The General Data Protection Regulations have been in force for a year. But still, there are companies floundering with GDPR compliance.
They are actually finding ways to comply with data privacy legislation and running off from fines.
Surveys conducted have estimated that only one in three organisations have completely accomplished compliance. However, the privacy law came into force in Europe almost 1.5 years ago.
The Capgemini Survey
Consultancy firm Capgemini’s survey included 1000 plus compliance, privacy, and data protection personnel.
The survey of 1000 plus personnel indicated that only three-quarters of them were confident about being completely compliant. This survey was conducted by the time GDPR came into force.
In reality, many are struggling to adhere to the legislation but failing to do so. Despite the fact that regulators have announced huge fines, still, only 28 percent of them have achieved GDPR compliance.
The UK’s Information Commissioner’s Office (ICO) has imposed a massive penalty of £183m to reputed organisations such as British Airways.
It says they all have “poor security arrangements” through which the intruders to steal personal data of almost half a million customers in September 2018.
“For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the application data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force,” Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet.
Hindrance faced by non-compliers
Businesses that failed to comply with the current privacy legislation highlighted some obstacles that are preventing them from achieving GDPR compliance.
Legacy IT systems stood as chief amongst them. 38% of the surveys suggested that the current IT landscape is not aligned with the GDPR complexities.
Whereas, 36% of the respondents said that the GDPR requirements have many complications. Plus, they demand much general effort to implement.
On the other side, some respondents said that the financial cost to achieve alignment with GDPR is too prohibitive.
Non-Compliant vs Compliant
Non-compliant businesses are putting themselves at risk of being a victim of a data breach with financial and reputational damage. Moreover, they can receive a massive fine by the regulators and missing the perks of GDPR compliance.
The Capgemini survey identified that companies with complete compliance are enjoying the advantages. Now, they have customer trust and satisfaction, brand image and above all the revenue.
Surveys also showed that compliant organisations are also enjoying the scene benefits. Those benefits include improved IT systems and cybersecurity practices throughout the organisation.
“Organisations need to promote data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies,” said the report.
“Firms that take these actions proactively and view data protection and privacy regulation as an opportunity will secure a significant competitive advantage”.
Also, an ICO spokesperson told ZDNet that GDPR is helping organisations to improve how they operate. And the way clients and customers perceive them.
“We want organisations to focus on how data protection law can help them to get it right. And enhance their reputations by earning people’s trust and confidence, rather than how they might be punished if they get it wrong.”
Data protection is an ongoing issue; the organisation must repeatedly re-examine their situations.
If an organisation has achieved compliance, it doesn’t mean it should not continue to examine its current situation or how it handles the data.
Problems can occur, and a small mistake can make you pay millions.
“The introduction of GDPR was not a deadline but the start of an ongoing process, and there is a lot more work to complete. That said, we will not hesitate to act in the public’s best interests when organisations willfully or negligently break the law,” said an ICO statement.