On their home turf: 30% of European companies aren’t GDPR compliant
Worried about compliance with the European Union’s General Data Protection Law? Do you think your company’s lagging? You’ve got company, from unexpected places. Almost a third (30%) of European businesses admit they are still not compliant with the GDPR, according to a survey conducted by the European Business Awards on behalf of RSM, an audit, tax and consulting group of advisers that focuses on the middle market. Despite it being over a year since GDPR came into effect, and a raft of fines from regulators only 57% of businesses are confident that their business follows the rules, with a further 13% unsure either way.
There is no single issue holding these companies back, says the RSM survey. More than a third (38%) of non-compliant businesses do not understand when consent is required to hold and process data, 35% are unsure how they should monitor their employees’ use of personal data and 34% don’t understand what procedures are required to ensure third party supplier contracts are compliant.
There’s some good news, according to the survey: GDPR is starting to have a positive impact on cyber security within the EU. Almost three quarters (73%) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62% say it has seen them increase their investment in cyber security. There remains much more to do, however, with 21% of businesses admitting that they still have no cyber security strategy in place.
Steven Snaith, Technology Risk Assurance Partner at RSM UK, said in a statement: “With so much pressure on organizations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organizations simply gave up and reverted to the old way of doing things.”