The May 25, 2018 EU General Data Protection Regulation (GDPR) compliance deadline has passed and the question on everyone’s minds is – how did we do? To help answer that question, TrustArc surveyed 600 IT and legal professionals in the U.S., UK and EU companies one month after the May 25 deadline. For all respondents, privacy represented at least 25% of their job. The participating companies included a mix of small, mid-sized and large companies, from all major industry sectors, including technology, manufacturing, retail and financial services.
In a press release announcing the release of the research report, Chris Babel, CEO of TrustArc, stated that “While the amount of effort was immense for the deadline of May 25, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis”.
Key findings from the research highlight that 20% of companies surveyed believe they now are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation.
EU companies are further along, with 27% reporting they are compliant, versus 12% in the US and 21% in the UK.
While many companies have significant work to do, 74% expect to be compliant by the end of 2018 and 93% by the end of 2019.
GDPR compliance programs have proven to be expensive endeavors. The research shows that 68% of the respondents have spent more than six figures already on GDPR compliance and that 67% expect to spend an additional six figures by the end of 2018.
In a series of subsequent blog posts, we will explore some of the survey findings in more detail, such as what motivated the companies to invest in GDPR compliance more – fear of fines or the desire to meet customer and partner expectations. We also will highlight differences among the US, UK and other EU respondents and between legal and IT respondents. In addition, we will compare the US and UK 2018 results to the US and UK respondent results from our August, 2017 GDPR compliance survey.
For more information on the GDPR Compliance Status Research Report, download the report here or contact us.