30% of businesses are still not compliant with GDPR

30% of businesses are still not compliant with GDPR

Almost a third of European businesses admitted they are still not compliant with GDPR, despite regulators beginning to clamp down on breaches

30% of businesses are still not compliant with GDPR

Almost a third of European businesses admitted they are still not compliant with GDPR, according to research by RSM.

The survey, conducted by the European Business Awards, said that despite it being over a year since GDPR came into effect, only 57% are confident that their business follows the rules and a further 13% were unsure either way.

“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, technology risk assurance partner at RSM UK. “Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things.”

However, Snaith warned firms to be alert to potential GDPR breaches. Indeed, with 59,000 breaches in the first nine months and a €50m fine for Google, it is clear that regulators are not afraid to bare their teeth.

“There are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again,” Snaith said.

“One important aspect to note is that GDPR compliance is far wider than just policies, procedures and training. Underlying technology controls need to be robust to safeguard the leakage and unauthorised access of personal data,” he added.

According to the research, the compliance gap is not down to any single issue, with middle market businesses struggling to understand and implement a whole range of areas covered by the regulation.

More than a third of non-compliant businesses do not understand when consent is required to hold and process data, 35% are unsure how they should monitor their employees’ use of personal data and 34% don’t understand what procedures are required to ensure third party supplier contracts are compliant.

“GDPR is complex and challenging, but it is also an opportunity for businesses to differentiate themselves with their ability to respond and demonstrate their organisational agility,” said Jean Stephens, CEO of RSM International.

“By letting go of legacy systems and rethinking the way they interact with data, these more entrepreneurial businesses can become more appealing partners and more innovative competitors on the global stage.”

Despite the lack of compliance, GDPR is starting to have a positive impact on cyber security within the EU. Almost three quarters of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62% say it has seen them increase their investment in cyber security.

There remains much more to do, however, with 21% of businesses admitting that they still have no cyber security strategy in place.

 

The impact of GDPR on Europe’s businesses

Improved the management of customer data

73%

Increased investment in cyber security

62%

Encouraged new, innovative uses of data

58%

Made businesses feel safer from cyber crime

51%

The cost of compliance has slowed growth

37%

Compliance has made our business more effective operationally

31%

GDPR has made it difficult for us to work with non-European businesses

28%

 

Whitepaper

The Future of Finance is in the CFO's Hands

Business The Future of Finance is in the CFO's Hands

4m
Save a Week a Month Consolidating Accounts

Accounting Software Save a Week a Month Consolidating Accounts

5m
Mitigating Risk Through Internal Control

Legal Mitigating Risk Through Internal Control

6m
Could tax season have run more efficiently?

Corporate Tax Could tax season have run more efficiently?

6m

Related Articles

Free IRIS OpenSpace storage for ACCA members

Technology Free IRIS OpenSpace storage for ACCA members

6m Emanuela Hawker, Reporter
Tech Series: Brendan Woods, CEO of AutoEntry

Technology Tech Series: Brendan Woods, CEO of AutoEntry

7m Emanuela Hawker, Reporter
Accountancy practices ‘not prepared’ for cyber risks – new research

Security Accountancy practices ‘not prepared’ for cyber risks – new research

8m Beth McLoughlin, Managing Editor
GDPR compliance: what accountants need to know

Technology GDPR compliance: what accountants need to know

1y IRIS | Sponsored
Caught between a block and a hard place: Can GDPR and Blockchain co-exist?

Technology Caught between a block and a hard place: Can GDPR and Blockchain co-exist?

1y Phil Beckett, Managing director disputes and investigations
GDPR: Don’t forget the human touch

Security GDPR: Don’t forget the human touch

1y Neil Patrick, Director of GRC and Centre of Excellence EMEA for SAP
How the fourth industrial revolution is impacting accountancy

Technology How the fourth industrial revolution is impacting accountancy

1y Lucy Skoulding, Reporter
What lies in store for accountancy in 2018?

Accounting Firms What lies in store for accountancy in 2018?

2y Lucy Skoulding, Reporter