A TrustArc study of UK and US based organizations with at least 500 employees found that most haven’t started their GDPR implementations yet.
With only eight months to comply with the GDPR, companies all over the world are determining how best to adjust their internal systems and processes in order to address the new compliance requirements. On September 28, 2017, TrustArc announced results from surveys conducted by Dimensional Research that gauges how prepared US and UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR). The US & UK surveys, completed in August of 2017, included responses from 203 UK and 204 US professionals responsible for data privacy at companies of at least 500 employees, all of which are required to meet GDPR compliance.
US and UK privacy professionals were asked where they needed the most help complying with data privacy requirements. For US respondents, developing a GDPR plan topped the list at 39%, followed by addressing international data transfers at 36% and meeting regulatory reporting requirements at 30%.
For UK respondents, developing a GDPR plan topped the list at 27%, followed by conducting privacy risk assessments (PIAs and DPIAs) at 26% and addressing international data transfers at 24%.
A majority of both US and UK respondents haven’t yet begun implementing their GDPR plan (61% for US and 64% for UK).
98% of all of the US respondents and 92% of all UK respondents reported that they will invest in resources such as technology, consultants and new hires to help prepare for next year’s May deadline.
Approximately one-half of the respondents indicated a need for technology and tools to automate and operationalize data privacy (48% for US and 50% for UK).
However, with respect to GDPR plan spending, the US respondents expect to spend more than their UK counterparts. 83% of US respondents and 69% of UK respondents expect GDPR spending to be at least $100,000 (74,000 GBP). 40% of US respondents and 25% of UK respondents plan to spend at least $500,000 (370,000 GBP). 17% of US respondents and 6% of UK respondents expect to incur costs of over $1 million (740,000 GBP). Note that due to rounding, some figures in the charts may not total 100%, while in other charts, the figures were adjusted so that they totaled 100%.
The full GDPR Research Report contains a wealth of additional information and can be downloaded here.