New research commissioned by audit and tax consultancy RSM has found that 30% of European businesses are still non-compliant with the General Data Protection Regulation (GDPR).
The EU’s new data privacy rules came into force in May 2018. Yet, despite huge brands like British Airways and international hotel group Marriott having recently been fined, not all businesses are seemingly up to speed with the new regulatory requirements.
Having surveyed close to 400 business owners in 34 countries running companies with a turnover of less than €100m, RSM found only 57 per cent were confident about complying with the rules, 30 per cent didn’t think they complied and 13 per cent was unsure either way.
Many of the non-compliant companies claimed they just didn’t understand the rules. For instance, 38 per cent of the non-compliant companies were unsure when they required consent to hold and process data and 35 per cent said the same about monitoring their workers’ data. Moreover, 34 per cent did not understand what the necessary procedures were to ensure third-party provider contracts were compliant.
Although, GDPR has led to 73 per cent of enterprises having improve the management of customer data and 62 per cent had increased their cybersecurity investments.
Steven Snaith, technology risk assurance partner at RSM UK, commented that the implementation of GDPR had left to many middle market businesses feeling “overwhelmed by information from the press, industry bodies and stakeholders.” He added. “Many organisations simply gave up and reverted back to the old way of doing things. But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again.”
Copyright © 2018 RegTech Analyst
