Eighty-five percent of firms in Europe and the US will not be completely ready for GDPR by the 25 May deadline, according to Capgemini. Additionally, one in four will not be fully compliant by the end of the year, says a report from the company’s Digital Transformation Institute.
However, those that are fully compliant will gain significant commercial advantages, says the firm.
Seizing the GDPR Advantage: From Mandate to High-Value Opportunity surveyed 1,000 executives and 6,000 consumers across eight countries to explore attitudes to, and readiness for, the new data protection regulations.
Seeing the upside
Some aspects of the report make challenging reading for policymakers. While 15 percent of organisations say that implementing GDPR is “not a priority”, as many as 35 percent say that the sole purpose of their GDPR programmes is to comply with the legislation, rather than win customer trust or more business.
Capgemini believes that organisations in this category misunderstand the purpose of the regulations, and are missing out on important opportunities.
This is reinforced by other findings. In the UK, for example, 81 percent of organisations believe that consumers trust them with their personal data, but only 52 percent of customers actually do, according to the report. Last month, an IBM survey found that only 20 percent of US citizens have complete faith that the businesses they interact with maintain the privacy of their data.
Across all territories, 40 percent of consumers will spend more with an organisation if they are convinced of their GDPR compliance, adds Capgemini, while 41 percent will buy more products from them. In these cases, spending could increase by nearly one-quarter (24 percent), says the report.
Making enemies of your customers
Companies that fail to seize the opportunity of GDPR may find themselves punished by their customers, says Capgemini.
Across Europe, 57 percent of respondents said they will take action against an organisation if they know it is failing to protect their personal data. Of these, 71 percent will reduce their spending or stop doing business with them, while 73 percent said they will share negative experiences with family and friends.
The impact of multiple Facebook data breaches and high-profile hacks of other organisations is likely to have damaged consumer confidence.
But there is good news for British citizens: UK organisations are the most advanced in compliance terms out of the eight countries surveyed, despite only 55 percent reporting that they will be largely or completely compliant by the deadline. In the UK, GDPR comes into law under the Data Protection Act.
Spain (54 percent), Germany (51 percent), and the Netherlands (51 percent) are close behind, with Sweden having the most work to do: just one-third of Swedish firms will be largely or completely compliant on time.
Plus: Facebook’s Zuckerberg faces Europe
In related news, Facebook founder and CEO Mark Zuckerberg is to meet with the European Parliament on 22 May, where he’ll discuss the company’s use of European customers’ personal data. The private nature of the session has caused controversy, but it will be followed by a press conference hosted by EP President Antonio Tajani – but not, apparently, Zuckerberg. Meanwhile, Institutional Shareholder Services (ISS) is recommending that Facebook investors withhold their support from five of the company’s directors, including Zuckerberg and COO Sheryl Sandberg, and vote in favour of shareholder proposals to improve the company’s risk management and response policies.
Internet of Business says
Earlier this week, a report from IBM found that 70 percent of organisations are actively disposing of data in advance of GDPR. IBM also found that 80 percent of organisations will be cutting down on the amount of personal data they keep, with 78 percent reducing the number of people who have access to it.
However, the IBM survey also found that eighty-four percent of business leaders think GDPR compliance will be perceived as a positive step by the public, while 76 percent said that GDPR will enable more trusted relationships with data subjects.
This may suggest that there is a discrepancy between how large enterprises – IBM’s core customers – view GDPR, and how smaller businesses regard the new regulations.
But whether they see the upside or not, GDPR will force a radical change in the way that all organisations handle personal data, requiring informed consent for its use, measures to be put in place to ensure its security, and the enabling of citizens’ right to have their data permanently erased from IT systems.