92% of European businesses are unprepared for GDPR

Thursday, 23 November 2017, 09:00 Last update: about 7 years ago

28% are unfamiliar with the new regulation they will need to adhere to in less than a year • Over half (51%) believe the regulation is too complex for SMEs and middle market businesses but agree that increased regulation around the use of personal data is necessary

Businesses across Europe are unprepared for the EU's General Data Protection Regulation (GDPR), which comes into law in May 2018, according to new research conducted for RSM, the sixth largest audit, tax and consulting network, by the European Business Awards. The survey, completed by 400 of Europe's successful business leaders, asked about their preparedness for GDPR and how the new regulation will impact their operations.

Less than 12 months before the new regulation comes into effect, only 8% of business are ready for GDPR, and have made the necessary changes to be compliant with the regulation. Meanwhile, one in four business leaders (28%) are completely unaware of the regulation they will have to adhere to. Worryingly, 26% of business leaders, familiar with their GDPR strategy, admit their organisation will not be compliant by the May 2018 deadline.

Businesses that fail to comply before the deadline could face fines of up to 4% of global turnover or €20m, whichever is higher.

The process of preparing for GDPR is already impacting business operations. The survey highlights that a concerning number of businesses are cutting back in other areas including plans to create innovative new products (23%) or to fuel growth through international expansion (22%).

Jean Stephens, CEO, RSM commented: "In less than seven months, businesses across the continent will have to adhere to GDPR. We have seen an increase in clients asking us about GDPR consulting services, however, it is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline.

Business leaders need to understand that this is not a simple tick-box exercise. They will likely need to implement significant changes that could impact their organisation as a whole and so the sooner they begin to prepare, the better."

Commenting about this new regulation RSM Malta's managing partner, Maria Micallef said that "as one of Malta's leading audit, tax and advisory firms, we encourage local firms to inform themselves on how the GDPR will impact their businesses in order to have sufficient time to address the necessary compliance gaps and issues that such a complex regulation will bring about. Furthermore, business leaders need to look into the possibility of updating and introducing new processes and raising awareness across employees handling personal data.

Micallef also appealed to its clients to call upon the RSM Malta team well ahead of the May 2018 deadline, so that they will be in a position to advise them with any changes they may need to implement to be fully compliant with the regulation.

The complexity of the GDPR regulation is starting to weigh on European businesses. Of those that are looking at the regulation, 51% believe it is too complicated for SMEs and middle market businesses. Two out of five companies (41% of those involved in or aware of their organisation's strategy) believe the requirements of the GDPR regulation will significantly increase their business expenditure, including spending on consulting services. The use of external expertise is increasingly prevalent, with 60% of businesses looking for external support in order to deliver their compliance project before the May 2018 deadline.

Despite the complexity of the regulation, businesses do appreciate the necessity of GDPR. Business leaders across Europe support the changes with the majority (52%) agreeing that regulation to monitor the use of personal data is necessary.

Adrian Tripp, CEO, European Business Awards said: "While most European businesses support the need for change around personal data, it is clear that many firms are either finding the GDPR regulations challenging or are unaware of the requirements to them. As the clock is ticking it is important these businesses review the legislation, seek help if needed or risk facing large scale fines next year."

The European Business Awards is the largest cross sector business competition in Europe. Its primary purpose is to support the development of a stronger and more successful business community.

RSM is currently advising companies on GDPR planning and compliance. Information can be found on its GDPR webpage www.rsm.global/gdpr or firms can hear from its experts direct and register for RSM's GDPR webinar on 30 November at 12.30GMT.