Approximately one in four marketers (26%) believe their businesses are unprepared for the EU General Data Protection Regulation (GDPR) coming to life in May 2018.

The new regulation will harmonise data privacy laws across Europe to protect and empower EU citizens and reshape the way organisations across the region approach data privacy.

The Direct Marketing Association’s (DMA) survey, ‘GDPR and you’, which investigated the industry’s awareness and preparedness for the impending regulatory changes, found that, although unready right now, 68% of marketers are confident companies will be compliant in time for the regulation.

The DMA’s CEO, Chris Combemale, has described the lack of preparedness across businesses as “concerning” and believes the next 16 months are crucial to get the industry ready for the new policies.

“The finish line for GDPR readiness is fixed and the risk to businesses of not being compliant is significant. Our advice is to continue preparations in earnest over the coming year,” said Combemale.  

He added that not making it across the line in time is “not an option” while displaying concern over B2B communities’ underestimation of the impact the new regulation will have on companies.

Conversely, marketers’ level of GDPR awareness has risen since last year, with more than half (66%) considering their awareness as ‘good’, up from 53% in June 2016, and their ‘personal’ feeling of preparedness lifting from 49% to 71%.

Current concerns

While providing a layer of protection for consumers, GDPR means all channels relying on personal data will be affected and this is a source of worries for marketers. According to DMA’s study, many are concerned the changes will hinder their businesses and the benefits might outweigh the cost, and there is a common perception that the policy might only benefit consumers.

Among marketers’ concerns, the top three are consent (70%), legacy data (50%) and profiling (37%).

The perception of how the new regulation might affect their businesses and how many issues it might pose varies between those working in B2B, B2C and mixed environments.

Although the number of those who believe they will be ‘very’ or ‘extremely’ affected has decreased, businesses serving B2B and B2C communities see the greatest challenges, while B2C-focused companies are most comfortable with the changes ahead.

Policies after Brexit

GDPR was introduced to provide consistency across countries in Europe, however, in the light of Britain’s decision to leave the EU, the DMA’s survey also addressed concerns surrounding the new situation, but with the regulation coming into force before the Brexit agreement has been finalised, the report suggests it won’t affect the new rules.

Affiliate Window’s data analyst Craig Foster reminded that in July last year, the IAB and ICO highlighted the importance of companies formally complying with the regulations, regardless of Brexit, and this still remains the case.

“While it’s not certain what data protection legislation will look like in the UK after we formally leave the EU, the ICO has said that it will likely be the same or very similar. It is worth considering that any business in the UK that deals with customers based in the EU will be bound by the GDPR regardless,” Foster commented.

According to DMA’s study, most (83%) businesses haven’t changed their plans to implement GDPR and a handful (7%) actively sped up the processes, with the majority of marketers (74%) being confident the best data protection policy is adhering to GDPR.  

“In an increasingly global digital marketplace, Brexit does not change the behaviours that companies must adopt in order to succeed and build long-term relationships with customers based on transparency and trust,” added Combemale.