Construction IT leaders confess: Nearly half of them missed the GDPR deadline

Mark Britton News

Nearly half (47%) of construction firms surveyed are still on the journey to GDPR compliance, with only 3% fully compliant by the deadline, according to survey data shared today by Crimson, a UK IT solutions and recruitment company. The data emerges from the 20th annual CIO Survey, created by Crimson’s parent company Harvey Nash in partnership with KPMG.

The survey polled 3,958 IT leaders across 84 countries and a range of industries. Across all sectors, operational risk and compliance, and data security are the two biggest growth areas of concern for the board. Managing operational risk and compliance was named as a key priority by 38% of IT leaders, an increase of 12% from 2017.

On 25 May 2018, the European Union General Data Protection Regulation (GDPR) came into force, introducing severe penalties for any data breaches affecting EU citizens that result from non-compliance. Fines can be as high as EUR20 million, or 4% of global annual revenue for the previous financial year, whichever is higher.

Yet, construction firms are lagging in their compliance. On average, 38% of firms across all sectors were on track to miss the deadline when the survey was conducted. In construction, 47% reported they would still be on the journey, and 50% expected to be mostly compliant. Only 3% expected to be fully compliant, the lowest of any sector studied, and significantly behind the leaders in telecommunications (29%), technology (27%) and oil and gas (27%).

Construction firms are particularly exposed to the risk of data breaches, with 41% of them saying they have been subject to major IT security or cyber attacks in the last two years, considerably higher than the global average of 33%. Construction and engineering companies consider themselves slightly better prepared than average to identify and deal with cyber attacks. Only 11% of construction companies say they are not well prepared, compared to the global average of 14%, and figures of 22% for education, 20% for oil and gas, and 15% for manufacturing and automotive.

Despite underperforming in GDPR compliance, 54% of IT leaders in the construction sector have seen salary increases, putting them in second place behind the leisure industry (56%), and significantly above the global average of 46%.

Across all sectors, cloud investment continues to grow, with 70% of IT leaders characterising their investment as significant or moderate. By way of contrast, headline-grabbing technologies blockchain and virtual reality are only attracting a similar level of commitment in 10% of companies.

Many organisations struggle to manage customer-focused capabilities. Only 27% said they were very effective at measuring profitability by customer, and just 26% were very effective at creating engaging customer experiences. Half said they were not at all or only slightly effective at achieving a single view of customer interactions across all service channels.

“Having fragmented customer data makes it harder to create consistent and engaging customer experiences, and can make it difficult to meet GDPR compliance requirements,” said Mark Britton, Head of Marketing, Crimson. “Construction companies can see their compliance project as an opportunity to migrate to a single, consistent customer relationship management (CRM) solution. Having a single view of the customer helps to achieve actionable insights, and helps to ensure customers have the smoothest experience in their dealings with you.”

To download the Harvey Nash / KPMG CIO Survey 2018, courtesy of Crimson, please visit