It just keeps piling up. A new study by Openprise shows that three out of four companies are unprepared for the General Data Protection Regulation (GDPR). And half are not even aware of it.
This is in line with other research, but it’s surprising, considering that the survey was done at a high-tech event where people should have known better.
Openprise, a provider of a data orchestration platform and compliance services, polled 508 attendees at the recent Dreamforce conference. Of that sample, only about 52% were aware of GDPR, and a paltry 43% of the sales and marketing people knew about it.
Huh? These are the guys to whom you’re entrusting your marketing. Granted, awareness was higher among those who have data on EU citizens in their systems — 72% knew of GDPR.
But only 60% of those have a framework to ensure compliance with the regulation that takes effect next May.
And of those that do know of the pending rule, only 49% have a framework. And 32% aren’t sure what the biggest compliance challenge is.
What’s the problem? For 32%, the biggest hurdle is “managing data stored across different parts of the organization.”
Another 21% cited lack of understanding of GDPR’s impact, and 10% said the issue was identifying who in their firm is responsible for compliance. And 38% said they just don’t know.
Need we repeat that the penalties for non-compliance are €20 million, or 4% of a company’s annual global revenue, whichever is higher? Of course, it depends on the magnitude of the offense. But the legal bills can kill you, too.
Now you may feel free to go on your merry way because you don’t market in Europe.
But European consumers could order from you anyway. And at some point, as the numbers build up, you may hear from the commissioners.
Despite all the blather, there’s no great mystery about it. You have to have affirmative consent to hold and process data on people — and to market to them. And you have to remove data on request.
This rule also applies to your service vendors, and you’ll take the hit if they’re not compliant. So that requires due diligence.
If you’re big enough in Europe, it will pay to hire an inhouse specialist to manage compliance.
That said, big vendors and companies probably won’t suffer much at first.
“They have a huge army of lawyers,” Allen Pogorzelski, vice president of marketing for Openprise, recently said. “Most have a compliance group. The ones that don’t are going to be caught flat-footed."
So why worry? Ed King, CEO of Openprise, sums it up:
“It’s disconcerting that companies as a whole still lack awareness when it comes to GDPR, not to mention an understanding of how to gain compliance. The runway is disappearing.”
King concludes, “If you have any EU data in your sales and marketing databases, you must act now to ensure GDPR compliance and avoid steep penalties that could sink your company.”