Are Businesses Taking GDPR Seriously?


In the months leading up to the required start date for GDPR (General Data Protection Regulation) compliance, there was a lot of talk about all the different steps that businesses had to take. Most consumers also received a flurry of emails from tech companies letting them know that they were following all the measures required for compliance.

While all of this activity made it seem like GDPR was something that businesses of all sizes were embracing, new data related to this topic paints a different picture. Based on an analysis of where things are at three months after the start of GDPR, it appears that the majority aren’t in full compliance with all of the mandates.

More Details About the Lack of GDPR Compliance

According to a global study, only 1 out of every 5 businesses is fully complying with what’s required by GDPR. Although it’s easy to assume that this number only gets skewed by businesses outside of the EU, that doesn’t appear to be the case. Even when the analysis is limited to EU companies, the compliance rate still just clocks in at 27%.

Given this very low adoption rate, it’s worth looking at the root causes. One major issue is the sheer scope of GDPR. Because it requires so much of businesses, it sets too high a barrier for many. This is reflected in a very interesting data point, which is that 90% of businesses are planning to hire at least one staff member over the next year for a role focused solely on compliance.

Expanding on the burden that all of these regulations create, the cost to actually become compliant can be huge. Around 25% of businesses have spent at least half a million dollars to make this happen.

The other issue that can make compliance especially challenging is for any business that has to deal with a supply chain. This is due to the fact that not only does data need to be managed internally, but controls have to be put in place to help protect it as it flows out of the business.

What Should Businesses Do?

All of this news may come as a surprise and appear to paint a bleak picture. Fortunately, that’s not necessarily true. There are two important things to keep in mind. The first is if you look back at the EMV mandate, it followed a similar pattern.

Even after lots of upfront discussion, actual adoption took a good amount of time. And the second thing to keep in mind is this is actually reassuring for smaller businesses that simply aren’t able to be in full compliance at this time. Any business taking steps towards GDPR without fully reaching what’s required is far from being alone.

One element that can help with tasks related to GDPR is having a strong processing partner. So if you’ve been considering a switch, be sure to look at our list of recommended credit card processing companies.

Posted on Wednesday, September 19th, 2018