More than 85 per cent of companies in a recent survey say it will take them at least three months to come into compliance with the new General Data Protection Regulations (GDPR) that will be in effect from May 25.
The report from Capgemini surveyed 6,000 individuals and 1,000 industry executives across eight countries – excluding Canada – to gather their views about the incoming regulations. Nearly 20 per cent of organizations aren’t even making GDPR a top priority, even though GDPR gives data protection authorities more investigative and enforcement powers to slap those who don’t comply with substantial fines.
This also complements other data that says suggests a significant perception gap between organizations and consumers around consumer data privacy and security performance. On average, 80 per cent of executives believe that consumers trust their organization with the privacy and security of personal data, when in fact, only 52 per cent of consumers agree.
“This overconfidence can blind organizations to the improvements they need to make in data practices and prevent sufficient investment. Such organizations will eventually lose out as consumers increasingly demand a best-in-class data protection experience,” the report reads.
Consumer trust in organizations varies little among European countries, but is the best in Italy and Spain, where executive views and consumer views hover around 80 and 60 per cent, respectively for both countries.
But the report says it’s important companies don’t lag behind the new regulations, especially when they can use them to build a culture of respect and, perhaps overtime, see an improvement in the bottom line. If the don’t, consumers will take action.
“An immature approach will have significant consequences because consumers are prepared to take action if they are unhappy with organizations’ GDPR compliance performance,” the report says.
More than 70 per cent of those consumers who are likely to take some action (over 39 per cent of the overall population) will remove their data and stop all business with the organization they perceive to be in breach of the GDPR.
Executives, however, don’t think consumers are going to walk the talk. More than 70 per cent of executives believe that consumers will not take significant action around their organization’s data privacy and security practices.
“We haven’t seen any substantial increase in consumer interest in matters of personal data protection. We don’t expect it to change much beyond the GDPR deadline as well, unless there is any event that draws media attention and widespread consumer interest with it,” according to an unnamed senior executive at a large European bank, who was quoted in the report.