92% of European businesses are unprepared for GDPR

  • 28% are unfamiliar with the new regulation they will need to adhere to in less than seven months
  • Over half (51%) believe the regulation is too complex for SMEs and middle market businesses, but agree that increased regulation around the use of personal data is necessary


Businesses across Europe are unprepared for the EU’s General Data Protection Regulation (GDPR), which comes into law in May 2018, according to new research conducted for RSM, the 6th largest audit, tax and consulting network, by the European Business Awards. The survey, completed by 400 of Europe’s successful business leaders, asked about their preparedness for GDPR and how the new regulation will impact their operations.

Less than 12 months before the new regulation comes into effect, only 8% of business are ready for GDPR, and have made the necessary changes to be compliant with the regulation. Meanwhile, one in four business leaders (28%) are completely unaware of the regulation they will have to adhere to. Worryingly, 26% of business leaders familiar with their GDPR strategy, admit their organisation will not be compliant by the May 2018 deadline.

Businesses that fail to comply before the deadline could face fines of up to 4% of global turnover or €20 million, whichever is higher.

The process of preparing for GDPR is already impacting business operations. The survey highlights that a concerning number of businesses are cutting back in other areas including plans to create innovative new products (23%) or to fuel growth through international expansion (22%).

Jean Stephens, CEO, RSM, commented: “In less than 7 months, businesses across the continent will have to adhere to GDPR. We have seen an increase in clients asking us about GDPR consulting services, however, it is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline.

Business leaders need to understand that this is not a simple tick-box exercise. They will likely need to implement significant changes that could impact their organisation as a whole and so the sooner they begin to prepare, the better.”

The complexity of the GDPR regulation is starting to weigh on European businesses. Of those that are looking at the regulation, 51% believe it is too complicated for SMEs and middle market businesses. Two out of five companies (41% of those involved in or aware of their organisation’s strategy) believe the requirements of the GDPR regulation will significantly increase their business expenditure, including spending on consulting services. The use of external expertise is increasingly prevalent, with 60% of businesses looking for external support in order to deliver their compliance project before the May 2018 deadline.

Despite the complexity of the regulation, businesses do appreciate the necessity of GDPR. Business leaders across Europe support the changes with the majority (52%) agreeing that regulation to monitor the use of personal data is necessary.

Adrian Tripp, CEO, European Business Awards said: “While most European businesses support the need for change around personal data, it is clear that many firms are either finding the GDPR regulations challenging, or are unaware of the requirements to them. As the clock is ticking it is important these businesses review the legislation, seek help if needed, or risk facing large scale fines next year.”

The European Business Awards is the largest cross sector business competition in Europe. Its primary purpose is to support the development of a stronger and more successful business community.

RSM is currently advising companies on GDPR planning and compliance.

Register for RSM's free GDPR webinar on 30 November 2017 at 12:00GMT: a roadmap to help ensure compliance and avoid penalties.

How can we help you?

Contact us by phone

T: +44 207 601 1080

or submit your questions, comments, or proposal requests.

Email us