India among top nations leading GDPR readiness: Study

India finds its place amongst the leading nations globally in their preparedness towards the General Data Protection Regulation (GDPR), according to Cisco’s 2019 Data Privacy Benchmark Study.

According to the study, organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments. The study validates the link between good privacy practice and business benefits as respondents report shorter sales delays as well as fewer and less costly data breaches.   

The European Union’s General Data Protection Regulation, which focused on increasing protection for EU residents’ privacy and personal data, became enforceable in May 2018. Organizations worldwide have been working steadily towards getting ready for GDPR. Within Cisco’s 2019 Data Privacy Benchmark Study, 59% of organizations reported meeting all or most requirements, 29% expect to do so within a year, and 9% will take more than a year. (See Figure 1) Interestingly, India stood sixth globally with 65% of Indian organizations showing higher preparedness towards meeting most or all of the GDPR requirements. 

Figure 1: GDPR Readiness

% of respondents, N = 3206

“This past year, privacy and data protection importance increased dramatically. Data is the new currency, and as the market shifts, we see organizations realizing real business benefits from their investments in protecting their data,” said Michelle Dennedy, Chief Privacy Officer, Cisco.

Customers are increasingly concerned that the products and services they deploy provide appropriate privacy protections. Those organizations that invested in data privacy to meet GDPR experienced shorter delays due to privacy concerns in selling to existing customers: 3.4 weeks vs. 5.4 weeks for the least GDPR ready organizations. Overall the average sales delay was 3.9 weeks in selling to customers, down from 7.8 weeks reported a year ago.

Vishak Raman, Director, Security, Cisco said, “India has greatly improved upon its GDPR readiness with its fast evolving data privacy ecosystem, which is primarily because of a collaborative approach by the government and private organizations. However, there remains a huge scope for Indian organizations to increase their investments in people, and technology controls to meet customer privacy requirements faster."

GDPR-ready organizations cited a lower incidence of data breaches, fewer records impacted in security incidents, and shorter system downtimes. They also were much less likely to have a significant financial loss from a data breach. Beyond this, 75% of respondents cited that they are realizing multiple broader benefits from their privacy investments, which include greater agility and innovation resulting from having appropriate data controls, gaining competitive advantage, and improved operational efficiency from having data organized and catalogued.

More than 3,200 global security and privacy professionals in 18 countries across major industries responded to the Cisco survey about their organizations’ privacy practices. Key findings include:

• 87% of companies are experiencing delays in their sales cycle due to customers’ or prospects’ privacy concerns, up from 66% last year. This is likely due to the increased privacy awareness brought on by GDPR and the frequent data breaches in the news. (See Figure 2)

Figure 2: Respondents Experiencing Delays in their Sales Cycles due to Customers’ Data Privacy Concerns

% of respondents, N = 2064

• Sales delays by country varied from 2.2 to 5.5 weeks, with Italy, Turkey and Russia at the lower end of the range, and Spain, Brazil and Canada at the higher end. Longer sales delays can be attributed to areas where privacy requirements are high or in transition. Delayed sales can cause revenue shortfalls related to compensation, funding, and investor relations. Delayed sales also can become lost sales if a potential customer buys from a competitor or decides not to buy at all.
• Top reasons cited for sales delays included investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization’s privacy practices, or redesigning products to meet customer privacy needs.
• By country, GDPR-readiness varied from 42% to 76%. Spain, Italy, UK and France were at the top of the range, while China, Japan and Australia were on the lower end. (See Figure 3)

Figure 3: GDPR Readiness by Country

% of respondents, N = 3206

• Only 37% of GDPR-ready companies experienced a data breach costing more than USD 500,000, compared with 64% of the least GDPR-ready companies.

Zapatillas Running trail