It seems as companies ‘greatly’ underestimated the work that needed to be done in order to become GDPR-compliant.
This is according to a new report by the Capgemini Research Institute, which says that less than a third (28 per cent) consider themselves fully compliant with the General Data Protection Regulation.
GDPR came into force in late May last year, and it regulates how businesses gather, store, share and secure data they have on its users from the European Union.
Last year, more than three quarters of polled businesses expected to be ready for GDPR on time. Those that are compliant, are reaping the benefits. Those that aren’t – are facing multiple challenges.
The compliant ones are saying they’ve improved their reputation and brand image, thanks to GDPR. On the other hand, the ones that are still transitioning are saying complexity of regulation requirements, costs of implementation and challenges of legacy infrastructure are holding them back.
Among the non-compliant, a third (30 per cent) are “close to” complete compliance, but are still actively resolving pending issues. The US has most compliant companies (35 per cent), with the UK and Germany being close second (33 per cent each). Spain, Italy (21 per cent) and Sweden (18 per cent) have the least amount of compliant organisations.
“The GDPR is not something you will ever be done with. It is something that you need to work on continuously,” says Michaela Angonius, Vice President and Head of Group Regulatory and Privacy, Telia Company.
“Clearly, many executives were over-ambitious in their expectations last year, and have now realised the extent of investment and organizational change that is required to achieve compliance: from implementing advanced technologies that support data protection to embedding a privacy and data protection mindset among employees,” added Zhiwei Jiang, CEO of Insights & Data at Capgemini.
“However, organisations must recognize the higher-than-expected benefits of being compliant, such as increased customer trust, improved customer satisfaction, strengthened employee morale, better reputation, and positive impact on revenue. These benefits should encourage every organization to achieve full compliance.”