In its 2019 Data Privacy Benchmark Study, Cisco found a correlation between GDPR preparedness and the frequency and severity of data breaches. Even though the vast majority of businesses reported having a data breach in the past year, 74% of GDPR-ready companies experienced one compared to 80% of companies that are less than a year from having compliance measures in place and 89% of companies that report being more than a year away from compliance.
Of the breaches that did occur, companies with compliant privacy provisions in place had an average number of 79,000 records impacted compared to 212,000 for the least-prepared, and had an average systems downtime of 6.4 hours compared to 9.4.
This translated into lower breach-related costs, with only 37% suffering losses of more than $500,000, compared to 64% of those least prepared.
Survey respondents also indicated some concrete benefits from implementing the more robust privacy programs required. When selling to existing customers, GDPR-ready companies reported privacy-related sales delays from request investigations, policy translation and product redesign of only 3.4 weeks compared to 5.4 weeks for the least prepared.