Almost a third (30%) of European businesses admit they are still not compliant with GDPR, according to a survey conducted by the European Business Awards on behalf of RSM, one of the largest audit, tax and consulting organisations of advisers with a focus specifically on the middle market. Despite it being over a year since GDPR came into effect, and a raft of fines from regulators only 57% of businesses are confident that their business follows the rules, with a further 13% unsure either way.*

The impact of GDPR on Europe's businesses

Improved the management of customer data

73%

Increased investment in cyber security

62%

Encouraged new, innovative uses of data

58%

Made businesses feel safer from cyber crime

51%

The cost of compliance has slowed growth

37%

Compliance has made our business more effective operationally

31%

GDPR has made it difficult for us to work with non-European businesses

28%

The compliance gap is not down to any single issue, with middle market businesses struggling to understand and implement a whole range of areas covered by the regulation. More than a third (38%) of non-compliant businesses do not understand when consent is required to hold and process data, 35% are unsure how they should monitor their employees’ use of personal data and 34% don’t understand what procedures are required to ensure third party supplier contracts are compliant.

Despite the lack of compliance, GDPR is starting to have a positive impact on cyber security within the EU. Almost three quarters (73%) of European businesses say GDPR has encouraged them to improve the way they manage customer data and 62% say it has seen them increase their investment in cyber security. There remains much more to do, however, with 21% of businesses admitting that they still have no cyber security strategy in place.

Steven Snaith, Technology Risk Assurance Partner at RSM UK, commented: “With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things.

“But there are signs that this fatigue is about to fade. High-profile fines across Europe have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again.”

“One important aspect to note is that GDPR compliance is far wider than just policies, procedures and training. Underlying technology controls need to be robust to safeguard the leakage and unauthorised access of personal data.”

Jean Stephens, CEO of RSM International, commented: “GDPR is complex and challenging, but it is also an opportunity for businesses to differentiate themselves with their ability to respond and demonstrate their organisational agility. By letting go of legacy systems and rethinking the way they interact with data, these more entrepreneurial businesses can become more appealing partners and more innovative competitors on the global stage.”

About the data

Research was undertaken among European businesses who have engaged with the European Business Awards. The majority of businesses surveyed were European middle market businesses with a turnover of less than €100m. The sample included businesses from 34 countries.

The data in this release was obtained from two separate surveys:

  • The majority of the data comes from 370 responses collected between 29.05.19 and 11.06.19.
  • The final data point comes from 597 responses collected between 16.04.19 and 03.06.19.

*The headline, and the first paragraph refer to data taken specifically from respondents who are responsible for GDPR compliance within their organisation.

About RSM

RSM is a leading global network of audit, tax and consulting firms focused on the middle market, encompassing 116 countries, 750 offices across the Americas, Europe, MENA, Africa and Asia Pacific and more than 41,000 people internationally. The network’s total fee income is US$5.4 billion.

As a network, we share skills, insight and resources, as well as a client-centric approach that’s based on a deep understanding of our clients’ businesses. This is how we empower them to move forward with confidence and realise their full potential.

RSM is a member of the Forum of Firms, with the shared objective to promote consistent and high-quality standards of financial and auditing practices worldwide. RSM is the brand used by our network of independent accounting and advisory firms each of which practices in its own right. RSM International Limited does not itself provide any accounting and advisory services. Member firms are driven by a common vision of providing high quality professional services, both in their domestic markets and in serving the international professional service needs of their client base.

For more information, visit www.rsm.global, or search for RSM on Facebook, Twitter and LinkedIn.