A number of US companies are uncertain about or unprepared for the European Union’s General Data Protection Regulation (GDPR).
According to a new survey by technology association CompTIA, 52% of 400 U.S. companies surveyed are either still exploring the applicability of GDPR to their business; have determined that GDPR is not a requirement for their business; or are unsure.
The CompTIA research brief “The State of GDPR Preparedness in the U.S.” is based on the results of an April 2018 online survey of executives and professionals with some level of data responsibility for their organisations. A total of 400 individuals from small, medium and large companies across every industry sector of the U.S., economy participated in the survey.
Its survey found that just 13% of firms say they are fully compliant with GDPR, with 23% being mostly compliant, and 12% are somewhat compliant.
“Confusion about the regulations remains a significant problem for many companies,” said Todd Thibodeaux, CompTIA president and CEO. “Only one in four respondents claim to be very familiar with GDPR,” Thibodeaux reported. “Some believe it applies primarily to companies in the EU; others, only to large multinational corporations. Alarmingly, three in ten companies believe GDPR does not go into effect until the end of 2018.”
The GDPR, which is implemented next month, gives EU resident’s privacy rights that give them greater control over how companies handle their personal data. It also effects any organisation that is storing or processing data on EU residents, even if the organisation isn’t in the EU. Failure to comply could result in fines of €20m or 4% of annual revenue.
CompTIA’s survey showed that nearly two-thirds of firms are unaware of the hefty GDPR fine structure for non-compliance.
With companies subject to the regulations running a huge financial risk by failing to put a GDPR plan in place, just 22% of firms have developed a compliance plan, while 21% have conducted data audits and readiness assessments. Nearly one in three companies see value in conducting an internal data audit; while 29% cite the benefits of reviewing and updating their data breach notification plan.
Although GDPR may have prompted some companies to examine their approach to data governance, just 12% have dedicated data governance officers or chief data officers. However, one in four large companies surveyed indicate a strong likelihood to hire a data governance or chief data officer within the next two years.
The regulation will effect any US businesses which processes data in EU, however; about one-third of the firms surveyed do not believe GDPR will have an impact on their current or future approach to business in the EU. Another third indicate GDPR may negatively impact their desire to engage in business activities in countries governed by GDPR.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst