Study: U.S., UK companies behind in GDPR compliance efforts
Key findings from the research demonstrate that data privacy is becoming more complex.
TrustArc, San Francisco, announced results from a survey conducted by Dimensional Research, Campbell, Calif., that gauges how prepared UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR) compared to earlier research examining U.S.-based companies’ preparation.
Key findings from the research demonstrate that data privacy is becoming more complex. In fact, companies are equally unprepared in both the UK and United States to comply with GDPR by the May deadline, however U.S. companies are investing more in privacy management and GDPR preparedness.
“The findings from both the U.S. and UK surveys are in line with what we’re hearing from our clients about the increased complexity of privacy management and the critical role of technology investments for complying with GDPR and for establishing an accountability program that is easy to implement and manage,” says Chris Babel, chief executive officer of TrustArc. “Regardless of their location, companies are under extreme pressure to efficiently comply with the growing number of regulations like GDPR, and as a trusted partner, we are committed to empowering privacy professionals with the resources they need.”
To compare how UK companies are preparing for GDPR vs. their U.S. counterparts, TrustArc and Dimensional Research surveyed 203 UK and 204 U.S. professionals responsible for data privacy at companies required to meet GDPR compliance. The UK survey was conducted in August 2017, and the U.S. survey in May 2017, both among companies with more than 500 employees.
Key findings from the two research surveys include:
Privacy is becoming harder, no matter where businesses are located.
o Across the board, respondents in both the UK and United States report that privacy and data protection is becoming increasingly important, but also increasingly complex.
▪ The importance of privacy is growing—96% U.S.; 94% UK
▪ Privacy management is becoming more complex—98% U.S.; 93% UK
UK and U.S. companies are equally unprepared for GDPR.
o Among both UK and U.S. privacy professionals, more than 60% of respondents have not begun their GDPR implementation and 90% need to invest in additional capabilities to comply with the new standard.
▪ Have not begun GDPR implementation—61% U.S.; 64% UK
▪ Require additional investments to comply with GDPR—98% U.S.; 92% UK
▪ Still need to invest in technology and tools to automate and operationalize data privacy—55% U.S.; 57% UK
For UK companies, Brexit is not derailing their GDPR efforts.
o 74% of UK respondents are not reducing their GDPR budgets due to Brexit.
U.S. companies are investing more in privacy management and GDPR readiness than their UK counterparts.
o Overall investment in privacy management is increasing among both U.S. (97%) and UK (90%) professionals. U.S. companies report a higher need to use technology to manage privacy (95%) compared to UK companies (87%).
o Similarly, more U.S. than UK companies expect to invest significant amounts of money to comply with GDPR.
▪ 83% of U.S. companies expect GDPR spending to be at least $100,000, whereas only 69% of UK companies expect to spend the same amount (74,000 GBP).
▪ 23% of large U.S. companies (over 5,000 employees) expect to spend more than $1 million (740,000 GBP) as compared to 19% of large UK companies expecting to spend over 740,000 GBP.