A study of marketing professionals by the DMA has found an alarming lack of preparation among businesses for the EU’s new data regulation that is set to come into force 12 months from now.
Just under half (46%) of those surveyed said their business is not on course of ahead of plans to be ready for GDPR before it becomes law on 26 May 2018, up from 32% in February.
One in four of the marketers surveyed said their company has not even started to plan for the new rules, which will carry fines of up to €20 million or 4% of annual turnover for non-compliance.
Awareness of GDPR remains high at 96%, but marketers feel less personally prepared than earlier in the year, with those feeling ‘extremely’ or ‘somewhat’ prepared slipping from 71% to 61% of the total.
>See also: One year to GDPR: guide to compliance
The results show that marketers perceive the impact of the GDPR to have risen since the last time the DMA ran the research in February. Those saying they will be ‘very’ or ‘extremely’ affected rose from 44% to 54% of the total. Marketers’ biggest concerns are over consent (68%), legacy data (48%), implementing a compliant system (38%) and profiling (30%).
“Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half,” said Chris Combemale, CEO of the DMA Group. “Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency.
“What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we’re expected to be ready in time.”
Combemale highlighted the example of the RNLI, which last year made the high profile move to re-contact its entire database to make sure it only contacts people who have positively opted in.
RNLI did this in consultation with the ICO, but prior to the publication of the recent guidance on consent. The statement it used does not meet the overly strict interpretation the ICO proposed.
“Does this mean that all the work that RNLI has done, while consulting with the ICO, will not be compliant come May 2018?” Combemale added. “The result for the RNLI and other proactive organisations could be incredibly damaging and the financial impact could be catastrophic.”
>See also: 6 steps to GDPR compliance
According to the research, since the Brexit vote in 2016, a net 9% of marketers said trade within the UK had decreased, with a net 8% saying trade has also decreased with the EU. A small (2%) said trade with non-EU countries had increased. The majority of marketers (93%) understood that the GDPR will happen in one form or another regardless of the decision to leave the EU.
“As Britain’s role in the world changes, we must look at a global approach to free trade with free movement of data at its heart and the UK at the centre,” said Combemale. “Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come 26 May 2018.”