PWC has published the results of a new survey that highlight some fascinating developments in the race for US GDPR preparedness. The vast majority of the respondents to the recent “GDPR preparedness pulse survey” considered compliance to the new GDPR regulation as a top priority to their data-privacy and security agenda in 2017. Over half of the respondents to the survey claimed that the issue is “the” top priority and a further 38% said that the matter was “among” their top priorities.
One of the most interesting findings of the survey, however, is that the respondents have made an investment forecast on how much large US corporations are willing to spend on GDPR compliance. Up to $1 million or more was cited as the expected investment to become compliant with the new regulation. Over 70% of the respondents are prepared to invest more than $1 million into their GDPR readiness plans with over 65% of the interviewees saying that they will spend between $1 million to $10 million on GDPR readiness. There is no doubt that some of the largest US corporations that are not compliant this new data regulation are taking this subject very seriously. They are planning to invest heavily in bridging the gap between noncompliance and compliance.
The survey has also revealed some of the tactics that large corporations are using to overcome the new regulation. Among those who responded to the survey, privacy shield (77%) and binding corporate rules (75%) are more popular approaches than model contracts (55%). Also, centralizing data centers in Europe (64%) and de-identifying European data (54%) are the most common ways that companies are reducing their GDPR risk exposure.
PWC’s privacy leader in the US, Jay Cline, commented on the recent findings by stating that the new regulation may also force some US companies to re-evaluate the return on investment of doing business in the EU. These compliance investment forecasts do appear to be significant. However, with a single market of over 500 million consumers in the EU, many of the US corporations that have invested in the EU market over the long term will no doubt aim to maintain their position by understanding and complying with these new data protection rules.