© 2019 SourceMedia. All rights reserved.

Only 20 percent of global firms say they are compliant with GDPR

The European Union’s General Data Protection Regulation took effect in May 2018, and yet only 20 percent of organizations surveyed think they are compliant with the new rules.

That is the finding of a recent report by Dimensional Research sponsored by data privacy management company TrustArc. Dimensional surveyed 600 IT and legal professionals online in the U.S., U.K., and E.U. one month following the May 25 deadline for compliance, and found that 53 percent of the organizations are in the implementation phase and 27 percent have not yet started their implementation.

E.U. (excluding U.K.) companies are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K. While many companies have significant work to do, 74 percent expect to be compliant by the end of 2018 and 93 percent by the end of 2019.

GDPR.jpg
Cables lead from the back of a switch unit in the server hall of the data storage center at the headquarters of Rostelecom PJSC, the state telecommunications operator, in Moscow, Russia, on Tuesday, Dec. 29, 2015. Netflix Inc. signed agreement with Rostelecom to use its TV service starting in 2016. Photographer: Andrey Rudakov/Bloomberg

While many companies still have a long way to go, a comparison with August 2017 research shows significant progress has been made. The number of companies whose GDPR implementation is underway or completed increased from 38 percent to 66 percent in the U.S. and from 37 percent to 73 percent in the U.K.

The cost of compliance is high, according to the report, with 27 percent of companies spending more than half a million dollars to become GDPR compliant, and 31 percent planning to spend more than half a million dollars on GDPR compliance efforts between June and December 2018.

For reprint and licensing requests for this article, click here.