Despite the General Data Protection Regulation (GDPR) coming in 16 months ago across Europe, less than a third of companies have achieved GDPR compliance. But for those that do, the effort is worth it.

This is according to research published today by Capgemini Research Institute, which surveyed 1,100 senior executives from companies across the Netherlands, Germany, Norway, Sweden, France, Spain, Italy, India, the UK and the US.

It found that while only 28% of companies had successfully achieved GDPR compliance, 92% of those who were compliant reported having a competitive advantage as a result.

84% of GDPR compliant companies also said their efforts to comply had improved consumer trust, while 79% said it had helped employee morale.

There were also a number of secondary benefits, with 87% seeing IT systems improvements and 91% reporting better cybersecurity. 89% also saw improvements in organisation as a result of complying with GDPR.

GDPR compliance by country

While GDPR compliance remains low across the board, there is a notable variation between countries.

Unexpectedly, companies in the US reported the highest level of compliance, at 35%, closely followed by the UK and Germany, both on 33%.

The worst country was Sweden, where just 18% of companies are GDPR compliant, while Spain and Italy are only marginally better, with both on 21%.

Technology’s role in complying with GDPR

Notably, there was a correlation between the use of technology and greater compliance with the regulation.

84% of compliant companies reported using cloud platforms, while only 73% of non-compliant companies use the technology.

A similar trend was found for data encryption, with 70% of compliant companies versus 55% of non-compliant companies; robotic process automation, with 35% versus 27% and industrialised data retention, with 20% versus 15%.

“This research underscores both the challenges for companies in achieving GDPR compliance, and the exciting opportunities for those that do,” said Zhiwei Jiang, CEO of Insights & Data at Capgemini.

3 Things That Will Change the World Today

“Clearly, many executives were over-ambitious in their expectations last year, and have now realised the extent of investment and organisational change that is required to achieve compliance: from implementing advanced technologies that support data protection to embedding a privacy and data protection mindset among employees.

“However, organisations must recognize the higher-than-expected benefits of being compliant, such as increased customer trust, improved customer satisfaction, strengthened employee morale, better reputation, and positive impact on revenue.”


Read more: Brexit and GDPR: The steps that businesses can take to prepare