Most European organisations not ready for GDPR

Reading Time: 2 minutes

A new PAC/CXP Group study finds that only 19 per cent of European organisations are ready for the full roll-out of the General Data Protection Regulation (GDPR). The report “Moving beyond the GDPR” is based on briefings with more than 200 senior business and IT executives at medium-sized and large companies operating across manufacturing, services and the public sector in Europe.

The interviews were taken only three months before the deadline, yet 60 per cent of respondents were confident they would still do enough to consider themselves ready.

According to the survey results, the UK is pitching itself as the most GDPR-ready European country, with 67 per cent of UK respondents saying they are ready. Surprisingly, the traditionally data-sensitive German, Austrian and Swiss region (DACH) is the least ready at 54 percent.

GDPR maturity

Fig. 1: Which of the following options best describes the current maturity of your GDPR programme?

Data integration and management

Organisations are looking to use the onset of the regulation to make better use of data in the 57 per cent that are looking to invest in data integration tools. A further 49 per cent are looking at data quality through better data management and reporting tools.

Data Protection Officers thin on the ground       

Study findings show that only 5 per cent of European organisations are making the Data Protection Officer a new hire, with 26 per cent either relying on existing personnel or extending the responsibilities of their existing privacy officers to support GDPR. Some 28 per cent are simply handing the responsibility to the head of IT or CIO.


The PAC survey provides insights that GDPR will achieve its fundamental aim of protecting personal data from abuses by organisations. A significant 85 per cent of respondents feel GDPR compliance would improve personal data classification and protection, and 63 per cent think it would improve detection of breaches.

Paul Fisher, research director at PAC, said: “The results for our research conducted so close to the introduction of GDPR give the best indication yet of GDPR readiness across Europe and how organisations will adapt beyond the deadline. Despite Brexit, results show UK organisations to be taking the regulation very seriously, showing their commitment to data privacy and the changing data environment.”

This article was originally published by