Privacy Becomes Mission Critical

It’s been more than 3 years since the EU’s General Data Protection Regulation (GDPR) went into effect, and over two-thirds of the world’s countries have now enacted privacy laws. The ongoing COVID-19 pandemic has presented challenges in keeping personal data safe, and most have reaffirmed their commitment to privacy’s requirements and principles. Even more importantly, customer requirements and business value have driven organizations to ensure data is well protected as privacy has become mission critical for organizations around the world.

Today, Cisco released its 2022 Data Privacy Benchmark Study, our fifth annual review of key privacy issues and their impact on business. Drawing on responses from more than 4900 organizations in 27 geographies, the findings show that organizations have increasingly integrated privacy into many of their most important processes, including sales motions, management metrics and review, and certain employee responsibilities.

Customers Driving the Need for Privacy

Privacy has become table stakes for business today. Ninety percent of organizations say their customers would not buy from them if they did not adequately protect customer data. And 91% say that external privacy certifications, like ISO 27701, have become an important factor in their buying process. This also has translated into a management priority, as 94% of organizations are reporting one or more privacy metrics to their Board of Directors.

Privacy laws provide important reassurances for companies doing business together. While the new privacy regulations come with added cost and effort, organizations are increasingly recognizing the value of these protections and are overwhelmingly supportive of these laws. Amazingly, 83% of respondents around the world believe the privacy laws have had a positive impact, versus only 3% who believe they’ve had negative impact.

Privacy responsibilities are also no longer limited to lawyers and privacy professionals. Nearly one-third of security professionals now identify “data privacy” as a core area of their responsibility, second only to “Detecting and Responding to Threats.”