Most Companies Won’t Make GDPR Deadline, Putting Customer Trust at Risk

As the European Union’s General Data Protection Regulation (GDPR) deadline approaches on May 25, most companies do not expect to be fully compliant by then, according to a recent survey from IBM. The resulting report, titled “The End of the Beginning,” categorizes companies surveyed as either the “sparked”—those that will be fully compliant with GDPR’s mandates for data protection of EU citizens’ data by the deadline—and the “squeezed,” which are those that are less committed to making the deadline. “Sparked” companies are most likely to view their efforts as an opportunity to transform their data management work and create new business models. An estimated 1,500 global GDPR leaders took part in the research. This slide show presents highlights from the survey, with charts provided courtesy of IBM.

IBM reports that only 36 percent of survey respondents expect their organization to be fully compliant with GDPR by May 25. What’s more, at the time that the survey was conducted between February and April of this year, 18 percent of respondents said their company hadn’t even begun to prepare for GDPR, but they expected to before the deadline.

The top focus area for GDPR compliance is the performance of data discovery and the verification of data accuracy, as cited by 60 percent of respondents. The next top priority is compliance with data processing principles, as cited by 58 percent.

Nearly nine of 10 “sparked” companies consider themselves either “very” or “fully” committed to providing the needed resources and attention to meet GDPR requirements. In contrast, only 46 percent of “squeezed” organizations are this committed.

Nearly all respondents from “sparked” organizations—96 percent—believe that the public will view proof of GDPR compliance as a positive differentiator. In comparison, 81 percent of those from “squeezed” businesses believe this.

With more trust built into customer relationships, 91 percent of respondents from “sparked” businesses predict that their organization will generate new business opportunities from GDPR efforts. Among respondents at “squeezed” companies, only 72 percent anticipate this.

Speaking to business opportunity benefits, 93 percent of respondents from “sparked” companies said their organization will be able to provide more personalized experiences for customers/data subjects thanks to GDPR. Only 74 percent of those at “squeezed” businesses made the same claim.

When asked about the quality of their organization’s collaboration on GDPR, 94 percent of respondents at “sparked” companies describe it as either “good” or “very strong.” However, just 49 percent of those at “squeezed” organizations gave this assessment of their GDPR collaboration.

“Sparked” companies take a more strategic view of GDPR, with 42 percent indicating that a strong overall digital strategy is a top enabler for preparation. Only 32 percent of “squeezed” organizations list this as a top enabler.

“Sparked” companies are also more likely to consider enterprisewide thinking in approaching GDPR, with 41 percent indicating that they’re taking a holistic approach throughout privacy, processes and security to meet the deadline. Just 34 percent of “squeezed” organizations are doing this.