Survey says top US and UK firms are overshooting GDPR compliance readiness

International law firm Paul Hastings recently conducted a survey on the cost of GDPR readiness. According to the survey, 94% of Financial Times Stock Exchange (FTSE) 350 and 98% of Fortune 500 companies believe they are on target to achieve compliance by the upcoming EU GDPR deadline of May 25, 2018. Either the majority have worked long and hard on GPDR-readiness or they have far overreached projections.

A total of 100 FTSE 350 General Counsel (GCs) and Chief Security Officers (CSOs); and 100 Fortune 500 GCs and CSOs were surveyed. Although confidence is high, each market’s actual movements toward compliance tell a whole other story. Each are taking steps in the right direction, but more than half of the companies – located throughout the UK and US – have not yet taken enough action.

According to the survey, which took place in July 2017:

  • Just 43% (average of the US, 47% and the UK, 39%) of respondents are in the process of appointing an internal GDPR taskforce.
  • Roughly 33% of all respondents are enlisting a third-party to conduct GDPR gap analysis.
  • One in three companies will be employing third-party consultant or counsel to assist with compliance (average of 37% in the US, 33% in the UK).
  • Only 10% of UK entities have GDPR compliance resources allocated.

The GDPR mandates that any business involved in the large-scale monitoring of individual’s data must have either a Data Privacy Officer or additional privacy personnel in place. However, just 29% of UK General Counsel/ Chief Security Officer respondents have this stipulation addressed. Fortune 500 companies are even less prepared, with just 18% fulfilling this requirement.

Additional findings and useful information can be found in the below infographic provided by Paul Hastings:

Partner and global co-chair of the Privacy and Cybersecurity practice at Paul Hastings weighed in on the survey results: “Achieving GDPR compliance is an enormous task – one that in our experience almost inevitably requires dedicated resources and budget. Against that backdrop, the confidence among major corporations revealed in our survey seems mismatched with those same businesses’ reports of their implementation efforts.”

Two other surveys paint a different picture – organizations are unsure and unprepared for the GDPR

Close Brothers, a UK merchant banking group, released Business Barometer – its quarterly survey of more than 900 cross-sector small and medium enterprise (SME) owners, plus senior management in the UK and Republic of Ireland – with findings about GDPR perspectives. Close Brothers is aware of the GDPR’s pervasiveness, at least as far as the UK goes. CEO Neil Davies noted, “GDPR is intended to strengthen and unify data protection for individuals within the EU, but will also affect the UK regardless of Brexit.”

According to the survey, SMEs are having a hard time getting to grips with GDPR compliance, including defining what personal data really means – less than 31% are clear. Furthermore, 48% of SME managers are unsure what the new and extended customer rights are. With regards to customer contact permissions, some SMEs are also in the dark when it comes to the GDPR; however, 58% of respondents are confident the permissions they have in place are adequate.

Other key findings:

  • More than 40% of respondents are unconvinced about their readiness for the May 25 compliance date
  • 44% believe they have the correct process in place to collect data

Cloud security company HyTrust surveyed the financial, manufacturing, technology, healthcare and biotech, government and military, and shipping and transportation industries. Respondents revealed that as little as 22% of US organizations are worried about the GDPR, with no action plan yet in place. Furthermore, 51% of respondents said their organization is either unconcerned or is uninformed of the GDPR’s significance to their business.

EU GDPR compliance date is around the corner – your organization can’t afford to miss it

No matter how far along you are in fulfilling its requirements, beginning May 25, 2018, entities around the globe must comply with the GDPR. If your organization processes the data of European citizens, it is mandatory that you adhere to its regulations. IT Governance, a global leader in the advisory of data protection laws and information security standards, is offering a comprehensive classroom introduction to the GDPR in Boston and New York, as well as Live Online courses accessible from home or the office.

Through this one-day introductory course, you will learn about the regulation’s implications and the legal requirements that impact US organizations. The comprehensive course will bestow you with a GDPR learning foundation and is a prerequisite to IT Governance’s Certified GDPR Practitioner training. Register now for the Certified EU General Data Protection Regulation Foundation (GDPR) Classroom Training Course or for the online course.