More than one-third firms in EU, US will not meet GDPR deadline: Capgemini report


BENGALURU: More than 8 out of 10 companies in the Europe and the United States are not ready to be General Data Protection Regulation (GDPR).

As GDPR, a comprehensive set of guidelines put in place by the European Union to protect personal data of all its citizens, is slated to be effective from May 25; 85% firms both in Europe and the US are struggling to be completely compliant by that time, said a report by IT services company Capgemini’s Digital Transformation Institute.

GDPR redefines the way organisations have approached data privacy in the European region and with the new set of rules depending on the nature, severity, and duration of data breach, organizations in non-compliance of GDPR may face heavy fines as much as 4% of annual global revenue.

The report has mentioned that there is a “mixed picture” across Europe when it comes to readiness. While British businesses are the most advanced, despite only 55% reporting they will be largely or completely compliant; Spain (54%), Germany (51%) and the Netherlands (51%) are close behind. Sweden, according to the report, has a lot to do as 33% of Swedish firms will be largely or completely compliant on time.

Capgemini surveyed 1000 executives and 6000 consumers across 8 markets to understand the readiness of companies.

Some companies, which have invested in compliance and data transparency with consumers and met the deadline ahead of time, are seeing the benefits, said the report. For example, of those consumers that are convinced an organization protects their personal data, 39% have purchased more products and increased spend with that individual firm.

“Beyond gaining consumer confidence and increased spending, knowing exactly what data is held allows firms to use analytics more effectively and improve operations. Firms will also know which files they must delete, freeing up valuable storage space,” Willem de Paepe, Global GDPR leader at Capgemini, was quoted saying.

GDPR is said to be empowering consumers to take action over their improper use of their own data. “Across Europe, 57% of individuals say they will take action against an organization if they know a firm is failing to adequately protect their personal data. Of these, more than 70% will take actions such as reducing their spending (71%), stopping doing business with them (71%) or sharing negative experiences with family and friends (73%),” noted the report.

Surprisingly, 71% of executives believe that consumers will not take significant action around their organization’s data privacy and security practices. In fact, a senior executive at a large European bank was quoted saying interest of their consumers about personal data protection has not been significant and would not change even after GDPR.

Source: Economic Times