Trust Arc Survey: “20% of companies report GDPR compliance post-25 May deadline”

TrustArc, the data privacy management company, has announced the results of a comprehensive survey conducted by Dimensional Research that gauges the status of General Data Protection Regulation (GDPR) compliance among UK, US and EU (excluding UK) companies one month after the European Union’s 25 May deadline.

Key findings from the research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet begun their implementation.

EU (excluding UK) companies are further along the road, with 27% reporting they are compliant versus 12% in the US and 21% in the UK. While many companies have significant work to do, 74% expect to be compliant by the end of 2018 and 93% by the end of 2019.

“At TrustArc, we’ve been working with companies of all sizes globally such that they can become GDPR compliant by helping them to understand the requirements and deploy technology solutions aimed at supporting their compliance and risk management objectives,” said Chris Babel, CEO of TrustArc. “While the amount of effort was immense for the deadline of 25 May, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis.”

While many companies still have a long way to go, a comparison with August 2017 research shows significant progress being made in the past ten months. The number of companies whose GDPR implementation is under way or completed has increased from 38% to 66% in the US and from 37% to 73% in the UK.

Cost of compliance is high

Some 27% of companies have spent over $500,000 each to become GDPR compliant, while 31% of companies each plan to spend over that amount on GDPR compliance efforts between June and December this year. 18% of US companies spent over $1 million dollars each on compliance versus 8% for UK and 8% for EU companies.

Despite difficulties in becoming GDPR compliant, 65% view the EU’s GDPR as having a positive impact on their business. Only 15% view the GDPR as having a negative impact.

Meeting customer expectations (57%) appears to be the main driver for becoming compliant with the EU’s new GDPR, which is significantly higher than concern over fines (39%). The complexity of the GDPR poses the biggest challenge in terms of compliance.

87% of respondents have indicated that data privacy is now more important post-GDPR deadline, with 80% of companies planning to increase their spending on GDPR technology and tools to maintain compliance.

*The study was conducted online between 4 and 15 June and involved 600 IT and legal professionals with responsibility for privacy at companies required to meet the GDPR compliance, split equally among the UK, the US and the EU. Privacy was either the entire job or represented more than 25% of the job for each respondent. Although all key industry sectors were represented among the respondents, the four top industries represented were technology, financial services and insurance, manufacturing and retail.

**Download the report at:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts