UK firms are struggling with a complex patchwork of privacy regulations, with more than half now believing they’re failing with compliance efforts, according to new research from Thomson Reuters.
The news wire surveyed data privacy professionals at global organizations with an average of 16,000 employees before and after the GDPR came into force, to compile its latest report.
It found that UK businesses either have greater insight into their capabilities, or are genuinely falling behind their global counterparts when it comes to compliance.
Some 57% said they believe their business is failing to meet global compliance requirements, up from 44% in 2017. This compares with a global average of 48%, which falls further to 42% for US firms and just 31% in France.
UK companies are spending on average £840,000 annually to comply with global regulations, including the GDPR.
The new powers granted to regulators of monetary fines up to €20m or 4% of global annual turnover will be at the forefront of directors’ minds, according to Jim Leason, customer proposition lead for Legal Professionals Europe at Thomson Reuters.
“Many businesses are getting less comfortable over their GDPR compliance. More businesses now than a year ago believe they are failing to comply with all of their global data privacy-related obligations. Obviously, the comfort level businesses have with compliance is heading in the wrong direction,” he argued.
“What also seems to be coming through from our research is a sense that businesses feel legislators and regulators didn’t anticipate the major workload that GDPR entails.”
UK regulator the Information Commissioner’s Office (ICO) said it has received over 14,000 breach reports since the GDPR came into force, four-times more than the previous 12-month period.
Although it has consistently argued that GDPR compliance is an ongoing journey, and that it prefers to educate rather than penalize, major fines could be announced soon as the result of several investigations are published.