IBM Study: Majority of Businesses View GDPR as Opportunity to Improve Data Privacy and Security

by | May 17, 2018

GDPR

93403183 - gdpr general data protection regulation. eu flag. vector illustration

ARMONK, N.Y., May 16, 2018 /PRNewswire/ — A new study from IBM  reveals that nearly 60 percent of organizations surveyed are embracing the General Data Protection Regulation (GDPR) as an opportunity to improve privacy, security, data management or as catalyst for new business models, rather than simply a compliance issue or impediment.

To reduce their exposure, the study indicated that the majority of companies are being more selective in the data they collect and manage, with 70 percent disposing of data ahead of the deadline for compliance.

Companies’ preparation for GDPR comes in the wake of increased scrutiny from consumers on businesses’ management of personal data. A separate poll of 10,000 consumers, conducted by the Harris Poll on behalf of IBM, found that only 20 percent of U.S. consumers completely trust organizations they interact with to maintain the privacy of their data.

INFOGRAPHIC: The end of the beginning – Unleashing the transformational power of GDPR

In the weeks leading up to the May 25thenforcement date, IBM’s Institute for Business Value (IBV) surveyed over 1,500 business leaders responsible for GDPR compliance for organizations around the world. The results reveal how companies are approaching GDPR as an opportunity to build further trust with customers and help drive innovation:

    • 84 percent believe that proof of GDPR compliance will be seen as a positive differentiator to the public
    • 76 percent said that GDPR will enable more trusted relationships with data subjects that will create new business opportunities
    • Despite this opportunity, only 36 percent believe they will be fully compliant with GDPR by the May 25 deadline

“GDPR will be one of the biggest disruptive forces impacting business models across industries and its reach extends far beyond the EU borders,” said Cindy Compert, CTO, Data Security & Privacy, IBM Security. “The onset of GDPR also comes during a time of huge distrust among consumers toward businesses ability to protect their personal data. These factors together have created a perfect storm for companies to rethink their approach to data responsibility and begin to restore the trust needed in today’s data-driven economy.”

Cutbacks: GDPR Leading to Reduction of Data Collection and Storage

Another key finding of the study is that organizations are using GDPR as an opportunity to streamline their approach to data and reduce the overall amount of data they are managing. For many organizations, this means vastly cutting down on the amount of data they collect, store and share. According to the new study, organizations reported taking the following actions in response to GDPR:

    • 80 percent say they are cutting down on the amount of personal data they keep
    • 78 percent are reducing the number of people who have access to personal data 
    • 70 percent are disposing of data that is no longer needed

GDPR Challenges, Blind Spots, and Transformational Business Opportunities

The study found that the top challenges organizations are currently facing when it comes to GDPR compliance are finding personal data within their organizations (data discovery), ensuring the accuracy of the data they collect and store, as well as complying with rules for how data is analyzed and shared (data processing principals).

Other areas for concern included the handling of cross-border data transfers and getting consent from data subjects, as less than half of respondents said they were prepared for these aspects of GDPR.

One key element of GDPR includes the requirement for companies to report data breaches to regulators within 72 hours. However, the IBV study found that only 31 percent of companies have reexamined or modified their incident response plans to prepare for this requirement, representing a blindspot in companies’ overall approach to GDPR.

While challenges remain, a significant sub-set of companies surveyed (22 percent) are using GDPR as a fully transformational business opportunity for how they approach data responsibility and management. Of this “leaders” subset:

    • 93 percent have modified their incident response processes
    • 79 percent said they were prepared for performing data discovery and ensuring data accuracy
    • 74 percent said they were fully implementing security and privacy by design for new products and services

To download the Institute for Business Value report, “The end of the beginning: Unleashing the Transformational Power of GDPR” visit: http://ibm.biz/powerofGDPR.

Methodology

To better understand how organizations were preparing for GDPR and potentially using it as a transformational opportunity, the IBM Institute for Business Value (IBV) and Oxford Economics surveyed 1,500 GDPR leaders in 34 countries, representing 15 industries, between February and April of 2018. Chief Privacy Officers, Chief Data Officers, General Counsels, Chief Information Security Officers and Data Protection Officers were surveyed. To determine the GDPR leader group, respondents were classified using specific criteria (how they answered a select set of questions) and the GDPR leaders who met the criteria comprised 22 percent of the total sample.

About IBM Institute for Business Value 

The IBM Institute for Business Value (IBV), part of IBM Services, develops fact-based, strategic insights for senior business executives on critical public and private sector issues.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The Rise of AI Agents in Business

AI agents are revolutionizing how businesses operate, innovate, and engage with customers while reshaping workforce dynamics and decision-making processes.

The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles