Why many companies underestimate the impact of GDPR


Companies that ignore the General Data Protection Regulation (GDPR) can expect significant fines. However, a Sophos survey shows that many companies do not fully understand exactly what these fines entail. Nearly one in five companies acknowledge that if fined, they would be forced to cease operations.

moet ik voldoen aan de gdpr?

When can I be fined?

On May 25, 2018, GDPR went into effect, with companies that fail to comply with the law facing fines of up to 20 million euros or 4 percent of their total global revenue. However, 54 percent of companies do not have a clear understanding of these fines. Almost one in five companies (17 percent) admit that, in the event of such a fine, they would be forced to close their business. This percentage rises to 54 percent for small businesses with fewer than 50 employees. The impact of fines would not be limited to company closures; 39 percent of IT decision makers indicated that fines would also lead to layoffs within their companies.

Gdpr is unimportant?

Although there is concern, only 25 percent of Benelux companies consider GDPR a major priority. Almost one in five companies in the Benelux (18 percent) do claim to be compliant with the regulations, according to Sophos’ research on the expected impact of the GDPR on companies in the United Kingdom, France and the Benelux.

John Shaw, VP of Product Management at Sophos, emphasizes that GDPR compliance is a lengthy process. He warns that if regulators demonstrate their willingness to impose the maximum fines, unprepared companies will regret it!

Right to be forgotten

Companies across Europe are gradually adapting their operations in line with the GDPR, with 42 percent believing they would get this fully settled by May. Only 42 percent have appointed a data protection officer, significantly less than expected.

Procedures for deleting personal data in the case of a request for “the right to be forgotten” or when someone objects to the processing of his or her data have been established by only 44 percent. Less than half are able to report a data leak within 72 hours of discovery, which is, after all, an essential component of GDPR compliance.

“Our It-Team will take care of it.”

In 70 percent of companies, the IT team or IT security team bears responsibility for GDPR compliance. Remarkably, the survey found that only 4 percent of legal teams and 13 percent of executive or senior management are in charge of implementation. This places considerable pressure on IT teams. Many IT decision makers point to the lack of awareness among key decision makers as the reason why certain protocols have not yet been implemented.

The positive news is that 65 percent of organizations have implemented a data protection policy, and a whopping 98 percent of organizations have, or are in the process of implementing, a formal employee plan.

Brexit and GDPR

Although the United Kingdom has left the European Union, it is still required to fully comply with GDPR. However, research shows that many British companies mistakenly believe that the Brexit means they no longer have to meet this obligation. This misconception could potentially lead to missed deadlines and the imposition of significant fines on these companies.

“GDPR is way too expensive!”

For many companies, GDPR compliance seems costly. We understand that and therefore offer two subscriptions to keep costs manageable while ensuring full GDPR compliance.

Our subscriptions are designed to support businesses of different sizes and needs. The best solution for SMEs!


Meer berichten

cyber security tips

10 Cyber Security Tips for SMEs

Cyber security is critical for SMEs. A cyber attack can have serious consequences, from data loss to financial and reputational damage. Here

de toekomst van GDPR

The Future of Data Protection

Introduction: Since its implementation in 2018, the General Data Protection Regulation (GDPR) has had a significant impact on how organizations worldwide collect,


©DPO Associates Alle rechten voorbehouden. Privacy verklaringCookie verklaring | Algemene voorwaarden