Privacy and the EU GDPR

US and UK Companies Lagging in GDPR Compliance Efforts; Brexit Not Derailing UK GDPR Plans

New comparative UK and US research uncovers differences, challenges and investments to address GDPR data protection requirements

 SAN FRANCISCO, September 28, 2017 — TrustArc, the data privacy management company, today announced results from a survey conducted by Dimensional Research that gauges how prepared UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR) compared to earlier research examining US-based companies’ preparation. Key findings from the research demonstrate that data privacy is becoming more complex, companies are equally unprepared in both the UK and US to comply with GDPR by the May 2018 deadline, and US companies are investing more in both privacy management and GDPR preparedness.

“The findings from both the US and UK surveys are in line with what we’re hearing from our clients about the increased complexity of privacy management and the critical role of technology investments for complying with GDPR and for establishing an accountability program that is easy to implement and manage,” said Chris Babel, CEO of TrustArc. “Regardless of their location, companies are under extreme pressure to efficiently comply with the growing number of regulations like GDPR and as a trusted partner, we are committed to empowering privacy professionals with the resources they need.”

With only eight months to comply with the GDPR, the most sweeping change to data protection in decades, companies all over the world are determining how to best adjust their internal systems and processes in order to address compliance requirements. To compare how UK companies are preparing for GDPR versus their US counterparts, TrustArc together with Dimensional Research surveyed 203 UK and 204 US professionals responsible for data privacy at companies required to meet GDPR compliance. The UK survey was conducted in August 2017, and the US survey in May 2017, both among companies with more than 500 employees.

Key findings from the two research surveys include:

Privacy is becoming harder, no matter where businesses are located

Across the board, respondents in both the UK and US report that privacy and data protection is becoming increasingly important, but also increasingly complex:

  • The importance of privacy is growing – 96% US; 94% UK
  • Privacy management is becoming more complex – 98% US; 93% UK

UK and US companies are equally unprepared for GDPR

Among both UK and US privacy professionals, more than 60% of respondents have not begun their GDPR implementation and 90% need to invest in additional capabilities to comply with the new standard.

  • Have not begun GDPR implementation – 61% US; 64% UK
  • Require additional investments to comply with GDPR – 98% US; 92% UK
  • Investing in technology and tools to automate and operationalize data privacy – 55% US; 57% UK

For UK companies, Brexit is not derailing their GDPR efforts

  • 74% of UK respondents are not reducing their GDPR budgets due to Brexit.

US companies are investing more in both privacy management and GDPR readiness than their UK counterparts.

Overall investment in privacy management is increasing among both US (97%) and UK (90%) professionals. US companies report a higher need to use technology to manage privacy (95%) compared to UK companies (87%).

Similarly, more US than UK companies expect to invest significant amounts of money to comply with GDPR.

  • 83% of US companies expect GDPR spending to be at least $100,000, whereas only 69% of UK companies expect to spend the same amount (74,000 GBP).
  • 23% of large US companies (over 5,000 employees) expect to spend more than $1M (740,000 GBP) as compared to 19% of large UK companies expecting to spend over 740,000 GBP.

About TrustArc

TrustArc powers privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management. The foundation for our solutions is the TrustArc Privacy Platform which provides a flexible, scalable, and secure way to manage privacy. Our technology platform, fortified through six years of operating experience across a wide range of industries and client use cases, along with our services, leverage deep privacy expertise and proven methodologies which we have continuously enhanced through thousands of client projects over the past two decades. Headquartered in San Francisco, and backed by a global team, we help over 1,000 clients worldwide demonstrate compliance, minimize risk, and build trust. For more information, visit

Related Post