Only 20% of companies believe they're actually GDPR compliant

New research from TrustArc revealed that, though companies are prioritizing GDPR compliance, some 53% are still in the implementation phase.

Advice for companies that haven't yet complied with GDPR Interxion's Patrick Lastennet shares essential tips for SMBs that have not yet complied with the EU's new data protection regulation.

Following the EU's May 25 deadline, Dimensional Research conducted a survey, sponsored by TrustArc, one month later that gauged GDPR compliance among companies in the US, UK, and EU.

According to a press release on the report, only 20% of companies said they believed their company was currently compliant, even though the deadline for compliance has long since passed.. Some 27% reported that they had not even begun the process yet. However, 53% of companies reported that they were currently in the implementation phase for GDPR compliance.

SEE: Getting ready for GDPR: An IT leader's guide (Tech Pro Research)

The report found that EU companies are slightly ahead of their US and UK counterparts, with 27% compliance compared to 12% in the US and 21% in the UK.

Though some companies have a long way to go, the report found that the number of companies that have begun or completed GDPR compliance increased from 38% to 66% in the US and 37% to 73% in the UK between the summer of 2017 and now.

The timeline for compliance varies. The report found that 74% of companies plan to be compliant by the end of 2018, and 93% reported that they expected to be compliant by the end of 2019.

The GDPR implementation process is a costly one. According to the report, 27% of companies spent over a half million dollars to become GDPR compliant. Some 25% of US companies spent over $1 million each on compliance, whereas only 10% of UK companies and 7% of EU companies spent this same amount. Roughly 31% of companies plan to spend over half a million dollars on compliance for the remainder of 2018.

Additionally, the report found that customer satisfaction was the main driver for companies to become compliant (57%), not fines (39%). The complexity of GDPR posed the biggest challenge for companies.

Although achieving GDPR compliance is a challenge, the report found that 65% of respondents believed it would have a positive impact on their businesses. Only 15% saw the change as negative.

The big takeaways for tech leaders:

  • GDPR compliance doesn't happen overnight. Only 20% of companies believe they meet GDPR standards despite the deadline passing some time ago.
  • Despite challenges in implementing GDPR, 65% of respondents believe it is a positive change for their businesses.

Also see

Image: iStock/Photoschmidt