Study: Only 20% of companies believe to be GDPR compliant

Only 20% of companies surveyed, in the US and EU, believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation. EU (excluding UK) companies are further along, with 27% reporting they are compliant, versus 12% in the U.S. and 21% in the UK. While many companies have significant work to do, 74% expect to be compliant by the end of 2018 and 93% by the end of 2019.

There are findings from a survey, conducted by Dimensional Research, announced by TrustArc, that assesses the status of GDPR compliance among U.S., UK and EU (excluding UK) companies one month following the May 25 deadline.

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past ten months. The number of companies whose GDPR implementation is under way or completed increased from 38% to 66% in the U.S. and from 37% to 73% in the UK.

27% of companies spent over half a million dollars each to become GDPR compliant. 31% of companies plan to spend over half a million dollars each on GDPR compliance efforts between June and December 2018. 18% of US companies spent over 1 million dollars each on compliance versus 8% for UK and 8% for EU companies.

Despite difficulties in becoming GDPR compliant, 65% view GDPR as having a positive impact on their business. Only 15% view the GDPR as having a negative impact on their business.

Meeting customer expectations (57%) was the main driver to become compliant, significantly higher than concern for fines (39%). Complexity of GDPR posed the biggest challenge to comply.

87% indicate that data privacy will become more important at their companies post the GDPR deadline. 80% of companies plan to increase their spending on GDPR technology and tools to maintain compliance.