against 80% for a firm that will be compliant within a year, and 89% for one that will be ready in more than a year.
The effects of a breach, too, are relatively muted. Just 79,000 records are impacted in a data breach for regulatorily compliant organisations against 100,000 and 212,000 for firms that will be there within a year, and more than a year, respectively.
Meanwhile, the amount of downtime suffered on average, 6.4 weeks against 8.1 weeks and 9.4 weeks, reinforces the positive effects GDPR is having on data security.
But almost all, 97%, cited at least one of a host of benefits not directly related to data protection, while three-quarters cited at least two.
For instance, 42% of firms said GDPR compliance has improved the scope for innovation due to already having the right data controls in place.
Moreover, 41% of organisations said they were able to gain a competitive advantage against others, and the same number cited achieving operational efficiency from already having data organised and catalogued.
Over a third, 37%, of firms also said they were able to reduce pre-existing sales delays due to privacy concerns from customers. A similar number of organisations, 36%, also suggested they had gained additional appeal from investors.
"These results highlight that privacy investment has created business value far beyond compliance and has become an important competitive advantage for many companies," the report concluded.
"Organizations should, therefore, work to understand the implications of their privacy investments, including reducing delays in their sales cycle and lowering the risk and costs associated with data breaches as well as other potential benefits like agility/innovation, competitive advantage, and operational efficiency."
The researchers said that future research will focus on exploring how these benefits are changing over time, as both regulation and customer expectations continue to evolve.
