17% of marketing and advertising agencies would go under if hit with a GDPR fine
Almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation.
GDPR - marketing firms at risk of closure
The General Data Protection Regulation (GDPR) comes into force in less than one year and covers everything from a consumer’s ‘right to be forgotten’ to data breach notification and accountability. At the heart of the reform in how companies must handle customer data is a fine, standing at €20m or 4% of an company's global revenue, if they are found to be falling foul.
But, in a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn't be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days.
This will not fill client-side marketers with confidence. As The Drum recently reported, many brand marketers are themselves struggling to get to grips with the new legislation and what it means for their business.
Beyond that, they also have to ensure than any supplier they work with – such as marketing or advertising agencies – are also compliant. However, as it stands only 34% of advertising firms actually aware of the new GDPR directive.
If they were to be subject to a fine,17% would find that the maximum penalty would force them out of business.
“These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that a large number of marketing and advertising firms will not be compliant in time,” Joanne Bone, partner and data protection expert at Irwin Mitchell said.
“Contrary to popular belief personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws.”