9 out of 10 European companies are unprepared for GDPR

11 December 2017 Consultancy.eu 3 min. read

Nine out of ten European businesses are unprepared for GDPR, according to a survey held among over executives across the continent. 

In May 2018, Europe’s General Data Protection Regulation (GDPR) comes into law, in what is described by many as the largest regulatory change to hit the business landscape in over a decade. Less than 7 months before businesses across the continent will have to adhere to GDPR, a new study by accounting and consulting firm RSM, conducted among 400 European executives and managers, shows that preparedness for the regulation is a major issue.

Only 8% of executives said their business is ready for GDPR, and that they have made the necessary changes to be compliant with the regulation. At the other end of the spectrum, one in four business leaders (28%) are completely unaware of the regulation they will have to adhere to. The most worrying finding is that 26% of business leaders admit that their organisation will not make the May 2018 deadline. 

“It is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline,” said Jean Stephens, CEO of RSM. 

Not adhering to GDPR will after roll-out have major financial implications for organisations active in Europe. The regulation has been designed to protect European citizens from a range of potentially abusive, manipulative and unsafe uses of their data, which means that companies will have to ensure that they update their processes, systems and thinking to align to the new procedures. Those which breach GDPR’s guidelines will be liable to fines of €20 million, or up to 4% of global revenues, whichever is higher. 

RSM - GDPR readiness

Recent data breaches at Hilton and Uber have demonstrated the financial impact GDPR could have. The international hotel chain was for instance recently fined $700,000 for a data breach in New York state. However, under the GDPR, which covers organisations even outside the EU who handle data of European citizens, that fine could have risen by up to $420 million. 

In terms of implementation, RSM’s survey shows that the process of preparing for GDPR is already impacting business operations. Among the areas being cut back to free up resources for GDPR execution include creating innovative new products (23%) or fuelling growth through international expansion (22%). 

Despite the complexity of the regulation, businesses do appreciate the necessity of GDPR, found the researchers. Business leaders across Europe support the changes with the majority (52%) agreeing that regulation to monitor the use of personal data is necessary. However, over half (51%) of the respondents at the same time believe the regulation is too complex for SMEs and middle market businesses. 

For consulting firms, GDPR is unfolding as a lucrative market within the risk & compliance and technology segments. Two out of five companies said that they have significantly increased their business expenditure to ensure preparedness, including spending on consulting services. The use of external expertise is increasingly prevalent, with 60% of businesses looking for external support in order to deliver their compliance project before the May 2018 deadline.