03 Apr Privacy is actually benefiting companies worldwide
It is now becoming clear across the business world that investment in privacy is really a way of generating benefits for firms. The businesses that have already prepared well for the EU General Data Protection Regulation are finding that they have less data breaches and consequently make savings and have far fewer incidents in which customers express unease or indeed alarm about confidentiality. The Cisco 2019 Data Privacy Benchmark Study drew these conclusions after surveying data from more 3,200 experts in this field from 18 countries. It is the opening study in a set of explorations into the key privacy and cybersecurity challenges currently facing businesses and other organisations.
Supplementary advantages of privacy
A large percentage of firms report that there are a significant number of supplementary advantages that they have already seen from their commitment to and investment in data privacy. These go beyond simply fulfilling their obligations to the compliance legislation and include much better dexterity in innovation, advantages over their competitors, increased efficiency and a greater attractiveness to investors. Three-quarters of those who took part in the survey noted a least two of these advantages were evident in their firms and that increased information privacy was a strong factor in their competitiveness.
Cost savings in data breaches
The study showed that the businesses that demonstrated readiness for the requirements were experiencing 15% fewer breaches compared with those businesses where the preparation was not as thorough. Similarly, even if breaches did take place, the financial fall-out was far lower for GDPR-ready firms. Typically fewer archives were affected (79,000 as compared with 212,000) and there was much less downtime for the system (6.4 hours as compared with 9.4 hours). Because of this, only around one third of prepared companies had breaches that cost more than $500,000, as opposed to nearly two-thirds where the company had not made the necessary arrangements.
Reduced trading interruptions
The survey investigated whether businesses had had trading interruptions in their sales process as a result of customer anxieties about privacy. A very high percentage said that they did experience delays, both from existing and prospective clients, a notable rise of around 20% on a similar study in 2018. It seems likely that this figure will continue to rise as there is a growing sense of the importance of this matter and as enforcement of GDPR and other emerging legislation becomes more comprehensive. Interruptions averaging around 3.9 weeks are reported in this latest study, potentially affecting company results, damage disbursements and future funding decisions.
Clearly, those companies and organisations that are able to deal efficiently and promptly with privacy concerns will benefit. According to the study, those least prepared for GDPR typically saw delays of around 5.4 weeks, around 60% higher than those described as GDPR-ready. There seem to be a number of important explanations for sales interruptions, notably the necessity of working through specific client requests, the requirement to translate information into the language of the client, necessary customer education and having to remodel produce to meet privacy requests.
Preparedness for GDPR
59 percent of those who replied to the study believed that they were complying with a majority or all of the requirements. A further 29 percent anticipated being GDPR ready within a year, with only a small number beyond one year behind. Encouragingly, a very low number did not recognise that they were covered by the regulations. This demonstrates the extent to which GDPR is now universally recognised as essential.
In terms of countries, GDPR preparedness ranged from 42 percent to 76 percent, with European countries typically nearer the top of the pile. The most important and demanding difficulties facing organisations seem to be information protection, staff preparation, the constant development of new legislation and the design of systems and technologies where privacy is built-in, referred to as ‘privacy-by-design’.
Exploiting the value of information
Businesses are increasingly seeking to exploit the value of the data assets they have. Records of information need to be effectively obtained, kept, protected, employed and then stored or removed over the longer term. Businesses that make good use of their data whilst also recognising the necessary requirements of confidentiality, can undoubtedly develop better relationships of trust with their clientele and even use this data to improve the experience the customer has in the interaction, and consequently increase its profits.
The majority of firms are still at the early stage of turning this vast bank of information into something of value. Less than 50 percent of firms could demonstrate that they were in any way running data networks and processes that were joined up and able to catalogue, connect and manage data well. Further research is clearly needed into how firms can make more effective use of their data resources.
Proposals for development
Cleary the study shows that taking privacy seriously can be beneficial for organisations. Cisco strongly advices that businesses work to develop mature provisions in meeting the requirements of GDPR and similar legislative provisions. They should be concerned enough to review the wider costs of sales delays which are the result of customer privacy issues and then take steps to rectify these matters. Minimising the levels of personal data stored and also ensuring stronger protections for this information will reduce liabilities and the impact of the seemingly inevitable breaches. Alongside this, all organisations should be diligently seeking ways to make the widest possible legitimate use of the data that they now hold.
The Provision of Education Programmes and Certifications
The European Institute of Management and Finance (EIMF), as a specialised education provider, is actively keeping up to date with the latest developments in the field of Privacy Management and Regulation and designs training programmes that help business professionals become more familiar or specialised in the data protection arena. The EIMF has also partnered with the International Association of Privacy Professionals (IAPP) and the EXIN Certification Institute to offer globally-recognised professional designations in the field of data management.
Due to its extensive portfolio of education programmes, professionals have a choice to customise their learning journey based on their unique needs. Interested candidates have a number of options to attend practical workshops to gain an understanding of the Regulation or examine its implementation challenges with a subject matter expert. Also, professionals have the choice to pursue a professional designation offered and attend preparation courses for the EXIN Foundation and Practitioner Certifications as well as the IAPP Certified Information Privacy Professional in Europe (CIPP/E) and Certified Information Privacy Manager (CIPM).
The Learning and Development Advisers and the Management Team of EIMF have been distinguished in supporting numerous professionals around the globe with relevant qualifications or practical workshops that advance their profession. Should you need personal or organisational advice in training matters, you can reach EIMF at +35722274470 (Cyprus), +442035140270 (UK) or via email at [email protected].