GDPR Compliance Efforts for US and UK Companies Still Low

According to the findings of a survey conducted by Dimensional Research regarding the preparedness of United Kingdom companies in compliance with EU’s General Data Protection Regulation (GDPR), data privacy is becoming progressively intricate for most of the organizations. The levels of unpreparedness for both US and UK firms in complying with the GDPR are high. Since these businesses may be unable to meet the May 2018 deadline, the United States companies have resolved to invest significantly in privacy management and GDPR readiness.

The results from both the UK and US studies confirm the clients’ assertions about the difficulty of privacy management. It also supports the claim that technology investments play a central role in complying with GDPR and establishment of accountability program that is easy to execute and manage. The CEO of TrustArc said that most companies are under immense pressure to conform to the increasing number of regulation requirements.

With barely eight months remaining to the regulation deadline, companies all over the world are formulating strategies that will enable them to adjust their internal structures and processes to comply with the regulations. TrustArc and Dimensional Research sampled 203 UK and 204 US data privacy professionals in a survey to compare the two countries’ preparations for GDPR compliance.

The results from the two studies revealed several keynotes. The study findings showed that regardless of the business entities location, privacy is becoming a significant challenge. According to the UK and US respondents, privacy and data protection is an essential aspect but is proving to be difficult to achieve. The results indicated that 96% of the US and 94% of the UK feel that significance of privacy is on the rise.  98% of the US and 93% of the UK respondents believe that the complexity of privacy governance is increasing.

Regarding preparedness for the GDPR, the study shows that both the UK and the US are unprepared. The research revealed that over 60% of the US and UK professionals are yet to begin GDPR compliance plans. Moreover, 90% of them must make a significant investment in new capabilities to observe the new standard. Specifically, 61% of the US and 64% of the UK professionals have not started implementing GDPR compliance strategy.

Those that need additional investments according to the respondents include 98% of the US and 92% of the UK organizations. Regarding technological investment to ensure automation and operationalization of data privacy, the survey indicated that the US had achieved 55% while the UK has attained 57% of the target. Brexit has not been a hurdle for the United Kingdom firms in their efforts to reach DGPR compliance.

According to the findings, Brexit has not affected people’s GDPR budgets as 74% of the respondents did not reduce their budgets in the UK. The United States has had more investment in privacy governance and GDPR preparedness than the United Kingdom.  Overall, both the United States and the United Kingdom have had increased investment in privacy management. According to the study, 97% and 90% of the respondents from US and UK respectively believe that privacy management has been steadily increasing. The US companies tend to spend more on GDPR compared to the UK based firms. The research showed that while the UK had only 19% of the companies spending over $1M, 23% of the United States firms allocate more than $1M on GDPR budgets.