20% of Companies Report Being GDPR Compliant Post May 25 Deadline

New research on GDPR compliance status, budgets and plans reveals majority of companies still working to achieve compliance


San Francisco, July 12, 2018TrustArc, the leading data privacy management company, today announced results from a survey conducted by Dimensional Research that gauges the status of GDPR compliance among U.S., UK and EU (excluding UK) companies one month following the May 25 deadline.

Key findings from the research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation. EU (excluding UK) companies are further along, with 27% reporting they are compliant, versus 12% in the U.S. and 21% in the UK. While many companies have significant work to do, 74% expect to be compliant by the end of 2018 and 93% by the end of 2019.

“At TrustArc, we worked with companies of all sizes globally to become GDPR compliant by helping them understand the requirements and deploy technology solutions to support their compliance and risk management objectives,” said Chris Babel, CEO of TrustArc. “While the amount of effort was immense for the deadline of May 25, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis.”

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past ten months. The number of companies whose GDPR implementation is under way or completed increased from 38% to 66% in the U.S. and from 37% to 73% in the UK.

Additional findings include:

The cost of compliance is high

  • 27% of companies spent over half a million dollars each to become GDPR compliant
  • 31% of companies plan to spend over half a million dollars each on GDPR compliance efforts between June and December 2018
  • 25% of US companies spent over 1 million dollars each on compliance versus 10% for UK and 7% for EU companies

Most companies are positive about GDPR

  • Despite difficulties in becoming GDPR compliant, 65% view GDPR as having a positive impact on their business. Only 15% view the GDPR as having a negative impact on their business

Customer expectations and complexity top GDPR drivers

  • Meeting customer expectations (57%) was the main driver to become compliant, significantly higher than concern for fines (39%)
  • Complexity of GDPR posed the biggest challenge to comply

GDPR will continue to drive privacy investments

  • 87% indicate that data privacy will become more important at their companies post the GDPR deadline
  • 80% of companies plan to increase their spending on GDPR technology and tools to maintain compliance

To download the complete findings, please visit: trustarc.com/gdpr-research

About the Research

The survey was fielded online from June 4th to 15th, 2018 to 600 IT and legal professionals with responsibility for privacy at companies required to meet GDPR compliance, split equally among the US, UK, and EU. Privacy either was the entire job or represented more than 25% of the job for the respondents. Although all key industry sectors were represented among the respondents, the four top industries represented were technology, financial services and insurance, manufacturing and retail.

About TrustArc

TrustArc is the leader in data privacy compliance and risk management solutions through its unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions that together address all phases of privacy program management. The TrustArc Privacy Platform is the foundation for all of its solutions, delivering a flexible, scalable and secure way to manage privacy and comply with the global privacy regulations, including the EU’s General Data Protection Regulation (GDPR). Refined over seven years of operating experience across a wide range of industries and client use cases, the TrustArc Privacy Platform is fortified by its in-depth services that leverage deep privacy expertise and proven methodologies that it has continuously enhanced over two decades and thousands of client projects. Headquartered in San Francisco, and backed by a global team, TrustArc helps over 1,000 clients worldwide demonstrate compliance, minimize risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn.

For media inquiries, please contact:

pr@trustarc.com