In our July 16th blog post we reported on our survey of 600 US, UK and other EU respondents, advising that the companies cited meeting customer expectations as a more important motivation to becoming GDPR compliant than avoiding fines or lawsuits.
In line with the goal of meeting customer expectations, respondents reported being most compliant with updating policies and procedures (27%) and cookie consent management (25%) and furthest behind with respect to international data transfer mechanisms (16%) and vendor risk management (13%).
The overwhelming majority (87%) of respondents needed 3rd party help with their GDPR projects – the most external help needed was for privacy expertise to understand the regulation (57%) and GDPR technology and tools (55%).
Further, consistent with the finding that the most 3rd party help was needed in order to understand the GDPR, the survey showed that legal teams (at 94%) needed more outside help than IT teams (at 84%):
Given the complexity of the GDPR, it appears that those companies still working on their compliance programs will continue to need 3rd party assistance, but the work will now shift more towards the issues that are less public and customer-facing, such as vendor risk management and international data transfer.