GDPR preparedness survey results
August 11th, 2017
Tech Essence’s GDPR survey results on anticipated challenges and preparedness levels.
With less than 8 months until the implementation of the General Data Protection Regulation (GDPR) in May 2018, we carried out a GDPR preparedness survey to gain an understanding of how prepared the wider marketing community is for the new regulation and what challenges they face in their journey to become fully GDPR compliant.
ON TARGET FOR GDPR
The early signs for GDPR compliance are (surprisingly) positive, with 77% of respondents stating they have started preparing for the new data governance rules and almost half of respondents reported that are aware of the legal and organisational requirements posed by the GDPR.
This is rather encouraging as it looks like most of marketing professionals are well underway with their planning efforts (40% have a clear plan in place and 49% are still working on their plan). The vast majority of respondents (87%) said that their existing practices will satisfy some of the GDPR, but still need to make a few changes. This probably means that they have already reviewed their existing practices and procedures and started planning how they will address any shortcomings. Interestingly, amongst those surveyed, 35% said that their organisations would not have been in compliance if GDPR had been fully in effect last year.
Here are the steps that respondents have taken to prepare for GDPR:
- Put a plan in place for making necessary changes in time for GDPR implementation (17%)
- Review the way they seek, record, and manage consent (15%)
- Check their procedures to ensure they cover all the rights individuals have (14%)
- Document what personal information they hold, where it came from and who they share it with (12%) and document their processing activity and update their privacy notice to explain it (12%)
- Designate someone to take responsibility for data protection compliance (10%) and update their procedures on how they will handle requests (10%)
- Put a plan in place to detect, report and investigate a personal data breach (9%)
The conditions for obtaining consent are stricter under GDPR requirements and this changes a lot of things for companies: 29% said that they will need to change the way they manage personal data, 26% conduct regular reviews of security measures, 21% conduct regular third-party checks including occasional audits, 7% make third-party and staff redundant and 17% other.
The reality is that even though respondents are aware of the need to comply with the regulations and have taken steps to prepare, the results show that 34% of respondents are very concerned and 58% somewhat concerned, with only 8% not concerned at all. Additionally, when asked what are the biggest concerns when the GDPR comes into force, 33% of respondents said consent and accountability, 19% the personal information they hold, 14% staff training, 10% the processing of personal data, 9% data protection officers and 5% data breaches, communicating privacy information and individuals' rights.
The survey responses provided a snapshot of marketing professionals' views of the GDPR prior to the implementation. This is a small survey from which it is hard to draw widespread conditions, but what is evident is that although businesses have already started preparing for the GDPR, they still have well-founded compliance concerns. Tech Essence's advice is to seize the GDPR opportunity to ensure all marketing practices live up to the promise of maintaining and protecting the privacy and confidentiality of personal information, but better hurry up - the GDPR clock has started ticking. By staying on the right side of the new regulation, you are best placed to safeguard your business reputation, increase customer satisfaction and ensure compliance. If you would like to talk about how to create improved transparency throughout your supply chain and build up your reputation as a compliant and trustworthy partner, contact Ken on 07584 191082