While complying with privacy laws may seem like a cumbersome, time-consuming, and costly effort, it actually provides companies with appealing advantages. We’re not just talking about having a clear conscience and reduced financial risks associated with potential fines and civil liabilities. Studies show that the right investments in privacy compliance can even increase sales, besides reducing the impact of data breaches. These conclusions are supported, for example, by the Cisco 2019 Data Privacy Benchmark Study, in which more than 3200 security and privacy professionals across 18 countries were surveyed.
Organisations that have invested in complying with the General Data Protection Regulation (GDPR) have done so primarily to avoid significant fines and other penalties for non-compliance. However, there are further business benefits arising from these privacy investments, as we will explain in this article.
More and more, people and organisations are taking privacy and its benefits seriously. The GDPR requires companies to know precisely what sensitive information they have of people, and to explain clearly how they will use this information. According to Forbes, by complying with these requirements, companies showcase their responsibility and transparency, boosting people’s trust. Companies will also be able to identify and get rid of excess information, thereby improving their data management and enabling them to handle customer requests more efficiently. Because the GDPR requires an opt-in policy to lawfully receive a subject’s consent, companies will have a database with relevant leads and customers. Moreover, knowing your audience and tailoring your marketing approach accordingly will result in an increase in Return on Investment (ROI).
In the Cisco study, professionals were asked if they experienced delays in their sales cycle due to customers’ increased knowledge of the importance of privacy. A whopping 87% of respondents answered yes. This is a significant increase from 66% in last year’s survey. The study also revealed that the least GDPR-compliant companies experienced an average delay of 5.4 weeks in their sales cycle. That was almost 60% longer than the 3.4-week delay experienced by companies deemed to be GDPR-ready. According to the organisations, delays were mostly due to redesigning the product to meet the customers’ privacy requirements and translating privacy information into customer-friendly language.
Besides improving your sales cycle and data management, GDPR compliance lays the groundwork for improving your data security. Given the cost of data breaches and system downtime, organisations can’t afford to be complacent with their security systems. The GDPR requires organisations to identify their security strategy and establish control over their entire IT network. These activities are likely to help organisations reduce the overall impact of a data breach.
In the Cisco study, the most compliant companies were less likely to have experienced a data breach in the last year (74%), compared to the least compliant companies (89%). GDPR-ready companies also suffered less significant consequences following a breach than those who were not. Significantly fewer data records were impacted (79,000 records versus 212,000 records), and if there was any system downtime at all, it lasted for a shorter period of time (6.4 hours versus 9.4 hours). In terms of the financial impact, only 37% of GDPR-ready companies had a loss of over $500,000 in the last year, compared with 64% of the least GDPR-ready companies.
Finally, data breaches are damaging in relation to customer trust. A study by the British payment security firm PCI Pal found that of British customers, 44% would refrain from spending money with a breached company for several months, and 41% would stop frequenting a store forever following an attack.
According to the Cisco study, 97% of companies say that they are receiving further benefits from their privacy investments, beyond just abiding by privacy laws. These benefits include competitive advantage, attractiveness to investors, operational efficiency, and greater capacity for flexibility and innovation. Three quarters of all respondents said they were receiving two or more of these benefits. Moreover, the majority of companies now say that strong data privacy is a competitive differentiator in their markets.
These results highlight the need for organisations to undergo changes not only to comply with privacy laws, but also to maximise the business benefits of their privacy investments. Improving data management, boosting customer trust, and experiencing shorter sales delays and less costly data breaches can all be meaningful for your organisation and give you the competitive advantage your business needs to prosper. So instead of worrying about the cost and effort of complying with privacy laws, consider all the benefits privacy investment can bring to your business.
This article was written by Ge’ez Engidashet, in collaboration with Matthijs van Bergen.