Want to improve your data security? Be GDPR compliant
No one wants their organization to show up on the 6 o’clock news for a massive data breach. How can companies protect themselves from cybersecurity threats? Well, a recent study from Cisco shows that following the GDPR regulations has a tangible effect on improving data security.
It turns out those regulators in Brussels know what’s what. Half a year into the EU’s General Data Protection Regulation experiment, and it turns out that following GDPR regulations have a positive effect on improving a company’s data security and resilience in the face of cybersecurity threats.
A recent study of over three thousand security professionals from Cisco’s Data Privacy Benchmark Survey found that being GDPR-compliant has a number of positive downstream effects beyond avoiding a costly fine from the EU Commission.
The GDPR focuses on privacy regulations for companies located in and doing business with the European Union. It imposes strict rules to protect personal information, with hefty fines attached to companies that break the rules. Additionally, it ensures that data breaches are made known to authorities within 72 hours.
When the GDPR went into effect in May 2018, many companies were caught flat-footed. Eight months later, it looks like many organizations have caught up. According to Cisco, around 60% of organizations surveyed have met most or all of the GDPR regulations. A further 30% of organizations are expected to meet the regulations in the next year. That last 10% estimated that GDPR-compliance was more than a year away.
Unfortunately, compliance isn’t just waving a magical wand. It requires a fair amount of work on the part of the organization. Respondents were asked about the most significant challenges to meeting the GDPR; things like data security requirements, internal training, and meeting changing regulations topped the list of concerns.
However, these investments are paying off in other ways. GDPR-compliant companies less likely to have data breaches in the last year compared to non-compliant companies (74% vs. 89%). When hacked, significantly less data records were impacted (79k vs. 212k records) and system downtime was considerably shorter as well (6.4 hours vs. 9.4 hours).
Putting it all together, the costs associated with data breaches was unsurprisingly lower for compliant companies. Only 37% of GDPR-compliant companies had a loss of $500K or more last year, compared to 64% of non-compliant companies.
By putting the onus of security directly on organizations and not on individuals, the GDPR has heavily encouraged companies to implement data protection principles. In turn, this has led to a lower chance of security breaches. Apparently, being forced to pay attention to data security improves data security. The GDPR is working as intended; now, if only we could get something similar going in the US!