New comparative U.K. and U.S. research uncovers differences, challenges and investments to address GDPR data protection requirements
San Francisco, CA (September 28, 2017) — TrustArc, the data privacy management company, today announced results from a survey conducted by Dimensional Research that gauges how prepared UK businesses are to comply with the EU’s General Data Protection Regulation (GDPR) compared to earlier research examining U.S.-based companies’ preparation. Key findings from the research demonstrate that data privacy is becoming more complex, companies are equally unprepared in both the U.K. and U.S. to comply with GDPR by the May 2018 deadline, and U.S. companies are investing more in both privacy management and GDPR preparedness.
“The findings from both the U.S. and U.K. surveys are in line with what we’re hearing from our clients about the increased complexity of privacy management and the critical role of technology investments for complying with GDPR and for establishing an accountability program that is easy to implement and manage,” said Chris Babel, CEO of TrustArc. “Regardless of their location, companies are under extreme pressure to efficiently comply with the growing number of regulations like GDPR and as a trusted partner, we are committed to empowering privacy professionals with the resources they need.”
With only eight months to comply with the GDPR, the most sweeping change to data protection in decades, companies all over the world are determining how to best adjust their internal systems and processes in order to address compliance requirements. To compare how U.K. companies are preparing for GDPR versus their U.S. counterparts, TrustArc together with Dimensional Research surveyed 203 U.K. and 204 U.S. professionals responsible for data privacy at companies required to meet GDPR compliance. The U.K. survey was conducted in August 2017, and the U.S. survey in May 2017, both among companies with more than 500 employees.
Key findings from the two research surveys include:
- Privacy is becoming harder, no matter where businesses are located
o Across the board, respondents in both the U.K. and U.S. report that privacy and data protection is becoming increasingly important, but also increasingly complex:
▪ The importance of privacy is growing – 96 percent U.S.; 94 percent U.K.
▪ Privacy management is becoming more complex – 98 percent U.S.; 93 percent U.K.
- U.K. and U.S. companies are equally unprepared for GDPR
o Among both U.K. and U.S. privacy professionals, more than 60 percent of respondents have not begun their GDPR implementation and 90 percent need to invest in additional capabilities to comply with the new standard.
▪ Have not begun GDPR implementation – 61 percent U.S.; 64 percent U.K.
▪ Require additional investments to comply with GDPR – 98 percent U.S.; 92 percent U.K.
▪ Investing in technology and tools to automate and operationalize data privacy – 55 percent U.S.; 57 percent U.K.
- For U.K. companies, Brexit is not derailing their GDPR efforts
o 74 percent of U.K. respondents are not reducing their GDPR budgets due to Brexit.
- U.S. companies are investing more in both privacy management and GDPR readiness than their UK counterparts.
o Overall investment in privacy management is increasing among both U.S. (97 percent) and U.K. (90 percent) professionals. U.S. companies report a higher need to use technology to manage privacy (95 percent) compared to U.K. companies (87 percent).
o Similarly, more U.S. than U.K. companies expect to invest significant amounts of money to comply with GDPR.
▪ 83 percent of U.S. companies expect GDPR spending to be at least $100,000, whereas only 69 percent of U.K. companies expect to spend the same amount (74,000 GBP).
▪ 23 percent of large U.S. companies (over 5,000 employees) expect to spend more than $1M (740,000 GBP) as compared to 19 percent of large U.K. companies expecting to spend over 740,000 GBP.
To download the complete report, please click here.
TrustArc powers privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management. The foundation for our solutions is the TrustArc Privacy Platform which provides a flexible, scalable, and secure way to manage privacy. Our technology platform, fortified through six years of operating experience across a wide range of industries and client use cases, along with our services, leverage deep privacy expertise and proven methodologies which we have continuously enhanced through thousands of client projects over the past two decades. Headquartered in San Francisco, and backed by a global team, we help over 1,000 clients worldwide demonstrate compliance, minimize risk, and build trust. For more information, visit www.trustarc.com.