May 25 was the beginning and not the end of the GDPR journey. But a large proportion of organisations appear to be thumbing their nose at the data regulation.
Three months after the EU’s General Data Protection Regulation (GDPR) came into effect there are still, unsurprisingly, a large number of organisations that are yet to be fully compliant.
This alone should not be a cause for concern – Louise Byers, head of risk and governance at the Information Commissioners Office (ICO), has herself emphasised that when GDPR came into force on May 25 it represented “a beginning and not the end”.
However, new research from digital marketing agency, MarketingSignals.com suggests that some of the reasons for non-compliance are significantly more than minor infringements on the pathway to compliance.
The survey of 1,021 UK workers revealed that more than one in three businesses (37%) confess they are still not following the GDPR.
And the top five reasons given for non-compliance are:
- 35% said they are still sending marketing emails without the expressed consent.
- 31% revealed they still have the data of those who haven’t agreed to opt in to having their data stored.
- More than a quarter (27%) revealed that they haven’t secured the data in case of a ransomware attack.
- 22% report they have a longer process for those choosing to opt out from receiving information.
- 14% said they still have hidden privacy-friendly choices.
Most of these represent serious indiscretions and despite the Information Commissioner Elizabeth Denham's pledge last year that "issuing fines has always been, and will continue to be, a last resort", those organisations that continue to flout the rules with major infringements are playing a dangerous game.
The arrival of GDPR was also heralded as an opportunity for organisations to refresh their data management practices and improve their marketing performance - but the new research indicates that this message has also failed to resonate with some organisations. The study suggests that nearly a fifth of organisations (17%) are still unsure as to what the benefits of being GDPR compliant are.
Gareth Hoyle, managing director at MarketingSignals.com comments: “The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR regulations. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible.
“Businesses need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected which is a good thing for UK businesses.”
About Neil Davey
Neil Davey is the managing editor of MyCustomer. An experienced business journalist and editor, Neil has worked on a variety of newspapers, magazines and websites over the past 15 years, including Internet Works, CXO magazine and Business Management. He joined Sift Media in 2007.