Third Of European Businesses Not GDPR Compliant

A significant number of European organisations have admitted that they are still not compliant with GDPR data protection rules.

A survey from tax audit advisors RSM found that 30 percent of European businesses are still not compliant with GDPR, despite it being over a year since it was introduced and the threat of hefty financial penalties.

Data protection is still costing firms dear. Facebook was recently fined $5bn for the Cambridge Analytica data-sharing scandal, and Marriot Hotels was stung with £99m fine. British Airways was hit with a £183m fine for a data breach.

GDPR survey

The survey from RSM found that only 57 percent of businesses are confident that their business follows the rules, with a further 13 percent unsure either way.

It seems that there is no single issue to blame for non-compliance, but middle market businesses are apparently struggling to understand and implement a whole range of areas covered by the regulation.

The survey found that more than a third (38 percent) of non-compliant businesses do not understand when consent is required to hold and process data, 35 percent are unsure how they should monitor their employees’ use of personal data and 34 percent don’t understand what procedures are required to ensure third party supplier contracts are compliant.

The good news however is that despite the lack of compliance, GDPR is starting to have a positive impact on cyber security.

According to RSM, almost three quarters (73 percent) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62 percent say it has seen them increase their investment in cyber security. But alarmingly 21 percent of businesses admit that they still have no cyber security strategy in place.

“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, Technology Risk Assurance Partner at RSM UK.

“”Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders,” Snaith added. “Many organisations simply gave up and reverted back to the old way of doing things.”

“But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement,” he added. “Businesses are scrambling to catch up once again.”

Industry view

“We live in an age when trust is increasingly top-of-mind, and this will only get more heightened as technology becomes more commonplace and pivotal to everyday life,” said Haroon Malik, Director of Cyber Security Consulting at Fujitsu.

“GDPR helps cement a responsible attitude towards data and privacy across all industries, and the fact that nearly a third of European firms are still not GDPR compliant is worrying,” said Malik. “As the amount of companies fined for breaking laws protecting consumers’ data begin to pile up – and these fines have the potential to dent a company’s reputation – more organisations need to start taking GDPR seriously.”

“But this is by no means a reason to panic,” he said. “Whilst some firms are still working to understand how GDPR is applied to their business model or industry, compared to five or six years ago, there’s been a real change in how companies use and process data. One year after GDPR came into force, businesses have become more mindful of how and why they collect and store data and are taking steps to process this in a lawful way.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called 'sleeper' malware, with media reports pointing the finger…

8 hours ago

Gigabyte Broadband Pledge At Risk, Warns Spending Watchdog

UK pledge to close the digital divide of broadband services for urban and rural customers…

10 hours ago

UK To Address Marketing Of High Risk Crypto Investments

British financial watchdog says it will curb the marketing of cryptoassets and other high-risk investments,…

12 hours ago

Tesla Driver Charged With Manslaughter After Autopilot Crash

Criminal charges for the first time in fatal crash involving Tesla's Autopilot, as driver is…

14 hours ago

Airport 5G Towers Switched Off In Temporary Aviation Compromise

AT&T and Verizon agree to temporarily switch off 5G towers near certain airports, as operators…

15 hours ago