Despite drafting new legislation to stay on par with the GDPR following Brexit, the United Kingdom is lagging behind the United States in investing to comply with the EU’s looming new data protection law. Both countries, though, are equally unprepared for GDPR, new data shows.
A survey commissioned by TrustArc and conducted by Dimensional Research reveals how prepared, or unprepared, UK and US businesses are for the EU’s General Data Protection Regulation (GDPR) to take effect May 2018.
The numbers are in line with similar surveys by Gartner, as well as a study conducted by Bitdefender.
Overall investment in privacy management is increasing. 97% of companies in the US and 90% in the UK reported increased spending in this area with eyes on the future.
US organizations report a greater need to use technology to manage privacy (95%) compared to UK companies (87%), and more US than UK companies expect to invest significant amounts to comply with GDPR, TrustArc reports.
Before adjusting their internal systems and processes to address compliance requirements, companies must determine whether the GDPR affects them.
Dimensional Research surveyed 203 UK and 204 US professionals responsible for data privacy at companies required to meet GDPR compliance. Among the interesting findings (again, some right on par with other surveys), are:
- Privacy and data protection are becoming increasingly important, yet ever more complex for both countries
- 96% of US companies and 94% of UK companies agree that the importance of privacy is growing
- 98% in the US and 93% in the UK agree privacy management is becoming more complex
- 60% of respondents from both countries have not begun their GDPR implementation and 90% need to invest in additional capabilities to comply with the new standard, indicating that UK and US companies are equally unprepared for GDPR
- With 8 months to go, a staggering 98% of US and 92% of UK companies require additional investments to comply with GDPR
- 55% of US and 57% of UK companies have yet to invest in technology and tools to automate and operationalize data privacy
- Brexit is not derailing the UK’s GDPR efforts (nor should it, with such hefty fines for noncompliance on the horizon)
- US companies are investing more in privacy management and GDPR readiness than UK companies are
- 83% of US companies expect GDPR spending to be at least $100,000; 69% of UK companies expect to spend the same amount, or 74,000 GBP in British currency.
- 23% of large US companies (5,000+ employees) expect to spend over $1M; only 19% of large UK companies expect to spend the same amount (or 740,000 GBP).
The reason for the stark contrast between investment in the two countries is uncertain. We could pin it on American companies being more educated in GDPR matters, which would be slightly ironical considering the origins of the Regulation.
However, what’s more concerning is that both US businesses and UK organizations have a ways to go to consider themselves GDPR compliant. With only eight months to go and almost all companies requiring additional investments to comply with GDPR, it will be interesting to see who will escape unscathed and who will not.
The EU is ready to deal out fines of up to 4% of annual revenue, or up to 20 million euros, for organizations (including governmental organizations) found noncompliant starting May 2018. What is your company doing to make friends with the EU’s GDPR?