One in four businesses still unprepared for GDPR

New research from the DMA highlights the need for more urgency

A quarter of marketers (26%) believe their companies are still unprepared for the introduction of the EU General Data Protection Regulation (GDPR), with just over half (56%) reporting that they feel prepared and 5% believing it’s not their responsibility. In addition, just two-thirds (68%) of those asked said their business would be GDPR compliant in time for 2018, according to the second edition of the DMA’s ‘GDPR and you’ series of studies into the industry’s awareness and preparedness for the GDPR.

The results show that two-thirds of respondents (66%) have ‘good’ awareness – rising from 53% in June 2016 – and that marketers ‘personal’ feeling of preparedness has increased dramatically from 49% to 71%. However, there is still a clear need for urgency with many marketers not believing their businesses will be compliant before the new rules will come into place.

According to the research, over a third (37%) of marketers said profiling is one of their biggest concerns under GDPR, while half (50%) said it was legacy data and the runaway winner is consent with 70% agreeing that it would change under the GDPR. The result of these concerns is that the biggest priority for business are ‘conducting impact assessments’ (42%), ‘giving data subjects greater control of their data’ (36%) and ‘revising your data policy’ (31%). ‘Auditing your data privacy policy’ on the other hand has dropped from 39% to 30% since June 2016.

Chris Combemale, CEO of the DMA group, comments: “May 2018 should be a date that is in every marketer’s diary, giving us around 16 months before the GDPR comes into force. It is concerning that only half of our industry feels their businesses are prepared for the new rules and not that many more believe they will be ready in time. The finish line for GDPR readiness is fixed and the risk to businesses of not being compliant is significant. Our advice is to continue preparations in earnest over the coming year. Not making it across the line in time is not an option.”

Brexit effect?
While it’s unlikely that Brexit will change GDPR for the UK, the new laws are set to come into force in May 2018 before any exit agreement is finalised. The rules will provide consumers with greater protection while also helping brands to safeguard their own reputation by building long-term relationships with customers’ based on transparency and trust.

Despite some initial confusion about the impact of Brexit on the implementation of GDPR, it’s also reassuring that 83% of companies have not changed their plans to implement GDPR-related changes and 7% have even accelerated these preparations. In fact, when asked for their opinion on the best data protection policy for the UK post-Brexit, almost three quarters (74%) believe we should simply adhere to GDPR anyway – with 7% even calling for even stricter rules to be put in place.

Combemale continues: “The data-driven creative industries are the engine that will continue to drive growth in the UK economy post-Brexit. The status of our relationship with Europe does not change the need for UK businesses to prepare for GDPR and it’s concerning to see that only two-thirds of the industry currently expects to be ready for May 2018. In an increasingly global digital marketplace, Brexit does not change the behaviours that companies must adopt in order to succeed and build long-term relationships with customers based on transparency and trust.”

On the 24^th February, the DMA will be hosting its Data Protection 2017 conference, where Information Commissioner Elizabeth Denham will address the audience on the future for the UK’s data-driven creative industries. Full details on the 1-day conference can be found here:
https://dma.org.uk/event/data-protection-2017

To find out more about the research or the latest range of GDPR-related advice, events, guides and training, visit: http://dma.org.uk/gdpr.