India is among the top 10 countries whose companies have demonstrated high level of preparedness towards European Union’s General Data Protection Regulation (GDPR), a law that protects privacy of citizens' data.
Cisco’s 2019 Data Privacy Benchmark Study found that Indian companies stood at the sixth position in terms of GDPR preparedness. The European Union’s General Data Protection Regulation, which focuses on increasing protection for EU residents’ privacy and personal data, came into force in May 2018. GDPR applies to all those businesses located in the EU or the companies processing personal data collected about individuals located in the EU.
As per Cisco’s 2019 Data Privacy Benchmark Study, 59 per cent of organizations reported meeting all or most requirements, 29 per cent expect to do so within a year and 9 per cent will take more than a year. Interestingly, 65 per cent of the Indian organizations showed higher preparedness towards meeting most or all of the GDPR requirements.
The challenges organizations faced in getting ready for GDPR, included data security, internal training, evolving regulations and privacy by design requirements.
Sales delays due to customer data privacy concerns continue to be an issue for most organizations. The average delay for sales to existing customers was 3.9 weeks and over 94 per cent of organizations reported delays between 0 and 10 weeks. There were some organizations reporting delays up to 25 to 50 weeks or more. Overall the average sales delay has come down from 7.8 weeks reported last year to 3.9 weeks. The average sales delay for Indian companies this time was 4.9 weeks.
“India has greatly improved upon its GDPR readiness with its fast evolving data privacy ecosystem, which is primarily because of a collaborative approach by the government and private organizations. However, there remains a huge scope for Indian organizations to increase their investments in people, and technology controls to meet customer privacy requirements faster,” said Vishak Raman, Director, Security, Cisco.
The companies getting prepared for GDPR have improved their overall privacy indices. GDPR-ready organizations cited lower incidence of data breaches, fewer records impacted in security incidents and shorter system down-times. They also were much less likely to have a significant financial loss from a data breach. Beyond this, 75 per cent of respondents cited that they are realizing multiple broader benefits from their privacy investments, which include greater agility and innovation resulting from having appropriate data controls, gaining competitive advantage, and improved operational efficiency from having data organized and catalogued.