With only a year to go, nearly half of UK companies won't be ready for GDPR

Only 54% of UK businesses believe they are on course or ahead of their plans to be ready for GDPR by 26 May 2018, the DMA has found.

This figure is down from the more optimistic 68% in February as further announcements and guidance from the Information Commissioner’s Office (ICO) cause marketers to worry about overly strict interpretations of the General Data Protection Regulation (GDPR) laws.

The majority of marketers are aware of the GDPR (96%) and (93%) understand that the GDPR will happen in one form or another regardless of the decision to leave the EU. 

Still, nearly a quarter (24%) of companies have yet to even start a GDPR plan, according to a research by the DMA that drew responses from 251 of its members. 

Marketers are also losing confidence in their preparedness with those feeling "extremely" or "somewhat" prepared slipping from 71% to 61% of the total.

Chris Combemale, chief executive of the DMA Group, said: "Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency.

"What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently if we’re expected to be ready in time."

Even those who have done their best to be compliant may fall short as definitions of the laws seem to grow more strict.

The study also showed that marketers believe that the impact of GDPR is greater than they had thought when the DMA last ran this study in February. Those who said they will be "very" or "extremely" affected rose from 44% to 54% of the total.

Overall, marketers’ biggest concerns are over consent (68%), legacy data (48%), implementing a compliant system (38%) and profiling (30%).

Even those who have done their best to be compliant may fall short as definitions of the laws seem to grow more strict, Combemale said: "Take the example of the RNLI, which last year made the high-profile move to re-contact its entire database to make sure that they only contact people who have positively opted in. They did this in consultation with the ICO, but prior to the publication of the recent guidance on consent.

"The statement they used does not meet the overly strict interpretation the ICO proposed. Does this mean that all the work that RNLI has done, while consulting with the ICO, will not be compliant come May 2018? The result for the RNLI and other proactive organisations could be incredibly damaging and the financial impact could be catastrophic."

Wondering how, or even if, you need to worry about GDPR compliance? Watch out for our series of GDPR Q&A pieces that we'll run from next week. In this series, experts will provide short answers to very specific questions such as, "Will even my digital out of home campaign be affected by GDPR?". Got a burning question you'd like answered? Send it to emily.tan@haymarket.com 

Subscribe today for just $116 a year

Get the very latest news and insight from Campaign with unrestricted access to campaignlive.com , plus get exclusive discounts to Campaign events

Become a subscriber


The latest work, news, advice, comment and analysis, sent to you every day

register free