Almost a third of European businesses are still not compliant with the wide-ranging European Union laws on data protection and privacy introduced last year, according to accounting firm RSM.
RSM said medium-sized businesses were “struggling to understand and implement” the General Data Protection Regulations (GDPR), which came into force in May 2018.
GDPR affects every company and was designed to strengthen the rights of consumers to know what firms and organisations are doing with their data and to simplify and better coordinate European regulation.
RSM’s survey, which was conducted with the European Business Awards and spoke to over 300 companies, came soon after companies found to have breached the rules were given hefty fines.
British Airways is to be fined £183m and Marriott hotel group almost £100m after hackers stole the records of customers and guests. UK regulators said the companies’ security was not good enough.
The RSM survey showed that 57 per cent of businesses are confident that their business follows the rules and 13 per cent are unsure either way.
“With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year,” said Steven Snaith, technology risk assurance partner at RSM UK.
Medium-sized businesses were “overwhelmed” and many “simply gave up and reverted back to the old way of doing things”.
Yet Snaith said the high-profile fines “have demonstrated that regulators across the EU are serious about enforcement. Businesses are scrambling to catch up once again”.
The survey found GDPR is improving cyber security within the EU. Over 60 per cent of European businesses said it has seen them increase their investment in cyber security.