Deloitte GDPR Benchmarking Survey: The time is now
How are organisations facing the challenge of complying with the GDPR?
Deloitte has conducted a General Data Protection Regulation (GDPR) benchmarking survey across a sample of organisations and industry sectors in the EMEA region to examine how they are facing the challenge of complying with the most radical overhaul of data protection laws in a generation.
Deloitte has conducted a General Data Protection Regulation (GDPR) benchmarking survey across a sample of organisations and industry sectors in EMEA. The aim of this survey was to understand how organisations are preparing for GDPR compliance, how advanced their implementation plans are, and how confident they are of achieving their goals by 25 May 2018.
The results of the survey indicate that organisations are taking a wide range of readiness approaches, driven by the combination of the potential for significant fines, the increased obligation to demonstrate proactive compliance and the complexity and ambiguity of some of the requirements.
The results show that approaches to compliance and remedial spending vary widely; 39% of organisations report spending less than €100,000, whilst 15% report spending more than €5 million. There is no correlation between organisation size (by headcount or revenue) and spend, nor any clear trends in different industry segments. Our results reported examples of organisations with fewer than 10,000 employees spending over €2.5 million, but other examples of organisations with more than 50,000 employees spending less than €250,000.
Overall, only 15% of organisations surveyed expect to be fully compliant by May 2018, with the majority instead targeting a risk-based, defensible position.
The Survey results also reveal what GDPR requirements organisations find most challenging. The top five (in order of difficulty) are:
- Right to erasure
- Developing and maintaining a personal data register
- The accountability principle
- Data portability
This report examines this and other matters related to compliance with the GDPR and makes pragmatic recommendations on how to comply with the areas respondents feel present the greatest challenges. Most importantly, this report considers how privacy can become more than a compliance exercise; how it can become a real business asset and enabler, and maybe even a competitive advantage.