80 Percent of Companies Still Not GDPR-Compliant

Written by Edward Gately
July 13, 2018

Only 20 percent of companies surveyed believe they are GDPR-compliant.

Several weeks after the deadline for General Data Protection Regulation (GDPR) compliance, the vast majority of companies are either still working on it or have yet to begin the process.

That’s according to the latest research from TrustArc, which surveyed 600 IT and legal professionals responsible for privacy at companies required to meet GDPR compliance in the United States, the United Kingdom and the European Union — one month following the May 25 deadline.

Only one in five (20 percent) companies surveyed believe it is GDPR compliant, while 53 percent are in the implementation phase and 27 percent have not yet started their implementation. EU companies, excluding the U.K., are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K.

While many companies have significant work to do, nearly three in four (74 percent) expect to be compliant by the end of this year and 93 percent by the end of 2019.

“At TrustArc, we worked with companies of all sizes globally to become GDPR-compliant by helping them understand the requirements and deploy technology solutions to support their compliance and risk management objectives,” said Chris Babel, TrustArc’s CEO. “While the amount of effort was immense for the deadline of May 25, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis.”

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past 10 months. The number of companies whose GDPR implementation is underway or completed increased from 38 percent to 66 percent in the U.S. and from 37 percent to 73 percent in the U.K.

Additional findings include:

About one in four (27 percent) companies spent more than $500,000 to become GDPR-compliant, while one in three (31 percent) plan to spend that amount on compliance efforts between June and December 2018. Twenty-five percent of U.S. companies spent more than $1 million on compliance vx. 10 percent for U.K. and 7 percent for EU companies.
Despite difficulties in becoming GDPR-compliant, 65 percent view GDPR as having a positive impact on their business, while 15 percent view the regulation as having a negative impact.
Meeting customer expectations (57 percent) was the main driver to become compliant, much higher than concern for fines (39 percent).
Complexity of GDPR posed the biggest challenge to compliance.
The vast majority (87 percent) said data privacy will become more important at their companies post-GDPR deadline, and 80 percent of companies plan to increase their spending on GDPR technology and tools to maintain compliance.