Almost two months after the launch of the General Data Privacy Regulation (GDPR), nearly three-quarters of US and European companies say they will be compliant by year’s end — but only 20 percent believe they are now.
So says “GDPR Compliance Status” (free, registration required), a new report based on a survey of 600 IT and legal professionals (equally distributed between the US, the UK and the EU) released today by San Francisco-based data privacy management firm TrustArc and conducted last month by market research firm Dimension Research.
Fifty-three percent say they are in the process of implementing the regulation, which regulates how companies must handle personal data of European Union (EU) citizens. Many complying companies are applying GDPR practices to all of their customers and visitors.
The survey also found that compliance efforts are “motivated more by a desire to meet customer and partner expectations than by fear of fines or lawsuits.”
Eighty-seven percent of respondents said that “privacy will become even more important at their companies,” with 47 percent expecting it to become “significantly more important.” Half of the respondents do not intend to wait for GDPR certification, but will instead acquire third-party validation, such as the one offered by TrustArc.
The key surprise in this report, TrustArc SVP of Marketing Dave Deasy told me via email, is that “as many as 65 percent of those surveyed view GDPR as having a positive effect on their business,” despite the difficulties in becoming compliant. He noted that “only 15 percent view the GDPR as having a negative impact on their business.”
Compared to similar TrustArc research from August of last year, these stats represent tremendous movement toward GDPR compliance. The earlier report found that only 38 percent of respondents in the US had completed or were in the midst of GDPR compliance, compared to 66 percent now. In the UK, 37 percent were completed or in progress as of last August, versus 73 percent now.