Despite the deadline for GDPR compliance arriving on the 25th of May, Information Age reported, only last week, that 61% of UK businesses are far from prepared and would apply for an extension if they had the choice.
The absence of GDPR preparedness is not confined to the UK, similar figures are arising all over Europe. While small to medium-sized organisation appear to be the most ill-equipped.
How worried are businesses?
Given that 45% of UK businesses expect to be fined for failure to be GDPR ready, it is safe to assume that the gravity of the situation may have finally set in for many business leaders.
Some argue that the panic may not be fully necessary, indeed, the fear-mongering coming from various consultants and people on the GDPR bandwagon, looking for an organisation to spend more money, are likely to bring gratuitous worry.
However, according to Michael Abtar, CEO of IG Smart: “There is a predominant concern among business leaders.
“It is around their client and contact lists, in particular, they are concerned about their ability to hold on to it and continue to contact people through it.
“Where in the past a lot of people have collected things in a rather casual way and haven’t given enough thought to transparency and how consent is captured, a lot of data is far from meeting GDPR standards.”
Fear of missing out
Beyond just avoiding fines, however, there appears to be fear of missing out among many businesses leaders. With compliance to GDPR, you get access to a single digital EU economy. This opens up a lot of doorways for doing business in Europe.
Abtar added: “We already have free movement of goods and free movement of people, this is in effect free movement of data.
“Being compliant with GDPR and having some other accreditations, like ISO 27001 and the Cyber Essentials scheme, or being able to show that you have had external audit reports, will, in turn, give you a competitive advantage.
“Particularly when it comes to bidding for new business in the public sector. Often in this sector, be it local authorities or healthcare organisations, they are mandating compliance with specific standards. We’ve had clients come to us where they’ve been invited to submit proposals to public sector contracts and they’ve been asked specifically if they are compliant with things like Cyber Essentials Plus. Often with public sector contracts, the pre-qualification is weighted around information governance and data protection.