It is only six months until the European Union’s (EU) new General Data Protection Regulation (GDPR) comes into force on May 25th, 2018 and a recent report undertaken on behalf of global accountants RSM has found that 92% of European business managers are not yet prepared for the new regulations. The survey, which spoke to around 400 business leaders across the continent on organizations’ individual preparedness for GDPR, found that more than a quarter (28%) of business managers were wholly unaware of GDPR.
Even more alarmingly, of the respondents who confirmed their awareness of GDPR’s impending arrival – and their organization’s strategy for coping with the changes – 26% admitted their companies would not comply by the regulations ahead of the 25th May 2018 threshold. GDPR will unify how personal data of EU residents and visitors is used by businesses worldwide. The GDPR legislation will replace the existing 1995 Data Protection Directive and any bespoke data protection legislation in place within specific EU member states. The standardized application of GDPR aims to facilitate a safer, more legitimate flow of sensitive personal data among EU member states and beyond.
Once GDPR is legally enforceable, those organizations that are found to be non-compliant with their new data protection commitments will be hit with substantial financial penalties. The fines will be 4% of a business’ worldwide turnover, or €20m, whichever is greater. The penalties will be active regardless of the size of a business, making startups equally at risk of potentially crippling fines.
Jean Stephens, chief executive at RSM, warned: “It is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline. Business leaders need to understand that this is not a simple tick-box exercise.”
There was another serious concern arising from the study, particularly for business startups where capital is scarce. Many business leaders reported in the survey that their organizations have been forced to scale back on expenditure in order to focus on GDPR adoption. Almost a quarter (23%) of respondents admitted funds to develop new, innovative products had been diverted, while 22% said their efforts to enter new markets overseas had been stunted because of GDPR.
The complexities of GDPR compliance are certainly weighing heavy on SME and mid-market firms, with 51% admitting the regulation is too complex for them to handle. Meanwhile, two-fifths (41%) of business managers involved directly in their organization’s GDRP strategy felt GDPR compliance would increase business costs immeasurably. Furthermore, 60% of business managers surveyed reported that their organization was seeking third-party consultation on achieving GDPR compliance ahead of May 2018.
However, despite negativity and frustration surrounding the implementation of GDPR, the majority of respondents (52%) recognized the need for the regulation and the importance of monitoring the use of sensitive personal data. GDPR will affect businesses on a global scale. If you’re a growing business with customers or clients based in Europe, you will need to ensure that your own internal process for handling the personal data of EU residents is compliant with the GDPR. Those who don’t prepare will incur the same financial penalties as their non-compliant European counterparts.
Image credit: CC by thedescrier