Only 20 percent of global firms say they are compliant with GDPR

Register now

The European Union’s General Data Protection Regulation took effect in May 2018, and yet only 20 percent of organizations surveyed think they are compliant with the new rules.

That is the finding of a recent report by Dimensional Research sponsored by data privacy management company TrustArc. Dimensional surveyed 600 IT and legal professionals online in the U.S., U.K., and E.U. one month following the May 25 deadline for compliance, and found that 53 percent of the organizations are in the implementation phase and 27 percent have not yet started their implementation.

E.U. (excluding U.K.) companies are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K. While many companies have significant work to do, 74 percent expect to be compliant by the end of 2018 and 93 percent by the end of 2019.

While many companies still have a long way to go, a comparison with August 2017 research shows significant progress has been made. The number of companies whose GDPR implementation is underway or completed increased from 38 percent to 66 percent in the U.S. and from 37 percent to 73 percent in the U.K.

The cost of compliance is high, according to the report, with 27 percent of companies spending more than half a million dollars to become GDPR compliant, and 31 percent planning to spend more than half a million dollars on GDPR compliance efforts between June and December 2018.

For reprint and licensing requests for this article, click here.