The General Data Protection Regulation (GDPR) is due to come into force in a little over seven months. However, research from the Direct Marketing Association (DMA) revealed that despite an increase in preparedness, a significant minority of companies still lack a compliance plan ahead of implementation.
The research, which has been running since June 2016, showed that 56% of surveyed companies believed they are on track to meet the new regulations, while 4% believe they are ahead of schedule.
However, 15% — or just about 1 in 7 – companies were entirely lacking preparations for the incoming legislation.
Meanwhile, 17% of companies are falling behind on their current plans — a rise from 11% in May 2017.
The results also showed that overall awareness and preparation for individual marketers have risen since June 2016, with 77% rating their awareness as ‘good’, and 74% saying they felt ‘somewhat’ or ‘extremely’ prepared.
However, despite 85% of surveyed businesses having implemented plans to become compliant, only 58% of employees felt that their organisation was ready for the upcoming changes.
Regarding the impact of the GDPR itself, a majority (65%) of respondents thought that the GDPR will hinder their marketing, while 39% thought that the changes will improve ability to meet customers’ needs.
Matt Lowndes, managing director of Coreco, a mortgage adviser, thinks the GDPR is a positive development: “I don’t think it’s going to have a particularly detrimental effect on what we do – we regularly cleanse our data already. But I think it’s a good thing that clients will understand what people are holding on them all.”
“We’ve seen so many data breaches over the last few years,” Lowndes added, “so it’s absolutely essential for people to know what their data is being used for.”
Intended as a replacement for the data protection directive of 1995, The GDPR is a piece of directly binding EU regulation aiming to strengthen and extend the scope of data protection for EU citizens – both within the European Union itself and the exporting of personal data beyond the EU.
Chris Combemale, chief executive officer of the DMA Group, said that “the GDPR is a watershed moment for organisations to make data protection a core brand value, placing respect for privacy at the heart of their brand proposition. We should use the new laws as a catalyst to transform the way we speak to customers, making every engagement human-centric. This will enable organisations to build trusted, authentic and transparent relationships with their customers.”
“As an industry, we must always keep in mind the customers’ right to privacy.” Combemale continued, “It’s important that businesses put the principles of accountability, transparency and trust at their core. Allowing them to go beyond simply being the right side of the law and actually build a sustainable long-term relationship with customers about their data.”
The GDPR will come into force in the UK from 25 May 2018, and the UK government has confirmed that the Brexit negotiations will not affect the commencement of the regulation in the country.