Compliance is good for business!

When the EU’s General Data Protection Regulation Experiment (GDPR) went into effect in May 2018, many companies were caught flat-footed. Eight months later, it looks like many organizations have caught up. According to Cisco, around 60% of organizations surveyed have met most or all of the GDPR. A further 30% of organizations are expected to reach the regulations in the next year. That last 10% estimated that GDPR-compliance was more than a year away.

Half a year into the GDPR experiment, and it turns out that following GDPR have a positive effect on improving a company’s data security and resilience in the face of cybersecurity threats.

The GDPR focuses on privacy regulations for companies located in and doing business with the European Union. It imposes strict rules to protect personal information, with hefty fines attached to companies that break the rules. Additionally, it ensures that data breaches are made known to authorities within 72 hours.

A recent study of over three thousand security professionals from Cisco’s Data Privacy Benchmark Survey found that being GDPR-compliant has some positive downstream effects beyond avoiding a costly fine from the EU Commission, like:

  • Enhance Your Cybersecurity (Better data security with better alignment with evolving technologies)
  • Improve Data Management (greater decision making)
  • Increase Marketing Return On Investment (reduce maintenance costs)
  • Boost Audience Loyalty And Trust (Improved consumer confidence)

For clients (consumers) the benefits are also excellent.

  • Right to marketing consent
  • Right to be forgotten (erased)
  • Freedom to change data
  • Right to portability, and of course
  • Right to access

Wow! It turns out the EU regulators knew what’s what!

Reminder: Privacy is personal, meaning something we create for ourselves (which in the natural world we do with clothing and shelter, both of which lack equivalents in the digital world). Privacy is not something supplied by the grace of privacy policies and terms of service that differ with every company, and over which none of us have control.” Doc Searls, editor-in-chief, Linux Journal.