Third Of European Businesses Not GDPR Compliant

A significant number of European organisations have admitted that they are still not compliant with GDPR data protection rules.

A survey from tax audit advisors RSM found that 30 percent of European businesses are still not compliant with GDPR, despite it being over a year since it was introduced and the threat of hefty financial penalties.

Data protection is still costing firms dear. Facebook was recently fined $5bn for the Cambridge Analytica data-sharing scandal, and Marriot Hotels was stung with £99m fine. British Airways was hit with a £183m fine for a data breach.

GDPR survey

The survey from RSM found that only 57 percent of businesses are confident that their business follows the rules, with a further 13 percent unsure either way.

It seems that there is no single issue to blame for non-compliance, but middle market businesses are apparently struggling to understand and implement a whole range of areas covered by the regulation.

The survey found that more than a third (38 percent) of non-compliant businesses do not understand when consent is required to hold and process data, 35 percent are unsure how they should monitor their employees’ use of personal data and 34 percent don’t understand what procedures are required to ensure third party supplier contracts are compliant.

The good news however is that despite the lack of compliance, GDPR is starting to have a positive impact on cyber security.

According to RSM, almost three quarters (73 percent) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62 percent say it has seen them increase their investment in cyber security. But alarmingly 21 percent of businesses admit that they still have no cyber security strategy in place.

“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, Technology Risk Assurance Partner at RSM UK.

“”Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders,” Snaith added. “Many organisations simply gave up and reverted back to the old way of doing things.”

“But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement,” he added. “Businesses are scrambling to catch up once again.”

Industry view

“We live in an age when trust is increasingly top-of-mind, and this will only get more heightened as technology becomes more commonplace and pivotal to everyday life,” said Haroon Malik, Director of Cyber Security Consulting at Fujitsu.

“GDPR helps cement a responsible attitude towards data and privacy across all industries, and the fact that nearly a third of European firms are still not GDPR compliant is worrying,” said Malik. “As the amount of companies fined for breaking laws protecting consumers’ data begin to pile up – and these fines have the potential to dent a company’s reputation – more organisations need to start taking GDPR seriously.”

“But this is by no means a reason to panic,” he said. “Whilst some firms are still working to understand how GDPR is applied to their business model or industry, compared to five or six years ago, there’s been a real change in how companies use and process data. One year after GDPR came into force, businesses have become more mindful of how and why they collect and store data and are taking steps to process this in a lawful way.”

Do you know all about security? Try our quiz!

Read also : The Value of Data
Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Xbox Marketing Chief Leaves For Roblox

Microsoft loses Xbox marketing chief amidst executive changes in company's gaming division, broader layoffs and…

22 hours ago

YouTube Test Community ‘Notes’ Feature For Added Context

YouTube begins testing Notes feature that allows selected users to add contextual information to videos,…

23 hours ago

FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

US regulator sues Photoshop maker Adobe over large, hidden termination fees, intentionally difficult cancellation process

23 hours ago

Tencent To Ban AI Avatars From Livestream Commerce

Chinese tech giant Tencent to ban AI hosts from livestream video platform as it looks…

24 hours ago

TikTok US Ban Appeal Gets 16 September Court Date

Action by TikTok, ByteDance and creators against US ban law gets 16 September hearing date,…

1 day ago

US Surgeon General Calls For Warning Labels On Social Media

US surgeon general calls for cigarette-style warning labels to be shown on social media advising…

1 day ago