Only 20 per cent of companies surveyed believe they are compliant with the General Data Protection Regulation (GDPR), while 53 per cent are in the implementation phase and 27 per cent have not yet started their implementation.

This is according to a survey carried out by Dimensional Research on behalf of TrustArc in June among 600 IT and legal professionals with responsibility for privacy at companies required to meet GDPR compliance, split equally among the US, UK, and European Union.

EU (excluding UK) companies are further along, with 27 per cent reporting they are compliant, versus 12 per cent in the US and 21 per cent in the UK. While many companies have significant work to do, 74 per cent expect to be compliant by the end of 2018 and 93 per cent by the end of 2019.

“While the amount of effort was immense for the deadline of 25 May, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis,” commented Chris Babel, chief executive of TrustArc.

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past 10 months. The number of companies whose GDPR implementation is under way or completed increased from 38 to 66 per cent in the US and from 37 to 73 per cent in the UK.

The research found that the cost of compliance is high, with 27 per cent of companies spending over half a million dollars each to become GDPR compliant, with 31 per cent planning to spend over half a million dollars each on GDPR compliance efforts between June and December 2018.

Despite difficulties in becoming GDPR compliant, 65 per cent view GDPR as having a positive impact on their business, with only 15 per cent viewing the GDPR as having a negative impact.

Meeting customer expectations (57 per cent) was the main driver to become compliant, significantly higher than concern over fines (39 per cent).

Share Story: