Symantec commissioned independent research firm, Vanson Bourne, to interview 900 business decision-makers and IT decision-makers in the UK, Germany and France during September 2016. To qualify for the research the businesses decision makers and IT decision-makers organisations had to have at least 50 employees. Respondents were asked about the General Data Protection Regulation (GDPR) during interviews conducted during September 2016. Respondents were equally balanced between countries and were interviewed across all private and public sectors
Demographics Overview
900 IT decision makers and business decision makers were interviewed in September 2016:
- Surveyed in the UK (300), France (300) and Germany (300)
- To qualify for the research, respondents' organisations had to have at least 50 employees
- Respondents were interviewed across all private and public sectors
96 per cent of companies still do not fully understand the European General Data Protection Regulation - every option presented in the survey is part of the GDPR, so when businesses did not tick all answers they showed that they do not understand the GDPR fully. 96 per cent of businesses did not tick all the options
Nine in Ten (91 per cent) of respondents have concerns about their ability to become compliant
Only 22 per cent of businesses consider compliance a top priority in the next two years
Only 26 per cent of respondents believing their organisation is fully prepared for the GDPR
There is a stark lack of confidence in meeting the May 2018 deadline which leaves businesses at risk of incurring significant fines
Nearly a quarter (23 per cent) said their organisation will not be compliant at all, or only partly compliant, by 2018
Of this group, only a fifth (20 per cent) believe it is even possible to become fully compliant with the GDPR
Nearly half (49 per cent) believe that while some company departments will be able to comply - others will not
There is a stark lack of confidence in meeting the May 2018 deadline which leaves businesses at risk of incurring significant fines
Nearly three quarters (74 per cent) of businesses do not think an organisation’s privacy track record is a top three consideration for customers when choosing who to do business
Respondents admit customers ask about data security in more than a third (36 per cent) of transactions
35 per cent of respondents do not believe their organisation takes an ethical approach to securing and protecting data
While businesses grapple to become compliant, they remain out of touch with consumer expectations when it comes to data privacy and security. Nearly three quarters (74 per cent) of businesses do not think an organisation’s privacy track record is a top three consideration for customers when choosing who to do business, despite customers asking about data security in more than a third (36 per cent) of transactions.
Equally concerning is the finding that 45 per cent of respondents do not believe their organisation takes an ethical approach to securing and protecting data.
These results show there is a significant disconnect with consumer priorities. Symantec’s State of Privacy Report, found 88 per cent of European consumers see data security as the most important factor when choosing a company to do business with. In fact, 86 per cent see it as more important than product quality.
Perhaps unsurprisingly then, the State of European Data Privacy found 55 per cent of businesses are not confident they completely meet customers’ data security expectations.
Many businesses have not started working out the necessary organisation and cultural changes they need to make ahead of May 2018
Almost one in 10 (9 per cent) say all employees can access customers’ personal information
Six per cent say all staff can access customers’ payment details
Only 14 per cent believe everyone in the organisation has a responsibility to ensure data is protected
With such wide reaching access to people’s personal information, businesses are underestimating the challenges they will face in managing this in line with the GDPR
Less than half of those surveyed (47 per cent) said managing data ethically is a top priority for their organisation
less than half again (45 per cent) said they would be increasing security training
Only 27 per cent of businesses are planning to completely overhaul their approach to security in response to the GDPR
The results show businesses will struggle when it comes to The Right To Be Forgotten
Only 28 percent of IT and business decision makers realise the right to be forgotten is part of GDPR (see slide 4)
90 per cent of businesses say customers requesting their data be deleted will be a challenge for their organisation
81 per cent of respondents believe their customers would exercise their right for data to be deleted
However, 60 per cent of businesses do not currently have a system in place that enables them to respond to these requests
Only nine per cent of respondents have already received requests to be forgotten