After 2 years since the enforcement of the GDPR, we have learned a lot about its effects, challenges, and advantages. But what learnings does the data hold? Numerous research has been conducted in regard to the privacy regulation, as the GDPR continues to be influential in shaping the way businesses utilise the data they gather. While obliging with the regulation has required plenty of investment from businesses, GDPR compliant organisations are now reporting on gaining a wide-range of competitive advantage thanks to compliancy. In this blog post, we look into key learning points based on global and European research.
1) Compliance is much more than data protection.
A global study amongst 1,263 organisations revealed that 58% firms say that the GDPR has encouraged new innovative uses of data for them, while 73% had taken action in improving their methods of managing customer data, and 31% said that GDPR compliance has made their business operations more effective. (GDPR Report, 2019)
2) Consumers care about their personal data
A study of 1,000 UK consumers showed that 62% stated they were more confident about sharing their information to businesses that have taken initiatives to being GDPR compliant. 57% still preferred to receive a form of personalised marketing from the businesses they interact with and because of further transparency amongst businesses, 62% understood the need for the businesses to access their data. (GDPR: A Consumer Perspective, 2018)
3) Data breaches are on the rise
Research has revealed that amongst the EU countries, the Netherlands, Germany, and the UK had the most data breaches reported to supervisory authorities between 25th May 2018 - 27th January 2020. The report states that it’s likely that a wide variety of data breaches had been notified from minor errors such as mistakenly sent emails. (GDPR Data Breach Survey Report, DLA Piper, 2020)
4) Risk Assessments are an absolute must
A global research into over 785 different Data Risk Assessments aimed to understand the severity of exposed sensitive files found that 53% of organisations had over 1,000 sensitive files exposed to all employees within the company. On average, every employee had access to over 17 million personal files. (Global Data Risk Report, 2019)
5) The most important priorities for DPOs today
A survey amongst 471 Data Protection Officers and Privacy Officers working for organisations around the world, representing a mix of 16 different industries, found that 49% have made the creation of a privacy-aware culture a top priority, and 20% are making new privacy technology implementation a priority as their organisation’s privacy programs mature. (Challenges & Priorities of DPOs in 2020, 2020)
6) Average amount of DSRs received by organisations is increasing, and the struggle for addressing them is real
Out of 370 EU and US respondents, 56% said that “locating unstructured personal data” was the most difficult issue in responding to a DSAR”. This was considered as the most challenging issue as it included further steps (e.g. access, deletion, and rectification requests). The report also showed that manual methods are still a common practice for responding to DSARs which could suggest the difficulty in working with locating unstructured data. (IAPP - EY Annual Governance Report, 2019)
According to reports by the Autoriteit Personsgegevens (the Dutch DPA), 2019 saw more than 27,000 privacy related complaints registered, out of which most, 29%, concerned the possible violation of granting an individual their right to privacy.
7) GDPR Compliant companies hold a competitive advantage over their competitors
97% of organisations in Europe, Asia, and the Americas identified that they gained competitive advantage or investor appeal from their privacy investments according to the 2019 Consumer Privacy Report of Cisco. The report also revealed that organisations deemed to be GDPR-ready experienced almost 60% shorter sales cycles compared to those not fully compliant and that 42% of businesses indicated their privacy investments had enabled further agility and innovation in their organisations. (Consumer Privacy Report, CISCO, 2019)
Another important study involving 1,100 compliance, privacy, data protection, and IT executives across ten countries in eight sectors (including the Netherlands) showed that 76% of compliant organisations experience strong performance driving benefits such as greater customer loyalty, and increases in online purchasing. (Championing Data Protection & Privacy, Capgemini, 2019)
As the GDPR recently turned two years old, we can expect even further developments from the world’s most comprehensive data protection regulations. Looking back at the statistics and studies conducted throughout it’s enforcement, we can see that despite the challenges that business may face, there are numerous underlying benefits of compliance. Not only does GDPR compliance help businesses manage and protect valuable information, but it also assists organisations in making a stronger relationship with consumers.