TrustArc Privacy and GDPR Compliance Research Report– Part 3 of 3

The results of the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs will be shared in a three-part blog post series:

  • To review Part 1, the General Privacy Market Results, click here
  • To review Part 2: GDPR Compliance Results, click here
  • Part 3: Privacy Program Implementation Results

Companies report needing help in a wide range of areas, topped by GDPR planning, international data transfer, compliance reporting, conducting PIAs / DPIAs, and data inventory.

Many GDPR implementation plans begin with conducting a data inventory; however, companies face three common challenges when it comes to data inventory. The three challenges cited most by the privacy professionals surveyed were difficulty to maintain and update privacy programs (57%), lack of appropriate tools and technology (56%), and lack of internal resources (54%).


50% of the respondents preferred dealing with outside vendors that could provide both tools and technology, together with process/legal expertise.


In terms of desired capabilities for third party vendors, the most important in terms of priority ranking were knowledge of the customer’s industry (48%) and years of experience (39%).


To download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.


TrustArc Privacy and GDPR Compliance Research Report– Part 2 of 3


Part 2 of our three part series reviews results from the TrustArc / Dimensional research report on the status of U.S. Privacy and GDPR Compliance Programs.

  • To review Part 1, the General Privacy Market Results, click here
  • Part 3 will include Privacy Program Implementation Results.
  • In Part 2 of this series, we will share the GDPR Compliance Results.

For all companies responding, approximately 40% are still designing their GDPR plan and only about 10% have GDPR plans well underway. Many companies have a significant amount of GDPR implementation ahead of them.


Responding companies have set aside relatively large budgets for GDPR compliance for 2017-2018. For all companies responding, the #1 budget amount cited was between $100,000 to $500,000 (42%), with the #2 budget cited between $500,000 and $1,000,000 (23%). GDPR compliance budgets of over $1 million accounted for 9% of small companies, 19% of mid-size companies and 23% of large companies.


Nearly 1 in 4 large companies plan to spend over $1 million on GDPR compliance.


GDPR investments will go to a wide range of initiatives including consultants, internal hiring, and additional technology and tools.


In Part 3 of this series, we will reveal program implementation results. To read the full results now, download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.


TrustArc Privacy and GDPR Compliance Research Report – Part 1 of 3


This blog series will cover the results of a new privacy survey conducted in May of 2017 as part of the closing session at the TrustArc Privacy Risk Summit, held at the Bespoke Conference Center in San Francisco June 6, 2017. The survey, conducted by Dimensional Research on behalf of TrustArc, focused on the status of U.S. private sector efforts to meet privacy mandates in general and in particular to meet the May 25, 2018 deadline for the EU General Data Privacy Regulation (GDPR).

The results will be shared in a three-part blog post series:

  • Part 1: General Privacy Market Results
  • Part 2: GDPR Compliance Results
  • Part 3: Program Implementation Results

Part 1: General Privacy Market Results

Research Background

The online survey was fielded to 204 privacy professionals at a target group of small (500 to 1,000 employees), mid-size (1,000 to 5,000 employees) and large (over 5,000 employees) companies that were subject to the GDPR, in a varied mix of industries.


98% of respondents felt that the complexity of managing privacy is increasing. 56% felt managing privacy is becoming significantly more complex.


The primary privacy ownership is limited to a few groups. In smaller companies, the legal department primarily handles ownership of privacy issues. In larger companies, compliance tends to increase ownership of privacy.


The majority of companies report the need for technology to manage privacy is increasing, with 51% saying the needs it becoming significantly greater.


Currently, most companies (66%) are using Governance, Risk, and Compliance (GRC) software, but a wide range of other options including specialized privacy software solutions (37%) are also popular.


Privacy budgets are also increasing for 97% of companies, with 47% saying their budgets are becoming significantly larger.


In Part 2 of this series we will reveal the GDPR Compliance results. To read the full results now, download a copy of the TrustArc “Privacy and the EU GDPR” research report, click here.


Just Released: TRUSTe & EDAA Research Report

TRUSTe & EDAA Research Report: European industry self-regulatory programme delivers favourable impression and increased trust.

Recently conducted research shows an icon (edaa) aimed at providing greater transparency and control over online behavioural advertising (OBA), commonly referred to as interest-based advertising, is improving consumer attitudes towards OBA and growing in awareness.

edaa shorter image

The research shows the importance and effectiveness of the industry-led program that empowers consumers to exercise meaningful choice with respect to online behavioural advertising. This consumer-friendly alternative to ad-blockers is helping companies demonstrate their commitment to privacy and supporting the growth of the digital advertising market.

Highlights from the report include:

  • In 14 of the 15 European countries, at least 1 in 4 surveyed said they have clicked on it.
  • Awareness of the Icon with Admarker text increased from last year, on average 6 percentage points to 27%.
  • 44% say they are more favourable towards the concept of OBA when presented with information provided by clicking on the icon and having the opportunity to manage their privacy preferences.
  • More than 1 in 5 in every country surveyed said this makes them trust the brand being advertised more.

The European Advertising Consumer Research Report 2016 delivers a broad view of attitudes and awareness of the European Self-Regulatory Programme for Online Behavioural Advertising across 15 European countries surveyed. The study was conducted by Ipsos MORI, on behalf of TRUSTe and the EDAA from 04 – 20 November 2016 with more than 15,000 participants.