Security

GDPR Aftermath – Have Companies Really Underestimated Their GDPR Readiness?

2 Mins read

Personal data is becoming one important and precious resource. Today, customers’ worries and fears are justified by companies’ management of a large portion of their sensitive personal data. That’s where the EU stepped in last year, by providing customers with the law known as GDPR. The regulation came into effect on May 25, 2018, with the ultimate goal of protecting customers, by allowing users in the EU and EEA to have control over the personal data they share.

Increased Safety For Customers, Additional Costs For Businesses

Not only the GDPR has affected European businesses, but any company that operates within the European markets, regardless of its location. The GDPR essentially changed the way businesses collect, store, and use the data gathered from the customers.

Since the GDPR has become effective, all types of customers’ personal data have been secured, including sensitive information such as bank or credit card information, location, and medical details. The mandatory nature of this law means that businesses are obligated to GDPR compliance, which applies to organizations located within the EU as well as to organizations located outside of the EU if they offer goods or services to, or deal with EU data.

Failing to comply results in a fine of up to 4% of the business’ annual global revenue or €20 million, whichever is greater.

Have Companies Really Underestimated Their GDPR Readiness?

According to a recent study by RSM, one-third of the businesses in Europe are not GDPR compliant. In fact, although the law was introduced more than a year ago, many businesses admit that they failed to comply, while only 57% of the businesses operating in the EU declare to have fully undergone 

GDPR compliance. 

Businesses struggle to implement the GDPR for many reasons. According to the study, businesses struggle to understand how the implementation works, to begin with. Since the process of storing and processing data requires consent, many companies fail to know when they actually need the users’ consent. On the other hand, a large number of businesses are not sure how to monitor the use of personal data by their employees.

This results in a lot of pressure for companies when it comes to GDPR implementation, including hostility towards the implementation itself as it seems to have negative effects on some businesses. In fact, about 28% of the companies declared that being GDPR compliant has had a negative impact on their overall business. At the same time, businesses involved in global trade experienced difficulties working with companies beyond the EU borders.

However, despite the lack of compliance and the aversion, GDPR has proven to have positively impacted cybersecurity practices within the EU, at least for the few compliant companies. 73% of European businesses admitted GDPR has helped them deal with customer data management, and more than half of these companies have increased their investment and resources employed in cybersecurity.

Since GDPR compliance has been a really hot topic for quite some time last year, it’s safe to assume that many organizations must have felt overwhelmed by the information and the need for meeting complex security requirements. This has probably caused retrocession in the way they have been dealing with customers’ data and in the cybersecurity practices they’ve put in place. However, this GDPR hostility seems to have come to an end encouraged not only by high-profile fines across Europe which have proven that regulators are serious about law enforcement but also by the positive effects that many businesses are starting to experience from its application.

Leave a Reply

Your email address will not be published. Required fields are marked *