GDPR Is Here – And Only 19% Of Companies Are Fully Ready
May 25th, 2018. Here we are! The European General Data Protection Regulation (GDPR) has come into effect. So are we finally finished and ready to help consumers take back control of their data? The newly released survey from BARC/CXP clearly hints that for most companies, May 25th, 2018 looks more like a beginning than a deadline. Here is why.
Ready! For What?
Now that GDPR is a reality for all businesses that control or process data about or relating to EU citizens, including businesses and organizations headquartered outside the European Union, what are the consequences if your organization is not fully prepared?
“Even if you’re not finished preparing for the GDPR on May 25th, this is not a problem. This is a learning curve, and we will consider, of course, that this is a learning curve. The role of the regulator is to be very pragmatic and to be proportionate. However, it’s important that you start today, not tomorrow,” says Isabelle Falque-Pierrotin, Chairman of the CNIL, the French Data Protection Authority.
A recent survey from BARC of 200+ CXO respondents shows that organizations understand that guidance; only 19% consider that they are GDPR ready, most among the other being still in planning (17%) or development (30%) phase.
Does that mean that slow and steady wins the race? Probably not. May 25th is the D-day where data subjects, your customers, and your employees have gained new rights: the right of access, the right of rectification, the right of portability, and the right to be forgotten. For them, GPDR is more of a liberation than a constraint, and there is no doubt that they will want to try out your system of trust, the one that can guarantee a fair and safe usage of their personal data.
Some privacy activists, like the French association « La Quadrature du Net », or Austrian Lawyer Max Shrems, are already pushing for group actions, pressuring the data protection authorities to ensure that the regulation is respected.
When a customer asks to enact for their data subject right that a company is not able to fulfill, this is embarrassing. And what will companies do if thousands of customers ask?
Data Management to the Rescue
Enacting the rights for the data subject, managing consent, and minimizing personal data when it is used beyond the scope of legitimate interest and consent — these are the kinds of mandates that bring GDPR beyond a box-ticking exercise and require data management technologies.
This doesn’t mean that you shouldn’t underestimate the organizational challenges. The survey highlights those traditional challenges, such as tackling the organizational issues, addressing the lack of expertise or availability of resources.
But it shows the need as well to get hands-on with the data with proper tools.
On that front, the BARC survey brings us back to the basics; 57% of participants plan to expand their use of Data Integration to comply. Creating a consistent, trusted and auditable 360° view of their data subjects with Data Quality, Master Data Management, and reporting, is also in the radar for almost half of the participants. And then there is the Data Governance dimension to track and trace the origin and usage of personal data.
Beyond GDPR: trusted data for personalized experiences
Many organizations say they struggle to implement complex things like consent management, the right of portability, or the right to be forgotten. The survey reveals that significant sums are being spent on GDPR compliance in 2018, with the large majority of companies spending more than €250,000, including 16% spending up to €5 million.
But our survey also highlights the business benefits. Indeed, the regulation forces an organization to finally take total control over their critical data. Thanks to the potentially very costly fines, data governance has now become a board discussion. That’s why close to 80% of participants agree that GDPR is helping to improve data trust, control, and relevance.
Even more importantly, the survey reminds us of the ultimate goal. Personal data at its best delivers personal experiences. It allows companies to better know their customers, and turn this knowledge into increased sales, customer satisfaction, and innovative services.
Today is just a starting point for organizations to take control of their data. For more about how organizations are implementing GDPR, and to benchmark your own progress, take a look at our whitepaper, 16 Steps to GDPR Compliance.