Report: Only 29 Percent Of EU Firms Are GDPR-Compliant


It’s been six months since the General Data Protection became law of the land, at least in the European Union, and yet the majority of companies that must be in compliance with that mandate are woefully unprepared.

A report from IT Governance at the end of last week showed that only 29 percent of firms in the EU have “fully” implemented the GDPR tenets, and the lack of full compliance means that possible penalties loom – to the tune of four percent of a fined firm’s annual top line.

The report surveyed more than 200 firms across a range of industries.  As reported by, as many as 60 percent of the firms that responded said they were “aware” of the fact that they must respond to data subject access requests, but only 29 percent said they had concrete plans in place to address the rules by which they must respond to those requests.  If those requests are not handled per the GDPR rules, complaints can be filed and the hefty aforementioned fines could be in the offing.

In other findings of the IT Governance report, 75 percent of firms said they had conducted at least some parts of a data flow audit, used to gain insight to data risks.  As far as security is concerned, the roughly 61 percent of firms said that they had “basic controls” in place to contend with data breaches, with 50 percent of firms stating that they have plans in place to notify supervisors in the event of such breaches.

“It is discouraging to see so many organizations understanding the GDPR and its applicability to their businesses but failing to comply,” Alan Calder, founder and executive chairman of IT Governance, said in a press release that accompanied news of the report. “May 25 should have been the wakeup call, but it’s not too late to begin your compliance journey. The time is now.”

Elsewhere in Europe, and in company-specific news, regulators in the European Union have looked at Apple Pay in reference to market dominance.  The verdict? No market dominance is evident, but the issue could be revisited again in the wake of any future formal complaints.  That comes as the mobile service has expanded to 10 countries in the EU after its 2014 launch.

The examination came in wake of some outcry over the fact that the tech giant’s iPhones use embedded near field communication chips that select Apple Pay automatically, and to the exclusion of rivals’ payment offerings.

Said European Commissioner for Competition Margrethe Vestager, “when we were looking at it … (at) first glance, we couldn’t see Apple being dominant. That doesn’t exclude in the future that we will have a second look. But when we looked some time ago, we didn’t find … the necessary (evidence) to start a case,” she said. “Obviously, if we had official complaints, we would take that seriously, because the entire payment market is a very important payment market.”  The issue is currently being investigated by the Danish Competition Authority.

Separately, The Financial Times reported that the U.K.’s Financial Conduct Authority has placed in force new rules that are geared toward helping victims of authorized push payment fraud.

Push Payments Fraud in the Crosshairs

In those instances, fraudsters convince victims – through the use of text messages purportedly from banks – to make payments to the bad actors’ accounts.  There have been more than 43,000 documented cases of such fraud in the U.K. in the past year, and the cost has been tallied at more than 236 million pounds.

Now, banks and payment services providers may have to step in and compensate victims of such schemes.  The Financial Times reported that FCA Executive Director of Strategy and Competition Chris Woolard said in a statement that “the FCA takes APP fraud and the harm it causes to consumers very seriously. Now victims of APP fraud can make a complaint to the PSP receiving their payment, and if they’re not satisfied with the outcome, can refer their complaint to the Financial Ombudsman Service.”