Third Of European Businesses Not GDPR Compliant

A significant number of European organisations have admitted that they are still not compliant with GDPR data protection rules.

A survey from tax audit advisors RSM found that 30 percent of European businesses are still not compliant with GDPR, despite it being over a year since it was introduced and the threat of hefty financial penalties.

Data protection is still costing firms dear. Facebook was recently fined $5bn for the Cambridge Analytica data-sharing scandal, and Marriot Hotels was stung with £99m fine. British Airways was hit with a £183m fine for a data breach.

GDPR survey

The survey from RSM found that only 57 percent of businesses are confident that their business follows the rules, with a further 13 percent unsure either way.

It seems that there is no single issue to blame for non-compliance, but middle market businesses are apparently struggling to understand and implement a whole range of areas covered by the regulation.

The survey found that more than a third (38 percent) of non-compliant businesses do not understand when consent is required to hold and process data, 35 percent are unsure how they should monitor their employees’ use of personal data and 34 percent don’t understand what procedures are required to ensure third party supplier contracts are compliant.

The good news however is that despite the lack of compliance, GDPR is starting to have a positive impact on cyber security.

According to RSM, almost three quarters (73 percent) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62 percent say it has seen them increase their investment in cyber security. But alarmingly 21 percent of businesses admit that they still have no cyber security strategy in place.

“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, Technology Risk Assurance Partner at RSM UK.

“”Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders,” Snaith added. “Many organisations simply gave up and reverted back to the old way of doing things.”

“But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement,” he added. “Businesses are scrambling to catch up once again.”

Industry view

“We live in an age when trust is increasingly top-of-mind, and this will only get more heightened as technology becomes more commonplace and pivotal to everyday life,” said Haroon Malik, Director of Cyber Security Consulting at Fujitsu.

“GDPR helps cement a responsible attitude towards data and privacy across all industries, and the fact that nearly a third of European firms are still not GDPR compliant is worrying,” said Malik. “As the amount of companies fined for breaking laws protecting consumers’ data begin to pile up – and these fines have the potential to dent a company’s reputation – more organisations need to start taking GDPR seriously.”

“But this is by no means a reason to panic,” he said. “Whilst some firms are still working to understand how GDPR is applied to their business model or industry, compared to five or six years ago, there’s been a real change in how companies use and process data. One year after GDPR came into force, businesses have become more mindful of how and why they collect and store data and are taking steps to process this in a lawful way.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago