‘Less Than One-Third’ Of Companies Fully GDPR-Compliant

Less than one-third of companies globally are fully GDPR compliant, despite the fact that the stringent data protection regulations have now been in force for nearly one and a half years.

Capgemini Research Institute said the figure, at only 28 percent, contrasts with more than three-quarters of firms saying last year that they expected to be compliant by the time GDPR came into force in late May 2018.

But companies  “greatly” underestimated the challenges involved, Capgemini said, juding from findings drawn from a survey of more than 1,000 compliance, privacy and data protection personnel.

The study comes after the Information Commissioner’s Office levied a record £183 million fine on British Airways for “poor security arrangements” that led to the personal data of half a million customers being stolen by hackers in September of last year.


Capgemini said many organisations only recognised the scale of the compliance challenge when they began to identify relevant data held by the firm.

Companies cited legacy IT systems as the greatest obstacle to compliance, with 38 percent citing unsuitable systems, while 36 percent said the GDPR’s requirements are too complex and one-third said the financial costs of compliance are prohibitive.

On top of those who feel they are fully compliant, nearly one-third (30 percent) said they were “close to” compliance.

The US led with the highest proportion of companies saying they were compliant, at 35 percent, followed by the UK and Germany at 33 percent each, and Spain, Italy (21 percent each) and Sweden (18 percent) having the lowest proportion of compliant firms.

Competitive advantage

Amongst those companies who did feel they were compliant, the vast majority – 92 percent – said compliance gave them a competitive advantage, enabled them to improve customer trust, customer satisfaction and brand image, leading to higher revenues.

“Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies,” Capgemini said in the report.

“Firms that take these actions proactively – and view data protection and privacy regulation as an opportunity – will secure a significant competitive advantage.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

2 days ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

2 days ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

3 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

3 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 days ago