View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 18, 2016

Firms risk huge fines as they fail to grasp GDPR

Lack of consumer and regulatory understanding represents a major threat to revenue and brand value.

By Ellie Burns

96% of companies still do not fully understand the European General Data Protection Regulation, GDPR, despite the regulation drawing ever nearer.

Due to come into effect in May 2018, Symantec polled 900 business and IT decisions makers in the UK, France and Germany to see where they were on the road to GDPR compliance. Some had still a way to go on the compliance journey, with 91% concerned about their ability to become compliant. The study also revealed only 22% of businesses consider compliance a top priority in the next two years, despite only 26% of respondents believing their organisation is fully prepared for the GDPR.

“These findings show businesses are not only underprepared for the GDPR – they are underpreparing,” said Kevin Isaac, senior vice president, Symantec. “There is a significant disconnect between how important privacy and security is for consumers, and its priority for businesses. The good news is there’s still time to remedy the situation – if firms take immediate action.”


Of huge concern was the 23% of those surveyed who said that their organisation will not be compliant at all, or will be only partly compliant, by 2018. Of this group, a staggering 20% believe it is even possible to become fully compliant with the GDPR, with nearly half (49%) believing that while some company departments will be able to comply, others will not. This stark lack of confidence in meeting the May 2018 deadline leaves businesses at risk of incurring significant fines.

Symantec’s State of European Data Privacy Survey revealed that many companies are not even making the necessary organisational and cultural changes they need to make ahead of May 2018.  Almost one in 10 said all employees can access customers’ personal information, while 6% said that all staff can access customers’ payment details. Of great concern is the mere 14% who believed that everyone in the organisation has a responsibility to ensure data is protected.

With such wide-reaching access to people’s personal information, businesses are underestimating the challenges they will face in managing this in line with the GDPR.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Less than half of those surveyed (47%) said managing data ethically is a top priority for their symantec-3organisation, and less than half again said they would be increasing security training. Just 27% plan on a complete overhaul of their approach to security for GDPR.

Peter Gooch, cyber risk partner at Deloitte, said: “Whether companies will successfully navigate the GDPR regulation hinges on their willingness to embrace privacy by design. They must also understand that good security and privacy processes can provide a substantial competitive advantage and be a driver in gaining consumer trust, in addition to being driven by regulatory requirements.”

GDPR is just one worry for businesses still trying to grapple with compliance, with a growing customer disconnect also looming. This highlights how businesses are out of touch with consumer expectations when it comes to data privacy and security.

Nearly three quarters (74%) of businesses do not think an organisation’s privacy track record is a top three consideration for customers when choosing who to do business with, despite customers asking about data security in more than a third (36%) of transactions.

Equally concerning is the finding that 35% of respondents do not believe their organisation takes an ethical approach to securing and protecting data. 


Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.