A year after GDPR took effect, research by Thomson Reuters has found that 57 per cent of UK global businesses believe they are failing to comply with their worldwide data privacy compliance obligations, up from 44 per cent in 2017. Nearly a third of UK global businesses say they are either having difficulty keeping current or are falling further behind on compliance. Thomson Reuters says UK global businesses are lagging behind many of their international peers in terms of data protection compliance, with 48 per cent of businesses surveyed across nine different countries believing they are failing to meet obligations. In comparison, 42 per cent of US businesses and 31 per cent of French businesses believe they are failing.
The introduction of GDPR has made it more challenging for businesses to meet their data privacy compliance obligations and they now also face significant fines for failing to do so. Fines under GDPR may be as high as €20m or four per cent of global turnover, whichever is greater. The research also suggests that the challenges that GDPR set for businesses have been greater than expected. Thirty-seven percent of UK global businesses said they are finding it more difficult than expected to comply with GDPR. Seventy-nine percent of UK global businesses also said they believe regulators underestimate the impact of data protection regulations on their industry.
Data protection costs
UK businesses surveyed said all this now costs them an average of £840,000 annually to comply with data protection regulations worldwide. Jim Leason, customer proposition lead - legal professionals Europe at Thomson Reuters, says “Many businesses say they are still struggling to comply with GDPR. If that is the case, then the potentially massive fines that could be levied under GDPR are the kind of threat to keep directors up at night.' He explained: 'Many businesses are getting less comfortable over their GDPR compliance. More businesses now than a year ago believe they are failing to comply with all of their global data privacy-related obligations. Obviously, the comfort level businesses have with compliance is heading in the wrong direction.' Mr Leason added: 'What also seems to be coming through from our research is a sense that businesses feel legislators and regulators didn’t anticipate the major workload that GDPR entails.'