Companies are behind on GDPR compliance according to survey

Many companies are behind schedule to achieve Global Data Protection Regulation (GDPR) compliance according to a recent survey.

A survey sponsored by international law firm McDermott Will & Emery, and carried out by the Ponemon Institute, show that 40% of companies expect to achieve compliance with the regulation after the deadline.

They study surveyed companies across the US and Europe on their understanding of the impact of GDPR and their readiness for it. It found that 60% of respondents say GDPR will ‘significantly change’ their organisations’ workflows regarding the collection, use and protection of personal information.

However, 71% claimed that lack of compliance could have a detrimental impact on their companies’ ability to conduct business globally.

The difficulty in preparing for data breach notification is the most difficult obligation according to 83% of respondents, with 68% saying that inability to comply with the notification requirement poses the greatest risk to their companies.

“Compliance is more than just updating your privacy policy, and so it is heartening to see so much wholesale change to workflows and an appreciation that business-as-usual processing will change after May 25,” said Ashley Winton, McDermott London partner and Chairman of the Data Protection Forum. “However, it is particularly interesting to see which sectors are making the most effort to get into compliance, as it is not just consumer or retail facing companies. With markedly disparate levels of compliance expected by May 25, it will be interesting to see what the regulators response will be.”

The survey also shows that the average annual budget for compliance is $13m, a figure which one in three companies expects to review annually. It also reports that 22% believe that a budget allocation will continue indefinitely in their organisation due to a need to continue with investment in technologies, governance practices and staffing. Respondents believe that the majority of the budget will be spent on Managed Services (28% of spend), followed by Personnel (19% of spend) and technology (17% of spend).

A recent survey of tech decision makers, compiled by Crowd Research Partners, found that fewer than 40% are confident that their organisations will be compliant with the General Data Protection Regulation (GDPR).

Copyright © 2018 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.