• by Ray Schultz , January 28, 2019

GDPR may produce many benefits -- but speeding up sales is not one of them. 

On the contrary, 87% of companies worldwide are suffering delays in sales cycles due to customer privacy concerns — up from 66% last year, according to Maximizing the Value of Your Data Privacy Requirements, a study by Cisco.  

The average delay is 3.9 weeks for existing customer sales, but some firms report delays of 25 to 50 weeks or more. Worse, sales to prospects are held up for an average of 4.7 weeks, reflecting the longer time frames needed to address privacy concerns in a new relationship, the study says.

Brazil has the longest delays overall, averaging 5.2 weeks, and Canada has the highest delay rate of 5.1% — compared with 4.9 weeks for the UK and 3.7 for the U.S.

“Sales delays, at a minimum, cause revenue to be deferred for some period of time,” the study notes. “This can lead to missed revenue targets, impacting compensation, funding decisions, and investor relations.”

In addition, delays can drive potential customers to buy a competitor’s product — or not buy at all, the study adds.

Cisco also found that GDPR-compliant companies have 3.4-week delays, compared with the 4.5-week period for those expected to be ready for GDPR in a year, and 5.4 weeks for those that are over a year away.

In general, sales are stalled in the following ways:

• Need to investigate specific/unusual requirements for the customer/prospect before they feel comfortable with our privacy practices — 49%
• Need to translate information about our privacy policies/processes into the customer’s/prospect’s language — 42%
• The customer/prospect needs to learn more about our policy policies or processes — 39%
• Our product or service needs to be redesigned to meet the customer’s privacy requirements — 38%
• We are unable or unwilling to meet the customer's/prospect’s questions — 28%
• Need to resolve questions as to which party is ultimately accountable or liable for the data — 17%
• Need to involve our lawyers to clarify uncertainty regarding the law — 5%

Cisco also found that 59% of firms across the globe are currently meeting most or all of the GDPR requirements and 29% are not, but expect to do so within a year. Another 9% say it will take more than a year. Only 3% feel it doesn’t apply.

Spain seems most prepared (76%), followed by Italy (72%) and the UK (69%). In the U.S., 57% are ready, behind Canada’s rate of 60%.

What’s holding companies up? The main challenges are:

• Meeting data security requirements — 42% 
• Internal challenges — 39% 
• Staying on top of the ever-evolving developments as the regulation matures — 35%
• Complying with Privacy By Design Requirements — 34% 
• Meeting data subject access request — 34%
• Cataloging and inventorying data — 31% 
• Enabling data deletion requests — 30% 
• Hiring/identifying Data Protection Officers for each relevant geographic area —29%
• Vendor management — 28%

Of the GDPR-ready firms, 74% have experienced a data breach in the past year. But that number rises to 80% among noncompliant companies.

Cisco surveyed 3,200 security professionals in 18 countries as part of its annual Cybersecurity Benchmark Study, which addresses many of the privacy-specific questions to over 2,900 individuals who are familiar with the privacy processes at their companies.