Championing Data Protection
Firms failed to meet their own expectations on GDPR compliance, but 81% of those who declare being compliant have reported positive impacts on reputation and image
View the full report here
Key findings from the report include:
Enterprises have fallen behind on GDPR compliance
Although over a year has passed since GDPR went into effect, the position of many enterprises remains uncertain in terms of compliance. While 28% of organizations say they have achieved compliance, just 30% of organizations are “close to” complete compliance but still actively resolving pending issues. Compliance was highest with companies in the US (35%), followed by the UK and Germany (both on 33%), and lowest in Spanish, Italian, (both on 21%) and Swedish companies (18%).
Executives identified the challenges of aligning legacy IT systems (38%), the complexity of the GDPR requirements (36%) and prohibitive costs to achieve alignment with regulations (33%) as barriers to achieving full GDPR compliance. The volume of queries from data subjects has also been extremely high: 50% of US companies covered by GDPR have received over 1,000 queries, as did 46% of French companies, 45% in the Netherlands and 40% in Italy.
As organizations struggle to comply, they are actually making significant investments to fulfil the costs of increased professional fees to support GDPR alignment; 40% expect to spend more than $1m on legal fees and 44% on technology upgrades in 2020. In addition, organizations face a new challenge - the adoption of new legislation in different countries outside the European Union.
Benefits of being GDPR compliant are greater than expected
Opportunities are being lost by companies which fail to achieve GDPR compliance. Of the organizations that have achieved compliance, 92% said they gained competitive advantage, something only 28% expected last year. The vast majority of executives from firms which achieved compliance said it had a positive impact on customer trust (84%), brand image (81%) and employee morale (79%). Executives from compliant firms also identified positive second-order effects of implementing GDPR, including improvements in IT systems (87% vs. 62% who anticipated this in 2018), cybersecurity practices (91% vs. 57%) and organizational change and transformation (89% vs. 56%).
Technology is a key enabler for compliant organizations
The survey found a clear gap in technology adoption between compliant organizations and those lagging behind. Organizations compliant with GDPR, in comparison with non-complying organizations, were more likely to be using cloud platforms (84% vs. 73%), data encryption (70% vs. 55%), Robotic Process Automation (35% vs. 27%) and industrialized data retention (20% vs. 15%).
Furthermore, while 82% of GDPR compliant organizations had taken steps to ensure their technology vendors were compliant with relevant data privacy regulations, only 63% of non-compliant companies could say the same. A majority (61%) of the compliant organizations said they audit sub-contractors for data-protection compliance, compared to 48% of non-compliant companies.
View the full report here
The research surveyed 1100 senior executives, director level and above, spread across eight sectors: insurance, banking, consumer products, utilities, telecom, public services, healthcare, and retail. Executives belong to companies headquartered in: France, Germany, Italy, Netherlands, Norway, Spain, Sweden, UK, US, and India. Capgemini also conducted interviews with industry leaders and experts, examining the current status and impact of data privacy regulations.
A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of over 200,000 team members in more than 40 countries. The Group reported 2018 global revenues of EUR 13.2 billion.
Visit us at www.capgemini.dk. People matter, results count.