US restaurant chain sued for $5 million over 2017 data breach

Businesses that are embracing the EU’s General Data Protection Regulation (GDPR) enjoy increased efficiency and are more attractive to investors, according to a new study by Cisco.

The GDPR came into being in May 2018 with organisations across industries urged to meet compliance standards to boost security while mitigating a host of dangers including data breaches, regulator attention, financial penalties and reputational damage.

But new research by US tech giant, Cisco, has uncovered many unexpected benefits of reaching out to new data security standards, such as the ability to nurture innovation within a refreshed business environment that is far more appealing to investors.

The data privacy benchmark study looked at how organisations prepared for the new EU data laws and how the laws impacted upon business when they came into effect last year.

It was discovered that 59% of companies globally feel they are ready for the GDPR, with a further 29% claiming to be in good shape within 12 months.

Organisations in Britain are performing above average in terms of preparation, with 69% of companies deeming themselves compliant.

The study revealed a 74% likelihood of a suffering a data breach for GDPR-ready firms, compared with an 80% likelihood among those that state they will fully aligned with the laws’ standards in one year, and 89% for those that say they will be ready in over a year.

More favourable outcomes are also on offer to compliant firms in the event of a data breach. On average, companies meeting GDPR standards can expect to have 79,000 records hit in the event of a breach, compared with 100,000 and 212,000 for companies due to reach compliance in one year, and in over one year, respectively.

Downtime in the event of a data breach follows a similar trend, with the figures at 6.4 weeks, 8.1 weeks and 9.4 weeks in the same categories of GDPR-readiness, demonstrating that the new regulations are having the desired galvanising effect on data security.

Unexpected benefits
The overwhelming majority of companies surveyed (97%) said that at least one of the benefits of GDPR compliance was not directly related to data protection, while 75 % of respondents said there were at least two indirect benefits.

For example, 42% of companies said that meeting new standards is helping them to broaden innovation thanks to the right data controls being in place.

Furthermore, 41% of organisations cited a fresh competitive advantage, while the same quantity said that procedural efficiencies had been increased because compliance had left data better catalogued.

More than one third (37%) said that they could bring down pre-existing sales delays due to customers’ concerns over privacy, and 36% claimed that their appeal in the face of prospective investors had gone up.

The report concluded:

“These results highlight that privacy investment has created business value far beyond compliance and has become an important competitive advantage for many companies,” the report concluded.

“Organizations should, therefore, work to understand the implications of their privacy investments, including reducing delays in their sales cycle and lowering the risk and costs associated with data breaches as well as other potential benefits like agility/innovation, competitive advantage, and operational efficiency.”

Cisco will now turn its attention to examining how these benefits evolve in the GDPR era, and as complementing legislation is released.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.