Two thirds of businesses unprepared for GDPR, survey suggests


A survey carried out by professional services firm EY has suggested that two thirds of businesses are ‘unprepared’ for the upcoming introduction of the General Data Protection Regulation (GDPR).

The GDPR will come into effect on 25 May 2018, and will strengthen the obligations on all businesses in regard to the safeguarding of individuals’ personal information. Firms have been urged to review their data privacy and security practices ahead of the GDPR’s introduction, to ensure that they are compliant.

Businesses who fail to take action in respect of the new regulation will face severe financial penalties, with fines costing up to €20 million, or up to 4% of total annual worldwide revenue, whichever is the greater.

EY found that 78% of firms consider data protection and privacy to be a growing concern: however, only 33% of businesses stated that they have a plan in place for the implementation of the new GDPR.

Firms within Europe gave broadly positive responses to EY’s GDPR survey: many European business leaders revealed that they have a plan in place for the introduction of the new regulation. More work needs to be done in other markets, however, to ensure that they are ready in time for the change.

Commenting on the matter, Andrew Gordon, Global Fraud Investigation and Dispute Services Leader at EY, said: ‘The pace of regulatory change continues to accelerate and the introduction of data protection and data privacy laws, such as GDPR, are major compliance challenges for global organisations.

‘But businesses that adopt forensic data analysis technologies can achieve significant advantages, benefitting from more effective risk management and increased business transparency across all of their operations.’