Unless you’ve been hiding under a rock, you’ll know that GDPR comes into force this Friday 25th May.
We’ve also endeavoured to keep you updated with the latest GDPR research and surveys each and every week. So, in light of the deadline’s arrival, we thought we’d compile some of the best for your enjoyment/horror.
Take a deep breath, everyone, and dive in…
SMBs feel the pressure while US start-ups are well prepared
Mailjet suggests that SMBs are feeling the pressure the most when it comes to GDPR compliance.
Over 4,000 took part in its GDPR readiness test a mere eight weeks before the deadline (from countries including the UK, US, France, and Spain), and a whopping 80% reported that they were continuing to collect personal data from customers during this time. 67% also said that they still aren’t protecting it properly through encryption technologies.
In contrast to SMB’s, Mailjet also discovered that US start-ups are generally better prepared than their European counterparts. 53% stated that they now encrypt the data they process, while 47% have a warning system in case of a breach that could put customer data at risk.
IT professionals predict they will miss deadline
Research by Spiceworks published this month suggests that – despite time and resources spent on compliance efforts – many companies will still fail to meet the May 25th deadline. In fact, some organisations are not expecting to be compliant for a year or more after. This news comes from a survey of over 600 respondents across Europe and the US.
Out of the organisations that expect to miss the deadline, 60% of UK IT professionals and 64% in other EU countries (that took part in the survey) cite a lack of time and resources as the primary reason. Meanwhile, 40% of IT professionals in the US say the primary reason they will not meet the deadline is because it’s not a priority for their organisation.
Despite these challenges, it appears IT professionals generally support the regulations, with 75% of respondents in the UK and 70% in the rest of the EU saying they are in favour of the GDPR.
Connecting the dots between data cited as top challenge
Econsultancy’s ‘Marketers Guide to the GDPR’ report, published in February 2018, based on a survey of over 1,000 client-side and agency-side respondents in the UK, found that many companies are more worried about navigating internal silos rather than consumer consent.
When asked about the top challenges for organisations as a result of the GDPR, respondents highlighted that connecting the dots between data stored across different parts of the organisation as the biggest challenge. This was followed by knowing what data the organisation actually has, as well as where it comes from.
As a result, the act of information auditing and data mapping should be one of the first steps for companies, forcing them to break down silos and move towards a joined-up view of the customer.
Nearly half of UK marketers preparing for fines
In a survey of over 150 brand and agency-side marketers, Ensighten found that 45% of organisations are setting money aside in case of any potential fines.
In contrast to this, just 26% of respondents said they felt confident that their data governance procedures would be classed as compliant by the 25 May deadline. As a result, 61% of marketers said that they would apply for an extension on the date if there was an option to do so.
Two out of three people feel more comfortable sharing data thanks to new laws
Research from the DMA states that – despite media reports suggesting the opposite – most consumers now feel more comfortable sharing their data than ever before. In a survey of 1000 UK consumers, 62% said their confidence about sharing data with businesses has been improved by the incoming laws.
It also found that 57% prefer to receive some form of personalised marketing from companies, and out of this, 62% also understand the need for companies to access their data in order to help stop them receiving marketing that is not relevant to them.
This highlights the importance of communicating the benefits of the new laws to consumers in order to build long-term trust. Interestingly, even among shoppers that don’t appreciate brand marketing, 40% said they are comfortable with sharing data to avoid irrelevant offers or recommendations.
Worries that GDPR’s Article 33 could lead to cover-ups
IT professionals believe GDPR will stifle innovation, as well as potentially lead to cover-ups, according a survey of 900 people in the industry.
49% of respondents to the survey said the threat of GDPR fines made them more nervous of using cloud-based apps and services. This could be due to a lack of cloud-security knowledge within organisations, as 27% of respondents admitted to cutting corners with cloud security in order to reduce costs, whilst 48% are unsure if they have data processing agreements set up with new cloud providers.
Meanwhile, half of respondents said Article 33’s 72-hour reporting rule (i.e. flagging a breach within 72 hours of detection) could lead companies to hide data breaches to avoid fines rather than report them. This is largely due to internal limitations, with 43% of respondents questioning whether their organisation had the ability to identify and report a breach within the time period.
Just 44% of UK charities were aware of GDPR six months ago
The Cyber Security Breaches survey by the Department for Digital, Culture, Media and Sport has revealed that, as of Winter 2017, just over two-fifths (or 44%) of UK charities were aware of GDPR. 569 UK registered charities took part in the survey.
Out of this 44%, just 9% of charities had amended their cyber security policies or processes specifically in preparation for the new rules.
However, it seems larger charities are more on top of the situation, with awareness rising to 75% within charities with over 250 staff. 10% of charities also say that additional staff communications and training has been a priority in response to the GDPR.
US companies underestimating GDPR obligations
One of the biggest points of contention surrounding GDPR has been who can legally exercise GDPR rights. This is because GDPR does not just apply to citizens of an EU country, but anyone who at any time has set foot in an EU country and transmitted their data.
For example, a US tourist travelling to a European country and using Facebook during their stay.
This was highlighted in a report by Attorney IO, which also suggests that – under US law – it may therefore be illegal ‘national origin discrimination’ to give GDPR rights to immigrants from the EU and not to everyone else.
As a result, the report emphasises the importance of taking a conservative approach to the GDPR, with fines as much as 4% of worldwide revenue potentially bankrupting companies or organisations with high revenues but little profits.
Data privacy (or lack of) has the potential to damage your brand
Veritas’ Global Data Privacy Consumer Study – which surveyed 12,500 consumers across 14 countries – found that 47% of respondents would consider turning to a competitor in the event a company loses control of data privacy. Similarly, 79% would tell their friends and family to boycott the organisation, and 60% say they would post negative comments about the business online.