The Capgemini Research Institute has published a new report titled ‘Championing data protection and privacy – a source of competitive advantage in the digital century’. It summarises the current state of GDPR compliance and looks at how GDPR-compliant organisations fare compared with those who are not yet compliant.
The report is based on responses from over a thousand senior executives in the UK, Germany, the Netherlands, Norway, France, Sweden, Spain, India, Italy, and the US.
The report first highlights how GDPR compliance is still far below expectations. Across all the participants, 78% of businesses expected to be compliant by June 2018, just after the GDPR came into force. In June 2019, more than a year after the regulation came into force, only 28% claimed to be fully compliant. Among UK businesses, 33% reported being compliant in June, compared with 83% that expected to be compliant last year. Sweden, Spain and Italy reported the lowest levels of compliance with 18%, 21% and 21%, respectively. Achieving compliance with GDPR appears to be very challenging for some organisations, with legacy IT systems in particular proving to be an obstacle.
What is perhaps more interesting, though, is that among the minority of companies that did claim to be compliant, 92% reported gaining an advantage over their competition as a consequence. They also reported other benefits, with 79% of respondents saying it boosted staff morale and 85% reporting enhanced trust from consumers. What’s more, 89% said their efforts had brought about organisational improvements. In addition, 91% said their cybersecurity had improved, while 87% said their IT systems were now better as a result.
According to the report, technology seems to be key to achieving compliance, with their being a contrast in the use of technologies between compliant and non-compliant businesses. For example, 70% of compliant companies used data encryption, compared with 55% of non-compliant ones. Likewise, 84% of complying businesses said they already used cloud platforms, whereas just 73% of non-compliant ones reported doing so. There was also a higher uptake of industrialised data retention and robotic process automation among GDPR-compliant companies.
The CEO of Insights & Data at Capgemini, Zhiwei Jiang, said:
“This research underscores both the challenges for companies in achieving GDPR compliance, and the exciting opportunities for those that do. Clearly, many executives were over-ambitious in their expectations last year, and have now realised the extent of investment and organisational change that is required to achieve compliance: from implementing advanced technologies that support data protection to embedding a privacy and data protection mindset among employees.
“However, organisations must recognize the higher-than-expected benefits of being compliant, such as increased customer trust, improved customer satisfaction, strengthened employee morale, better reputation, and positive impact on revenue.”
GDPR is part of the new reality for UK businesses, and it will remain so for the foreseeable future. While complying with GDPR is not optional, it should be seen as an opportunity rather than a burden. At Pro-Networks, we can help you to turn compliance into a competitive advantage with our IT support and services, so you can achieve a culture of best practices and security awareness.