GDPR research update: 73% of European organisations are not compliant

From 25 May 2018 onwards, European citizens are being put back in control of their own data. But will consumers really be in control? How well prepared are European organisations for the major change marked by the entry into force of the GDPR?

iWelcome’s bi-monthly research shows that, with one month to go, organisations still have a lot to do. 73% is non-compliant in most areas. The major results after this third edition:

  • Only 27% is on track while 73% (!) of all organisations are non-compliant in most areas (compared to 76.4% in January 2018 and 80% in November 2017);
  • Changes in privacy policies are usually small, for example a modified data retention policy;
  • Out of 7 countries, France scores highest on GDPR-compliance with a score of only 6.04 out of 10. In the first round the Netherlands scored best, in the second round Germany;
  • Retail/E-tail & Consumer Products is the winning vertical.

 

More information about the first edition

More information about the second edition

 

About the research

iWelcome’s research is being performed during the period from October 2017 towards May 25th, among 89 European organisations over 7 countries (the Netherlands, the United Kingdom, Germany, France, Switzerland, Spain and Sweden) and 6 verticals (Insurance, Utilities, Media & Publishing, Travel & Services, Retail/E-tail & Consumer Products and Non-Profit). It’s conducted from a consumer’s perspective, by registering online. Whenever the registration process doesn’t provide clear findings, the organisation’s privacy policies are being checked.

Due to the nature of the research, only the variables that are relevant for customer interaction have been tested. Underlying arrangements within organisations (for example designating a Data Protection Officer) have not been measured. The ongoing research will monitor the state of compliance of European organisations every two months.