With the EU General Data Protection Regulation (GDPR) being enforced from next year, the vast majority of US multinationals consider preparation for the Regulation a top priority, according to a new survey from PricewaterhouseCoopers’ (PwC) GDPR Series.
92% of respondents said GDPR readiness was one of their top priorities, and over half (54%) said it was their highest priority.
Despite being an EU regulation, the GDPR will reshape data protection practices for many US companies, as it applies to any organization in the world that processes EU residents’ data.
Organizations found to be in breach of the Regulation face fines of up to 4% of their annual global turnover or €20 million (approximately $21.5 million), whichever is greater.
Investing in data protection
With the Regulation’s strong penalties for data breaches, GDPR analyst and consultant Chiara Rustici last year advised businesses “to ring fence 4 percent of 2016 global turnover and earmark it as a budget for 2017 compliance.”
Indeed, the PwC survey indicates that many organizations plan to invest heavily in GDPR preparations. Over three quarters (77%) said they plan to spend at least $1 million to ensure they comply with the Regulation, and 9% plan to spend over $10 million.
Companies have already shown a number of ways that they will be spending that money. When asked how they plan to reduce their GDPR risk exposure, 64% of respondents said they plan to centralize data centers in Europe, and 54% plan to de-identify European data.
Additionally, when asked about which EU cross-border data-transfer mechanism they will pursue, a “stunning” 75% of respondents said they plan to use binding corporate rules (BCR), and 77% plan to self-certify to the EU–US Privacy Shield agreement.
Start preparing now
American companies that deal in Europe should now be well on their way towards preparing for the GDPR. According to PwC, 71% of respondents have started the process and 6% have already completed it.
The typical large US corporation is currently moving through a data-discovery and assessment phase and towards an initiative that includes shoring up standard data-privacy and security capabilities in US operations, PwC says.
If the GDPR affects your organization, IT Governance can help you prepare. We offer a variety of products, including standards and books, staff awareness courses, certified GDPR training, and a gap assessment tool.