Capgemini finds firms struggle with legacy IT systems, complex requirements and mounting costs to bring themselves into line with strict data protection rules
Less than one-third of companies globally are fully GDPR compliant, despite the fact that the stringent data protection regulations have now been in force for nearly one and a half years.
Capgemini Research Institute said the figure, at only 28 percent, contrasts with more than three-quarters of firms saying last year that they expected to be compliant by the time GDPR came into force in late May 2018.
But companies “greatly” underestimated the challenges involved, Capgemini said, juding from findings drawn from a survey of more than 1,000 compliance, privacy and data protection personnel.
The study comes after the Information Commissioner’s Office levied a record £183 million fine on British Airways for “poor security arrangements” that led to the personal data of half a million customers being stolen by hackers in September of last year.
Capgemini said many organisations only recognised the scale of the compliance challenge when they began to identify relevant data held by the firm.
Companies cited legacy IT systems as the greatest obstacle to compliance, with 38 percent citing unsuitable systems, while 36 percent said the GDPR’s requirements are too complex and one-third said the financial costs of compliance are prohibitive.
On top of those who feel they are fully compliant, nearly one-third (30 percent) said they were “close to” compliance.
The US led with the highest proportion of companies saying they were compliant, at 35 percent, followed by the UK and Germany at 33 percent each, and Spain, Italy (21 percent each) and Sweden (18 percent) having the lowest proportion of compliant firms.
Amongst those companies who did feel they were compliant, the vast majority – 92 percent – said compliance gave them a competitive advantage, enabled them to improve customer trust, customer satisfaction and brand image, leading to higher revenues.
“Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies,” Capgemini said in the report.
“Firms that take these actions proactively – and view data protection and privacy regulation as an opportunity – will secure a significant competitive advantage.”