GDPR may produce many benefits -- but speeding up sales is not one of them.
On the contrary, 87% of companies worldwide are suffering delays in sales cycles due to customer privacy
concerns — up from 66% last year, according to Maximizing the Value of Your Data Privacy Requirements, a study by Cisco.
The average delay is 3.9 weeks for existing customer
sales, but some firms report delays of 25 to 50 weeks or more. Worse, sales to prospects are held up for an average of 4.7 weeks, reflecting the longer time frames needed to address privacy concerns
in a new relationship, the study says.
Brazil has the longest delays overall, averaging 5.2 weeks, and Canada has the highest delay rate of 5.1% — compared with 4.9 weeks for
the UK and 3.7 for the U.S.
“Sales delays, at a minimum, cause revenue to be deferred for some period of time,” the study notes. “This can lead to missed revenue targets,
impacting compensation, funding decisions, and investor relations.”
In addition, delays can drive potential customers to buy a competitor’s product — or not buy at all, the
study adds.
Cisco also found that GDPR-compliant companies have 3.4-week delays, compared with the 4.5-week period for those expected to be ready for GDPR in a year, and 5.4 weeks for those
that are over a year away.
In general, sales are stalled in the following ways:
- Need to investigate specific/unusual requirements for the customer/prospect before they feel
comfortable with our privacy practices — 49%
- Need to translate information about our privacy policies/processes into the customer’s/prospect’s language — 42%
- The customer/prospect needs to learn more about our policy policies or processes — 39%
- Our product or service needs to be redesigned to meet the customer’s privacy
requirements — 38%
- We are unable or unwilling to meet the customer's/prospect’s questions — 28%
- Need to resolve questions as to which party is ultimately
accountable or liable for the data — 17%
- Need to involve our lawyers to clarify uncertainty regarding the law — 5%
Cisco also found that 59% of firms across the
globe are currently meeting most or all of the GDPR requirements and 29% are not, but expect to do so within a year. Another 9% say it will take more than a year. Only 3% feel it doesn’t
apply.
Spain seems most prepared (76%), followed by Italy (72%) and the UK (69%). In the U.S., 57% are ready, behind Canada’s rate of 60%.
What’s holding companies up? The
main challenges are:
- Meeting data security requirements — 42%
- Internal challenges — 39%
- Staying on top of the ever-evolving developments as
the regulation matures — 35%
- Complying with Privacy By Design Requirements — 34%
- Meeting data subject access request — 34%
- Cataloging and
inventorying data — 31%
- Enabling data deletion requests — 30%
- Hiring/identifying Data Protection Officers for each relevant geographic area —29%
- Vendor management — 28%
Of the GDPR-ready firms, 74% have experienced a data breach in the past year. But that number rises to 80% among noncompliant companies.
Cisco
surveyed 3,200 security professionals in 18 countries as part of its annual Cybersecurity Benchmark Study, which addresses many of the privacy-specific questions to over 2,900 individuals who are
familiar with the privacy processes at their companies.