24 May 2018

Most US and EU companies not ready for GDPR, reveals survey

Report reveals levels of unpreparedness, with one in four organisations unlikely to comply until end of the year.

With the Friday GDPR deadline almost upon us, a new survey reveals 85 percent of companies are not fully ready for the the EU’s General Data Protection Regulation (GDPR) deadline. A report from Capgemini on preparedness for GDPR shows that 85 percent of firms in Europe and the United States will not be ready to comply fully on time. In fact, one in four will not be fully compliant by the end of this year. In the US, 63 percent of respondents stated they will be largely or completely compliant, with a mixed picture across Europe. The survey covered 6,000 individuals and 1,000 industry executives across eight countries to gather their views on the subject. Organizations globally fear stricter regulatory action could follow owing to non-compliance. However, the report also looks beyond the compliance side of the GDPR to suggest the latent opportunity that can help organizations gain individuals’ trust and competitive advantage.

Compliance as opportunity 

GDPR, the report argues, is an opportunity waiting to be tapped and individuals are more willing to engage with, and be more loyal to, organizations that protect data, and going above and beyond GDPR brings will bring greater reward. However, most organizations are not ready to seize this opportunity, and significant work remains to be done to increase not only compliance levels but also compliance maturity and to bridge the gap between the preparedness of organizations and the expectation of individuals. An immature approach will have significant consequences because consumers are prepared to take action if they are unhappy with organizations’ GDPR compliance performance. The report concludes that to convert GDPR from mandate to opportunity, organizations must take a series of steps, ranging from educating customers and citizens and winning their trust, to building a culture of respect for personal data within the organization.