Research conducted has underlined the growing concern that European businesses are simply not ready for the General Data Protection Regulation (GDPR).

Even though 97% of companies admit that the implementation of the GDPR will affect their business, just 5% say they are fully prepared for the new data regulation, with 33% stating that they are just over half way to compliance.

The GDPR comes into effect on 25 May 2018 and will require all companies to comply with stricter rules concerning the data protection and privacy of data subjects (citizens) within the EU.


The research, of 1,800 organisations, has found that European businesses are aware of the looming deadline – but far from ready.

Over half of organisations surveyed highlighted their concern regarding the role of their employees in GDPR compliance, with one in five businesses revealing that they had experienced a data compromising incident in the past 12 months.

The Data Protection Commissioner reported 2,795 valid data security breaches in 2017, an increase of 26% from 2016.

One in five senior managers are actively engaged with the GDPR on behalf of their organisation. 36% are allocating a substantial level of resources to meet GDPR requirements, while 97% of companies admit that the GDPR will affect the way they conduct their business.


While specific sectors and companies engaged in high risk data processing are obliged to appoint a Data Protection Officer under the GDPR, the survey found that:

Only 27% of companies have a DPO training programme in place; More than half of companies do not provide data protection training to employees; 63% of businesses have not assigned a DPO.

Failure to comply could result in fines of up to €20 million or 4% of an organisation’s annual global turnover. The research was conducted by the BSI Group.