A new survey of EU firms by RSM has discovered that 30% admitted that they fail GDPR compliance – and that a further 13% were not certain whether they are compliant or not. This leaves only 57% confident in their data protection processes.
This is worrying news given that it has been over a year since GDPR came into force. All of these organisations should have been prepared in advance, and ensured that they were compliant before 25th May 2018.
But because they fail GDPR compliance, they are putting themselves at risk.
As reported by Silicon:
It seems that there is no single issue to blame for non-compliance, but middle market businesses are apparently struggling to understand and implement a whole range of areas covered by the regulation.
The survey found that more than a third (38 percent) of non-compliant businesses do not understand when consent is required to hold and process data, 35 percent are unsure how they should monitor their employees’ use of personal data and 34 percent don’t understand what procedures are required to ensure third party supplier contracts are compliant.
The good news however is that despite the lack of compliance, GDPR is starting to have a positive impact on cyber security.
According to RSM, almost three quarters (73 percent) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62 percent say it has seen them increase their investment in cyber security. But alarmingly 21 percent of businesses admit that they still have no cyber security strategy in place.
You can read the full article here: https://www.silicon.co.uk/security/security-management/third-not-gdpr-compliant-272411
It therefore seems as if GDPR’s overall effect so far has been mixed. But with fines starting to appear thanks to GDPR – with British Airways recently receiving a record penalty of £183 million from the ICO – firms need to start taking their compliance more seriously.
We would always advise that data protection should be by design and default. Aside from the potential financial dangers of not being GDPR compliant, these firms are also risking a loss of trust from their customers and not being as efficient as they could be.
If you’re concerned that your organisation fails GDPR compliance, or want to further improve your data protection procedures and therefore your efficiency, click here to contact us today and find out more about our GDPR consultancy packages.