Global companies still unprepared for GDPR compliance, EY survey finds

Thursday, 1 February 2018

  • Share
  • 78% consider data protection and data privacy compliance a growing concern
  • Yet only 33% of respondents have a plan in place for GDPR 
  • Increasing adoption of advanced FDA technology, including robotics and AI, likely over the next 12 months

Intensifying regulatory pressures are top of mind for business leaders, with 78% of respondents expressing increasing concern about data protection and data privacy compliance. This is according to the third biennial EY Global Forensic Data Analytics Survey, which examined the responses of 745 executives from 19 countries and analysed the legal, compliance and fraud risks global companies face and the use of forensic data analytics (FDA) to manage them.

However, with less than four months to go until the General Data Protection Regulation (GDPR) comes into force on 25 May 2018, only 33% of respondents state that they have a plan in place to comply with the EU legislation. While the average response of those in Europe was more positive, with 60% indicating they have a compliance plan in place, there is still much more work to be done in other markets where significantly fewer companies indicated readiness for GDPR compliance including Africa and the Middle East (27%), the Americas (13%) and Asia-Pacific (12%).  Australia is better than the APAC and Americas average at 18%.

Andrew Gordon, EY Global Fraud Investigation & Dispute Services leader, says:

“The pace of regulatory change continues to accelerate and the introduction of data protection and data privacy laws, such as GDPR, are major compliance challenges for global organisations. But businesses that adopt FDA technologies can achieve significant advantages, benefitting from more effective risk management and increased business transparency across all of their operations.”

Increased adoption of FDA to manage risks 

According to the report, respondents expressed a strong belief in the value of FDA and its benefits for an organisation’s governance program, which is evidenced by a 51% increase in average annual spend per respondent compared with 2016. Companies have significantly developed beyond relying on the basic FDA tools of the last decade, with 14% of respondents stating that they are already using robotic process automation (RPA) to manage legal, compliance and fraud risks, and a further 39% stating they are likely to adopt RPA within the next 12 months, followed by artificial intelligence (AI) at 38%.

The survey found that 42% of businesses believe that data protection and data privacy regulations have a significant impact on the design or use of FDA. The survey further revealed that 13% of respondents indicated that they currently use FDA to achieve GDPR compliance, with more than half (52%) of the respondents indicating that they are currently in the process of analysing exactly which FDA tools they would use to assist them with achieving compliance.

Rob Locke, EY Oceania Managing Partner, Fraud Investigations and Disputes says:

“Australia has been quicker than most to embrace many FDA technologies and techniques. For example,  risk scoring and aggregation and robotic process automation are significantly ahead of global averages.  However, despite the broad range of beneficiaries of FDA, 60% of companies have no dedicated FDA personnel, almost twice the global average.  This is concerning because data analytics and artificial intelligence require human input. Few companies surveyed are confident that they currently have the requisite skill sets needed for better risk detection and mitigation. A lack of organisational maturity regarding the ability to integrate multiple data sources was also cited as a key inhibitor to unlocking the full potential of data analytics.

Investment in people and skills key to unlocking the full potential of FDA

Overall, the report highlights how increased adoption of, and spending on advanced FDA technologies, needs to be matched with greater investment in skilled resources. Of the respondents surveyed, only 13% feel that their organisation has the right technical skills in FDA, and only 12% believe they have the right data analytics/data science skills.

Locke says: “FDA is not just about technology, but about the people who manage that technology and how they use it to manage risks. While it’s encouraging to see that investment in advanced FDA is increasing, companies need to hire the right talent and invest in core skills such as domain knowledge and data analytics in order to achieve deeper business and risk insights and ultimately, better manager risk.”

-ends-

Notes to Editors

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organisation, please visit ey.com.

This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited.

Liability limited by a scheme approved under Professional Standards Legislation.

About EY’s Fraud Investigation & Dispute Services

Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter the size or industry sector. With approximately 4,500 fraud investigation and dispute professionals around the world, EY provides the analytical and technical skills needed to quickly and effectively conduct financial and other investigations, and gather and analyse electronic evidence. Working closely with you and your legal advisors, we will assemble the right multidisciplinary and culturally aligned team, and bring an objective approach and fresh perspective to challenging situations, wherever you are in the world. And because we understand that you require a tailored service as much as consistent methodologies, we work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide.