Nearly half of businesses “will not be ready in time for the GDPR”


With just one year to go until the new GDPR data protection rules will come into force, new research from the DMA reveals that nearly half of businesses don't think they're going to be ready in time, with a further quarter of companies yet to even start a GDPR plan.

Marketers worry that the interpretation of GDPR laws will be overly strict. Just over half (54%) of businesses say they are on course or ahead of their plans to be ready for GDPR by 26 May 2018, down from 68% in February, with a further quarter of companies (24%) yet to even start a GDPR plan. Specific GDPR guidance for business, released by the ICO and others, may have caused more concern than assistance.

Awareness of the GDPR remains high at 96%, but marketers felt less personally prepared than earlier in the year, with those feeling 'extremely' or 'somewhat' prepared slipping from 71% to 61% of the total, according to the third chapter of the DMA's 'GDPR and you' research series. This project investigates the marketing industry's awareness and preparedness for the GDPR.

Chris Combemale, CEO of the DMA Group, said: "Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half. Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency. What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we're expected to be ready in time."

The results show that marketers perceive the impact of the GDPR to have risen since the last time the DMA ran this research in February. Those saying they will be 'very' or 'extremely' affected rose from 44% to 54% of the total. Marketers' biggest concerns are over: consent (for 68%), legacy data (48%), implementing a compliant system (38%) and profiling (30%).

Combemale continues: "Take the example of the RNLI, which last year made the high profile move to re-contact its entire database to make sure that they only contact people who have positively opted in. They did this in consultation with the ICO, but prior to the publication of the recent guidance on consent. The statement they used does not meet the overly strict interpretation the ICO proposed. Does this mean that all the work that RNLI has done, while consulting with the ICO, will not be compliant come May 2018? The result for the RNLI and other proactive organisations could be incredibly damaging and the financial impact could be catastrophic."

According to the research, since the Brexit vote in 2016, a net 9% of marketers (18% said there has been a decrease, while 8% claimed an increase) said trade within the UK had decreased, with a net 8% (17% said there had been a decrease in trade, 9% said there had been an increase) saying trade has also decreased with the EU. A small (2%) number believe trade with non-EU countries had increased. The majority of marketers (93%) understand that the GDPR will happen in one form or another regardless of the decision to leave the EU.

Combemale adds: "As Britain's role in the world changes, we must look at a global approach to free trade with free movement of data at its heart and the UK at the centre. Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come 26 May 2018."

To find out more about the research visit:

Read more