This week marks the five year anniversary of the EU’s General Data Protection Regulation (GDPR), but new data published today by iResearch Services reveals that the regulation has been unsuccessful in preventing data breaches.
The survey, which canvasses the views of 350 business leaders across the UK and US working in financial and professional services, found that 58% of firms have experienced a GDPR-related data breach since the regulation was first introduced.
This could be the result of how GDPR requirements have been communicated to employees. Only a third of firms surveyed (33%) have organised formal training on GDPR. Instead, 28% rely on written policies and procedures, 18% depend on informal discussions and reminders and 6% provide none of those already mentioned.
The data shows that GDPR has brought some benefits to firms. This includes improved data protection practices (33%), increased data privacy awareness amongst employees (27%), and improved customer trust in their organisation (15%). However these benefits have not come without a cost – 20% say that GDPR has increased their organisation’s compliance costs.
Looking ahead, firms want to see more rules put into place to protect consumer data. More than half of those surveyed (54%) would like to see stricter data protection requirements, and more than a third (33%) would like to see increased penalties for non-compliance.
Yogesh Shah, CEO of iResearch Services, comments: “While meeting data regulations such as GDPR requires an upfront financial investment, the news this week surrounding Meta highlights how the cost of non-compliance can far outweigh this. Data breaches can also have a damaging long term effect on a firm’s brand and reputation, and so it is positive to see that firms are welcoming stricter regulations to reduce their likelihood of experiencing a data breach of their own.”