Almost 1 in 7 companies still without a plan for GDPR


The GDPR will come into force in a little over 7 months, but with the deadline looming there remains concern with 15% of businesses still not having a plan in place, according to the latest research from the DMA.

The majority of marketers surveyed believe their organisations are on track (56%) or ahead (4%) in their plans to be compliant by May 2018, with a further 17% falling behind their current plans – up from 11% in May 2017.

The latest edition of this research, now running since June 2016, shows how awareness and preparedness has risen. Eight in 10 marketers (77%) now rate their awareness as ‘good’, while 74% described themselves as feeling somewhat or extremely prepared for the changes.

>See also: A 6-step action plan for complying with GDPR

However, when asked about the preparedness of their organisation, this figure dropped to just 58% believing their business was ready for the changes. This is despite 85% of businesses having implemented their plans for GDPR, which is more than ever before.

Chris Combemale, CEO of the DMA Group, said: “The GDPR is a watershed moment for organisations to make data protection a core brand value, placing respect for privacy at the heart of their brand proposition. We should use the new laws as a catalyst to transform the way we speak to customers, making every engagement human-centric. This will enable organisations to build trusted, authentic and transparent relationships with their customers.”

Marketers feel more affected by the GDPR as time goes on, with two-fifths (42%) now feeling their business will be “very affected” by the new laws, and a further fifth (22%) feeling “extremely affected”.

>See also: 1 in 4 companies yet to begin planning for GDPR

65% of those surveyed agree that the GDPR will be a hindrance to their marketing. Despite this, marketers also clearly understand the value the GDPR will bring to their customer offering, with 39% agreeing that the changes will improve their ability to meet customers’ needs.

Key concerns for organisations are consent (28%) and legacy data (18%), while priorities remain updating privacy policies (15%), integrating compliance systems (12%), auditing current state (12%) and data management breach processes (11%).

Combemale continues: “As an industry, we must always keep in mind the customers’ right to privacy. It’s important that businesses put the principles of accountability, transparency and trust at their core. Allowing them to go beyond simply being the right side of the law and actually build a sustainable long-term relationship with customers about their data.”

Brexit & ePrivacy regulation

Post-Brexit, 39% of marketers say they would like GDPR to be relaxed, despite the introduction of the Data Protection Bill on the 13 September.

>See also: What are US companies’ view on GDPR?

However, three quarters (76%) of marketers want to retain free data flows across Europe (the “digital single market”), which will necessitate aligning our data laws with those of Europe.

New for this edition, marketers were also asked about their awareness and key concerns about the upcoming ePrivacy Regulation reforms, with 3 in 10 (28%) reporting no awareness at all. The most common concerns about potential changes are an opt-in for B2B marketing (31%), consent requirement for cookies (26%) and an opt-in for all telemarketing (25%).


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...