According to the report, medium-sized businesses are “struggling to understand and implement” GDPR, a legislation that came into force last year in May, and which regulates how businesses gather, store, share and secure personal information from users in the European Union.
GDPR also introduced heavy fines for businesses that fail to protect the data, or try to cover up or downplay the effects of a suffered data breach.
RSM bases its report on a survey of some 300 companies, more than half of which (57 per cent) said they were ‘confident’ their business complies with GDPR, while 13 per cent weren’t sure.
“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, technology risk assurance partner at RSM UK.
Businesses were given years to prepare for GDPR and still many are failing to be compliant. Recently, even UK’s data regulator confirmed that its website isn’t compliant.
Since GDPR came into force, however, the number of reported incidents grew, with just organisations in the UK reporting more than 10,000 incidents in January alone.
Large companies, such as Google and Facebook have already been fined for not being compliant.