- About Us
The moment we’ve all been waiting for has finally arrived: the 25th of May 2018, D-day for the General Data Protection Regulation to come into full force in Europe. During the last eight months iWelcome has monitored European organisations on their state of GDPR readiness and published its findings every two months.
After the first measurement in November our conclusion was that 89% of organisations was not ready for GDPR. During the months to follow we saw minor changes in the measurement rounds. There was some improvement, but only in small nuances. No significant changes were made, hardly any new privacy policies were introduced, and it was most certainly not enough to become compliant.
Just a few weeks before GDPR D-day, we did a fourth measurement. Even with the date approaching, we still noticed a lot of non-compliant issues in our research and overall only small improvements compared to the third round.
Some of the major findings are:
Judging by the amount of GDPR emails that we received in the last weeks of May, it was a tight race for many companies to be ready in time. This makes us curious for the next measurement in June. We are currently researching the state just after the coming into force, so stay tuned for the 5th report.
You can read the research reports here:
About the research
iWelcome’s research is being performed during the period from October 2017 towards May 25th, among 89 European organisations over 7 countries (the Netherlands, the United Kingdom, Germany, France, Switzerland, Spain and Sweden) and 6 verticals (Insurance, Utilities, Media & Publishing, Travel & Services, Retail/E-tail & Consumer Products and Non-Profit). It's conducted from a consumer’s perspective, by registering online. Whenever the registration process doesn’t provide clear findings, the organisation’s privacy policies are being checked.
Due to the nature of the research, only the variables that are relevant for customer interaction have been tested. Underlying arrangements within organisations (for example designating a Data Protection Officer) have not been measured. The ongoing research will monitor the state of compliance of European organisations every two months.