Around a year after the European Union’s General Data Protection Regulation (GDPR) came into force, only 28% of companies worldwide say they comply with the directive.
The Capgemini Research Institute analysed the answers of a survey of around 1,100 decision makers from various industries worldwide. One of the biggest issues is that organisations largely underestimated the scope and effort required to comply.
In the survey, 28% of respondents said they work in accordance with GDPR, while another 30% see the requirements in their company as “largely fulfilled”.
Big business benefits
Some 92% of compliant companies are satisfied with GDPR, describing the main benefits as being increased cyber security (91% of respondents), optimised transformation processes (89%) and improved IT systems (87%).
Other advantages include increased customer confidence (84% of respondents report), a better image (81%) and more “morality” on the part of employees (79%), plus 76% generate more sales.
A cultural issue
Capgemini regards governance, risk and compliance as a cultural, as well as technology, issue and says GDPR implementation has been slower than expected.
Capgemini also investigated what compliance initiatives fail to achieve:
• 38% of respondents cite difficulties with adapting IT systems;
• 36% fail due to the complexity of regulatory requirements;
• 33% complain about high costs; and
• the cost of customers’ inquiries – half of US companies and 36% of companies have received more than 1,000 requests from consumers whose data they store.
As the Capgemini graph below shows, the US is ahead, with 35% seeing themselves as complying with GDPR. Germany and the UK are next, each with 33%, while Sweden is last with 18% of firm saying they are compliant.