Deloitte GDPR Benchmarking Survey: The time is now
How are organizations facing the challenge of complying with the GDPR?
Deloitte has conducted a GDPR benchmarking survey across a sample of organizations and industries in EMEA. The aim of this survey was to understand how organizations are preparing for GDPR compliance, how advanced their implementation plans are, and how confident they are of achieving their goals by 25 May 2018.
The results indicate that organizations are taking a wide range of readiness approaches, driven by the combination of the potential for significant fines, the increased obligation to demonstrate proactive compliance and the complexity and ambiguity of some of the requirements.
Approaches to compliance and remedial spending vary widely; 39% of organizations report spending less than €100,000, whilst 15% report spending more than €5 million. There is no correlation between organization size (by headcount or revenue) and spend, nor any clear trends in different industry segments. Our results show there are organizations with fewer than 10,000 employees spending over €2.5 million as well as organizations with more than 50,000 employees spending less than €250,000.
Overall, only 15% of organizations surveyed expect to be fully compliant by May 2018, with the majority instead targeting a risk-based, defensible position.
The Survey results also reveal what GDPR requirements organizations find most challenging. The top five (in order of difficulty) are:
- Right to erasure
- Developing and maintaining a personal data register
- The accountability principle
- Data portability
This report makes pragmatic recommendations on how to comply with the most challenging areas related to GDPR. Most importantly, it explains how privacy can become more than a compliance exercise; how it can turn into a real business asset and enabler, and maybe even a competitive advantage.