80 Percent of Companies Still Not GDPR-Compliant

Several weeks after the deadline for General Data Protection Regulation (GDPR) compliance, the vast majority of companies are either still working on it or have yet to begin the process.

That’s according to the latest research from TrustArc, which surveyed 600 IT and legal professionals responsible for privacy at companies required to meet GDPR compliance in the United States, the United Kingdom and the European Union — one month following the May 25 deadline.

Only one in five (20 percent) companies surveyed believe it is GDPR compliant, while 53 percent are in the implementation phase and 27 percent have not yet started their implementation. EU companies, excluding the U.K., are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K.

While many companies have significant work to do, nearly three in four (74 percent) expect to be compliant by the end of this year and 93 percent by the end of 2019.

“At TrustArc, we worked with companies of all sizes globally to become GDPR-compliant by helping them understand the requirements and deploy technology solutions to support their compliance and risk management objectives,” said Chris Babel, TrustArc’s CEO. “While the amount of effort was immense for the deadline of May 25, there is substantive work yet to complete to achieve initial compliance as well as monitor and maintain compliance on a repeatable and efficient ongoing basis.”

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past 10 months. The number of companies whose GDPR implementation is underway or completed increased from 38 percent to 66 percent in the U.S. and from 37 percent to 73 percent in the U.K.

Additional findings include: