Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation. Furthermore, 16% of organisations across the UK and Germany confessed to not having been ready in time for the legislation, according to our research into consumer and business perceptions of the GDPR, six months after its roll-out.
Our research has highlighted that 86% of consumers would consider switching to another company if a breach were to occur, with 35% of consumers stating that a data breach under the GDPR would ‘definitely’ give them a negative perception of a company. More than two thirds (69%) also stated they would think about initiating legal action against a company which failed to manage their personal data under the GDPR.
A surprising 17% of UK consumers said they still hadn’t heard of the regulation compared to just 9% in Germany. A quarter (25%) of people in both regions revealed that they could not explain the GDPR in any way.
Ready or not
In light of consumer concerns, members of the C-Suite were asked whether their organisation was prepared for the legislation in time for the May 25 2018 deadline. The majority (84%) of businesses reported being ‘completely’ ready, with a further 11% being somewhat prepared. Those across the manufacturing and utilities industries had the highest preparedness rates at 91%, while retail had the lowest across both countries at 78%. UK businesses fell slightly behind their German counterparts, however, with a 10% difference in the number of organisations that met the official deadline.
Since the implementation of GDPR, one third (33%) of UK businesses have contacted the Information Commissioner’s Office (ICO) to check the severity of a data breach, while just less than half (49%) of German organisations have done the same with the Data Protection Commissioners.
Gaining and maintaining consumer trust
With over 40% of UK companies turning to the ICO in the first six months of the GDPR implementation, it’s hardly surprising that consumers still lack confidence around the privacy and safety of their personal information. As data breaches continue to hit the headlines on what seems like a daily basis, it’s almost impossible for anyone to believe their data is in good hands.
This immediately puts organisations at a disadvantage in gaining consumer trust, especially given people’s willingness to switch companies following a breach. With the GDPR putting consumers in a newfound position of power, it’s down to organisations to show they are rethinking their approach to data security, ensure they are fit for compliance, and enhance their relationships with consumers.
The cost to business
UK businesses also ranked second when it came to financial investment into preparing for the GDPR, with UK spend averaging £86,806, while German organisations invested an average of €210,653. Only three in ten of enterprises across the UK spent more than £10,000 preparing themselves, whereas more than half did the same in Germany. At the other end of the scale, 16% of German organisations invested between €500,000 and €1 million to become compliant, compared with just 5% of organisations across the UK.
The regulation has also impacted the way enterprises interact and engage with third-parties, with 38% admitting to completely changing their security policies with contractors or vendors according to the GDPR, and a further 24% partially changing policies.
A view from the C-Suite
As well as having to alter external relationships in order to meet the new requirements, it appears that organisations in both countries have also been affected by the data protection law in a number of other ways, with not all of them being positive. Although designed to bring greater control to how data is handled and protected, 30% of CEOs, CIOs and CISOs felt that the introduction of the GDPR had in fact led to increased complexity.
Perhaps more worryingly, almost a quarter (23%) believe the regulation has resulted in a greater risk of data breaches, while a further 14% reported a negative impact on their relationships with international partners. It wasn’t all doom and gloom, however, as 18% of respondents across the UK and Germany felt that the regulation has had a positive impact on innovation for their organisation.
Please find a detailed breakdown of the 2,006 consumer respondents via gender, age and market below, as well as the criteria for the 1,006 CEOs, CIOs and CISOs surveyed by company size, region and industry sector. The survey was issued in November 2018 by Censuswide.
Respondent breakdown: consumer
Base number of survey participants | Total | Gender | Age | Market | ||||||
Male | Female | 16-24 | 25-34 | 35-44 | 45-54 | 55+ | UK | Germany | ||
2006 | 990 | 1016 | 359 | 456 | 345 | 341 | 505 | 1000 | 1006 |
Respondent breakdown: business
Total | Company size | |||||||
Sole Trader | 1-9 employees | 10-49 employees | 50-99 employees | 100-249 employees | 250-500 employees | 500+ employees | ||
Base number of survey participants | 1006 | 284 | 235 | 105 | 60 | 88 | 131 | 103 |
Region | |||||||||||
East of England | Greater London | East Midlands | West Midlands | North East | North West | Northern Island | Scotland | South East | South West | Wales | Yorkshire & The Humber |
42 | 81 | 34 | 34 | 19 | 55 | 10 | 38 | 76 | 46 | 24 | 42 |
Industry sector | |||||||||||||
Architecture, Engineering & Building | Arts & Culture | Education | Finance | Healthcare | HR | IT & Telecoms | Legal | Manufacturing & Utilities | Professional Services | Retail, Catering & Leisure | Sales, Media & Marketing | Travel & Transport | Other |
60 | 53 | 40 | 71 | 45 | 12 | 197 | 16 | 42 | 153 | 147 | 41 | 28 | 101 |