26 July 2019

Almost third of European companies not gdpr compliant

Thirty percent of European businesses are still not gdpr compliant as some companies revert to old ways, says survey.

Almost a third (30 percent) of European businesses admit they are still not compliant with gdpr, according to a survey conducted by the European Business Awards on behalf of RSM, a network of audit, tax and consulting experts.

Struggling to understand

Despite it being over a year since gdpr came into effect, and a raft of fines from regulators across Europe, only 57 percent of businesses are confident that their business follows the rules, with a further 13 percent unsure either way. Researchers note, alarmingly these views come directly from the person in the company who had the responsibility for delivering gdpr. The impact on Europe's businesses is measured in specific areas as well, as gdpr is said to have: improved the management of customer data (73 percent), increased investment in cyber security (62 percent), encouraged new, innovative uses of data (58 percent), and, made businesses feel safer from cyber crime (51 percent). However, the report also notes gdpr has slowed growth in the cost of compliance  for only 37 percent, and made the business more effective operationally for only 31 percent. Also, gdpr has made it difficult for to work with non-European businesses, say 28 percent. Researchers say the compliance gap is not down to any single issue, with middle market businesses struggling to understand and implement a whole range of areas covered by the regulation.

Reverting to old ways

More than a third (38 percent) of non-compliant businesses do not understand when consent is required to hold and process data, 35 percent are unsure how they should monitor their employees' use of personal data and 34 percent don't understand what procedures are required to ensure third party supplier contracts are compliant. Richard Smith, chair of the global risk consulting committee at RSM, commented “With so much pressure on organisations to meet complex requirements, we saw gdpr fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things.” Mr Smith added, “But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again.”