GDPR At 2: What Are The Positives?

GDPR is a work in progress from the way I see. As I look back at two years of GDPR regime, there are numerous positives. While most businesses have looked at privacy compliance as a cost, things have started to change because those who invested early into privacy are starting to see benefits and returns. Let us look into some of the positives starting with business benefits or return on investments in privacy compliance:

• Business Benefits - Early signs indicate that organizations that have invested in GDPR and privacy compliance are now starting to see a very positive return on the privacy-related investments they made. A study by Cisco indicates that more than 40% of the organizations are affirming benefits that are at least twice that of their privacy spend. The same study states that large enterprises i.e., organizations with 10,000 or more employees estimated their benefits (on privacy investments) at $4.1 million. In fact, 17% of organizations placed the value at more than $10 million. Similarly, the study revealed that small businesses i.e., organizations with 250 to 499 employees estimated their benefits at $1.8 million. In my opinion, as time goes by, privacy compliance is likely to become a key brand and reputation differentiator.
• Put 'Privacy' As A Topic On The Table - The biggest GDPR benefit to date has been that it continues to be a talked about topic in board rooms, conferences, and even public. In most business discussions, the question being asked is "Can we do this while being compliant with GDPR?". And, that is a huge positive. If the objective of GDPR was to put the citizens in control of their data, then the first step was to have a proper discussion and debate on the topic. And, in my opinion, this is the key benefit that has been realized due to GDPR being in effect.
• Public and Media Awareness - It is fascinating to talk about the level of public awareness that GDPR has created about privacy. So much so that, even in days of the pandemic, when the world is grappling with the challenge to contain and manage the pandemic, there is a talk about respecting privacy and debate on how far governments or organizations can go in asking individuals questions about their health. This kind of awareness and focus on upholding the principles of privacy is the right way to approach compliance with GDPR.
• Global Impact - Whilst GDPR was an EU legislation that impacted companies providing services and products to the EU residents, the surprising (at least to me) benefit has been GDPR triggered a series of new privacy laws across countries. It would not be an exaggeration if I say that more privacy laws have been passed in the last five years than ever before in the history of mankind. Numbers point out that about 142 countries across the world now have a privacy law that is similar to GDPR. This leads to some people referring to GDPR as the "gold standard" when it comes to protecting privacy.
• Privacy As A Function In Most Companies - If we compare the pre and post GDPR situations, most companies now have a privacy department in place or a privacy officer/ manager. As per a survey by CPO Magazine, 75% of those surveyed had at least one privacy professional on board while about 25% had more than ten professionals in the privacy department. And, the creation of these privacy departments has created jobs, certifications, consulting firms, and even software vendors who are now looking at creating innovative services and products to help comply with privacy laws.

Of course, I have not touched upon all the benefits but focussed on broad benefits. While still in the beginning, the positive impact of GDPR is likely to grow in the coming years. Now, I have shared my views on the broad positives that have come through in the last two years of GDPR being effective. Next, I encourage you to share what you consider as positive from GDPR.

And, please do like, comment, and share what you think. Your inputs are appreciated and read carefully.

Note:

As I shared in my article "GDPR At 2: How To Look At Two Years Of The GDPR Regime?", this article is part of a series of articles on GDPR at 2. In the next article, I will explore what are the challenges with GDPR that remain even after GDPR is in effect for two years. And, if you don't like to read, then you may watch the entire perspective in a video or listen to it as an audio.

Punit Bhatia is a privacy consultant who is an author of multiple books on GDPR, privacy and sourcing speaker at global events, advisor on privacy matters, and the host of The FIT4PRIVACY Podcast. Punit helps business and privacy leaders in identifying the strategic priorities for privacy compliance and managing the execution in a simple and structured manner. Punit is known to use simple business language while avoiding legal jargon. Punit is a certified Fellow in Information Privacy (FIP), CIPM, CIPP-E, and COP.

Follow YouTube, Facebook, Twitter, Instagram, Podcast, iTunes, Spotify

Did You Know? Punit's book "Be Ready For GDPR" is ranked as #1 and the book "Intro to GDPR" is ranked as #9 in the list "25 Best GDPR eBooks of All Time" published by BookAuthority.com.

The FIT4PRIVACY Podcast - A Podcast For Those Who Care About Privacy is available on iTunes, Spotify, Stitcher and many other platforms.