The UK is the most well-prepared European country for the General Data Protection Regulation (GDPR), coming into force in May this year.
That’s according to findings from a new study by W8 Data, which was carried out amongst the top 10 European countries by GDP.
The firm discovered that confidence levels in the UK are well ahead of other European nations when it comes to GDPR compliance, with only 29% of UK organizations either not knowing or feeling totally unprepared for the new regs. That’s in contrast to almost half of Germans with Spanish and Swedish companies the least prepared, 73% and 71% respectively.
W8 Data compiled their findings into the below GDPR League table:
|
Position |
Country |
% of Organizations Unprepared |
|
1 |
UK |
29 |
|
2 |
Germany |
48 |
|
3 |
Poland |
52 |
|
4 |
Austria |
53 |
|
5 |
France |
54 |
|
6= |
Benelux |
59 |
|
6= |
Russia |
59 |
|
8 |
Italy |
63 |
|
9 |
Sweden |
71 |
|
10 |
Spain |
73 |
Findings also pointed towards a shift in perceptions surrounding GDPR in the UK in the last six months, from predominately negative to predominately positive. Increasing numbers of data controllers felt compliance is not the monumental challenge they feared and that there is more leeway than they expected.
“It is fantastic news that the UK is leading the march when it comes to compliance,” said Will Anthes, managing director, W8 Data. “It is easy to be despondent given all the negativity surrounding GDPR but ultimately it will enable more responsible marketing that will lead to stronger relationships with customers.”
However, speaking to Infosecurity André Bywater, partner at Cordery, was of the view that although there are some companies that are well-prepared for GDPR in the UK he does not feel that, on-the-hole, businesses are that well-prepared across the nation – especially smaller and medium-sized ones.
“For a number of our clients there has been a shift in attitude as they do see that plenty of aspects of GDPR are more manageable than they had thought e.g. regards marketing (although this is mainly about the PECR rules, but which will eventually be brought in line with GDPR), but I can’t say that I have seen an overall shift in the UK from negative to positive as regards certain aspects such as data breaches. Few businesses seem to understand what is going to come with mandatory notification of data breaches, despite continuing ICO enforcement such as the recent £400k Carphone Warehouse fine.”