New study: DPOs are a good investment for companies
Those working in compliance can probably all agree that a DPO is a good investment. But now there is also a new study that proves it. In the study, from the French Data Protection Authority CNIL, the conclusion is clear: From an economic perspective, having a DPO is a true asset.
.webp)
Gry Josefine Løvgren is a content specialist at Wired Relations, where she writes about all things GRC, data protection, and cybersecurity for our blog and social media channels. She holds a journalism degree from Roskilde University and uses her professional expertise to communicate complex topics in an engaging and easy-to-understand way.
Read more from the authorIt is no secret that cyberattacks represent a significant cost for companies. A cost that must be considered and prevented just as much as other major costs and threats. As the experts say: It’s not a question of if you will be hit by an attack, but when.
In 2024, IBM reported that the average cost of a data breach reached $5 million – a 10% increase compared to 2023.
So what difference can a DPO make in the big financial picture? And what role does GDPR compliance play? This is what the French data protection authority CNIL has examined in a new study. The study is based on a questionnaire survey with 3,625 DPOs as well as qualitative interviews with 10 DPOs. With this large dataset, CNIL has been able to calculate the economic benefits of having a DPO employed.
More investment, more invested
Companies with a compliance-focused strategy reap the greatest economic benefits, the study concludes. One of the interviewed DPOs explained that after implementing a compliance-focused strategy, the company’s chances of winning tenders increased by fifty percent.
Furthermore, it appears that the companies that invest most in compliance also allocate the most resources to their DPOs.
Therefore, DPOs can be seen as an investment: the companies that dedicate resources to DPOs are also those that reap the greatest benefits. These are typically companies that perceive the risk of sanctions as high, as well as companies whose business models are heavily dependent on data, the study explains.
It almost goes without saying that DPOs who are given more resources are also better able to implement measures to counter cyberattacks. For example, one DPO reported that after implementing phishing-awareness training, the click rate on suspicious links in their company dropped from 21% to 5%.
A DPO from another company with €150 million in revenue explained that GDPR compliance saved them €400,000 in server costs. Which also improves cybersecurity: fewer collected and stored data means fewer entry points for cybercriminals and thus a reduced attack surface.
Overall, the conclusion is that those who use compliance strategically not only reap economic benefits but also place greater priority on the DPO’s role and value, which in turn creates greater job satisfaction for the DPO and better quality in the work. In contrast, those who see compliance as a limitation and barrier do not reap the same benefits.
58% of DPOs responded that they are in a company that sees compliance as an opportunity rather than a limitation.
So if there was ever any doubt for you DPOs out there: You are a good investment for your company.
At least if you ask the French.
Want more stories like this?
Subscribe to our newsletter and get news, insights and good advice on all things data protection and information security.
.jpg)
