It is said that innovation and creativity best flourish under pressure and constraint. Think about what the engineers and flight controllers had to do during the Apollo 13 moon mission after an explosion on the vessel. They were constrained by time, fuel, air and many other factors. They had to do things that had never been done before to save the lives of the astronauts.

Another example is the movie “Jaws.” The mechanical sharks used for the movie were extremely problematic, so director Stephen Spielberg changed the way he made the movie, using the shark only sparingly to create a more dramatic impact. Arguably, this actually created a better movie.

As a final example, American musician Jack White has said that it is essential for him to use things like self-imposed tight deadlines to force his creative hand. He said that having all the money, time or colors in the palette ultimately kills creativity.

The process of complying with General Data Protection Regulation (GDPR) could present organizations with this same type of unexpected opportunity. IBM Security and the IBM Institute for Business Value wanted to understand if there was a group of organizations that was using their GDPR preparations as an opportunity to transform how they were approaching security and privacy; data and analytics; and customer relationships. Were organizations turning this compliance challenge into an impetus for broader transformation?

To answer this question, we surveyed 1,500 GDPR leaders — such as chief privacy officers (CPOs), chief data officers (CDOs), general counsels, chief information security officers (CISOs) and data protection officers — representing 15 industries in 34 countries between February and April 2018. We wanted to capture their practices and opinions as close to the May 25 GDPR compliance deadline as possible.

The results of that research are captured in the new report, The End of the Beginning: Unleashing the Transformational Power of GDPR.

Watch the on-demand webinar: The Transformative Power of GDPR for People and Business

Common GDPR Compliance Challenges

During the last couple years as organizations have been preparing for GDPR, they have been tested by both the effort involved and the cost of compliance. Organizations have been busy changing processes and developing new ones; creating new roles and building new relationships; training employees; and deploying new tools and technologies. Hopefully, all this can be leveraged for more than just compliance.

IBM’s CPO, Cristina Cabella, agrees. She has said, “In the market, I see GDPR as a great opportunity to make this culture shift and make privacy more understandable and more leveraged as an opportunity to improve the way we protect data, rather than be perceived as a very niche area that is only for technical experts … So, I think it is a great opportunity in that sense.”

The first thing we found was that many organizations still have a lot of work to do before they can achieve full GDPR compliance, even at this late a date. Only 36 percent of surveyed executives say they will be fully compliant with GDPR by the enforcement date and nearly 20 percent told us that they had not started their preparations yet, but planned to before the May deadline. Organizations could be waiting because of a lack of commitment from organizational leadership — or they are willing to risk taking a wait-and-see approach to see how enforcement works.

Using GDPR Compliance as an Opportunity for Innovation

And yet there was some good news in our respondents’ views of GDPR. The majority held a positive view on the potential of the regulation and what it could do for their organizations. Thirty-nine percent saw GDPR as a chance a transform their security, privacy and data management efforts, and 20 percent said it could be a catalyst for new data-led business models. This is evidence that organizations may see GDPR as a means to improve their organizations in the longer term by enabling a stronger overall digital strategy, better security, closer customer relationships, improved efficiency through streamlined data management and increased competitive differentiation.

In our research, we identified a group of leaders who met a specific set of criteria and see GDPR as a spark for change. Among other insights, we found that:

  • Eighty-three percent of GDPR leaders see security and privacy as key business differentiators.
  • Nearly three times more GDPR leaders than other surveyed executives believe that GDPR will create new opportunities for data-led business models and data monetization.
  • Ninety-one percent of GDPR leaders agree that GDPR will enable more trusted relationships and new business opportunities.

We have crossed a threshold and entered a new era for data, security, privacy and digital customer interactions. While many organization may not have completed all GDPR compliance activities yet, it is vital for organizations large and small to ask themselves how GDPR can help position them for long-term success by unlocking new opportunities and unleashing their creativity.

To learn more about how organizations are using GDPR to drive transformation, please register for the May 22 live webinar, The Transformative Power of GDPR for People and Business, and download the complete IBV study.

Read the study: The End of the Beginning — Unleashing the Transformational Power of GDPR

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…