UK's big companies not ready for GDPR

  • By Elizabeth Fry

Just two weeks to go before tough new privacy laws come into force in Europe new research shows many of the UK's marquee companies will not be ready in time.

Only six in 10 members of the Britain's Institute of Directors believe their organisation will be fully compliant with the General Data Protection Regulation by 25 May.

A new Institute of Directors poll of 700 company bosses shows many businesses remain unprepared for the changes.

"Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view," says the Institute.

"Many business leaders are also less sure about how the new rules will affect their firms, with around 40 per cent reporting they are not confident or unsure as to how GDPR will impact their company." 

While the GDPR is aimed squarely at data protection for people within the EU, it will have implications for other parts of the world, including Australia.

These new rules will hit any company offering services to citizens of the EU, have subsidiaries in the EU or use data analytics to predict customer behaviour – like banks, on-line retailers and software providers.

Firms that fail to comply can face heavy fines of up to 4 per cent of global turnover, or €20 million - whichever is greater.

UK retailers lagging Europe

The Institute's findings underscore the results of a separate survey conducted by Oliver Wyman, the global risk manager.

Research shows UK's retailing giants are not only lagging Germany and France in the race to comply with the GDPR, they are also more likely to view data transfer as a significant threat to their firm.

Almost half of the UK respondents in the survey conducted by the global risk manager acknowledge that their company will not be fully compliant - higher than in Germany and France.

The survey found seventy-one per cent of respondents see data transfer requests as a significant threat compared to 65 per cent in Germany and 56 per cent in France.

Importantly, only 17 per cent of executives across all markets view GDPR as purely an opportunity yet 78 per cent report that owning, managing, and working with customer data plays an important role in their business.

Further, just one-quarter of respondents say it it is fundamental to everything they do as a business.

According to Oliver Wyman partner Duncan Brewer, while UK retailers are taking GDPR seriously and investing resources in the lead up to the enactment of the EU regulation, it appears they are less prepared than those in other European markets.

“Across Europe, our research shows that retail executives are very concerned about data deletion and transfer."

Little concern for privacy

Yet, in his view, it would require a fundamental change in consumer behaviour for retailers to be inundated with customer requests as he is seeing little concern for privacy among consumers.

“Most consumers are likely to continue to offer their data in exchange for improved services and convenience.”

“So, unless GDPR leads to a significant shift in consciousness around data privacy, retailers will have spent a significant amount of time and effort building offensive and defensive strategies for minimal benefit.”

On average, the survey shows that firms are devoting 10 employees, including 6 new hires, to GDPR to ensure compliance.

Around 56 per cent of executives say their companies are introducing stronger data security measures to increase customer’s trust and 40 per cent are exploring price and service incentives for customers who don’t request that their data is deleted or transferred.