12 months until GDPR D-Day: compliance fears rocket

industry faces breach payout hellSpecific GDPR guidance for business, released by the Information Commissioner’s Office and others, may be having a negative impact, according to a new DMA study, which has exposed growing concerns over the complexity of compliance.
In February, 68% of businesses said they were on course or ahead of their plans to be ready for GDPR by May 2018, but this has crashed to just over half (54%), with a further quarter of companies (24%) yet to even start a GDPR plan.
Awareness of the GDPR remains high at 96%, but marketers felt less personally prepared than earlier in the year, with those feeling ‘extremely’ or ‘somewhat’ prepared slipping from 71% to 61% of the total, according to the third chapter of the DMA’s ‘GDPR and you’ research series. This project investigates the marketing industry’s awareness and preparedness for the legislation.
DMA Group chief executive Chris Combemale said: “Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half.
“Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency. What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we’re expected to be ready in time.”
The results show that marketers perceive the impact of the GDPR to have risen since the last time the DMA ran this research in February. Those saying they will be ‘very’ or ‘extremely’ affected rose from 44% to 54% of the total. Marketers’ biggest concerns are over: consent (for 68%), legacy data (48%), implementing a compliant system (38%) and profiling (30%).
Combemale continues: “Take the example of the RNLI, which last year made the high profile move to re-contact its entire database to make sure that they only contact people who have positively opted in. They did this in consultation with the ICO, but prior to the publication of the recent guidance on consent.
“But the statement they used does not meet the overly strict interpretation the ICO proposed. Does this mean that all the work that RNLI has done, while consulting with the ICO, will not be compliant come May 2018? The result for the RNLI and other proactive organisations could be incredibly damaging and the financial impact could be catastrophic.”
According to the research, since the Brexit vote in 2016, a net 9% of marketers (18% said there has been a decrease, while 8% claimed an increase) said trade within the UK had decreased, with a net 8% (17% said there had been a decrease in trade, 9% said there had been an increase) saying trade has also decreased with the EU.
A small (2%) number believe trade with non-EU countries had increased. The majority of marketers (93%) understand that the GDPR will happen in one form or another regardless of the decision to leave the EU.
Combemale adds: “As Britain’s role in the world changes, we must look at a global approach to free trade with free movement of data at its heart and the UK at the centre. Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come May 2018.”

Related stories
12 months until GDPR D-Day: still not too late to act
GDPR countdown fuels warning of 4,500% rise in fines
84% of UK SMEs have still not heard of EU data reforms
ICO’s 2016 fines would rocket to £69m under GDPR
TalkTalk could have faced £70m fine under GDPR
20% of firms fear ruin as GDPR panic spreads globally
ICO insists GDPR guidance will cover legitimate interest
Industry on alert over third-party data legal crackdown
DMA joins forces in bid to demystify legitimate interests
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims