Businesses across Europe are unprepared for the EU’s General Data Protection Regulation (GDPR), which comes into law in May 2018, according to new research conducted for audit tax and consulting firm RSM by the European Business Awards.
The survey, completed by 400 of Europe’s successful business leaders, asked about their preparedness for GDPR and how the new regulation will impact their operations.
Less than 12 months before the new regulation comes into effect, only 8 per cent of business are ready for GDPR, and have made the necessary changes to be compliant with the regulation. Meanwhile, one in four business leaders (28 per cent) are completely unaware of the regulation they will have to adhere to. Worryingly, 26 per cent of business leaders familiar with their GDPR strategy, admit their organisation will not be compliant by the May 2018 deadline.
Businesses that fail to comply before the deadline could face fines of up to 4 per cent of global turnover or EUR20 million, whichever is higher.
The process of preparing for GDPR is already impacting business operations. The survey highlights that a concerning number of businesses are cutting back in other areas including plans to create innovative new products (23 per cent) or to fuel growth through international expansion (22 per cent).
Jean Stephens (pictured), CEO, RSM, says: “In less than seven months, businesses across the continent will have to adhere to GDPR. We have seen an increase in clients asking us about GDPR consulting services, however, it is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline.
Business leaders need to understand that this is not a simple tick-box exercise. They will likely need to implement significant changes that could impact their organisation as a whole and so the sooner they begin to prepare, the better.”
The complexity of the GDPR regulation is starting to weigh on European businesses. Of those that are looking at the regulation, 51 per cent believe it is too complicated for SMEs and middle market businesses. Two out of five companies (41 per cent of those involved in or aware of their organisation’s strategy) believe the requirements of the GDPR regulation will significantly increase their business expenditure, including spending on consulting services. The use of external expertise is increasingly prevalent, with 60 per cent of businesses looking for external support in order to deliver their compliance project before the May 2018 deadline.
Despite the complexity of the regulation, businesses do appreciate the necessity of GDPR. Business leaders across Europe support the changes with the majority (52 per cent) agreeing that regulation to monitor the use of personal data is necessary.
Adrian Tripp, CEO, European Business Awards, says: “While most European businesses support the need for change around personal data, it is clear that many firms are either finding the GDPR regulations challenging, or are unaware of the requirements to them. As the clock is ticking it is important these businesses review the legislation, seek help if needed, or risk facing large scale fines next year.”
The European Business Awards is the largest cross sector business competition in Europe. Its primary purpose is to support the development of a stronger and more successful business community.