New GDPR risk assessment finds that 84 percent of US respondents expect to be ready

With GDPR Day — May 25, 2018 — now less than seven months away, companies are beginning to assess the risks of not complying with the new European Union regulation.

To help focus their thoughts, security/compliance firm TrustArc (formerly TRUSTe) and the International Association of Privacy Professionals (IAPP) surveyed almost 500 privacy professionals in the US and the UK and prepared what it says is the first report to measure perceived GDPR risk, “GDPR Non-Compliance Risks and Mitigation Strategies.” Interestingly — and contrary to some other studies — this research found that 84 percent of US respondents expect to be GDPR-ready no later than May 2.

Interestingly, more of their European counterparts might be late, since a quarter of EU respondents say their companies won’t be ready by GDPR Day. TrustArc SVP of Marketing and Product Management Dave Deasy told me via email that European companies cite “inadequate budget” as the key reason for possible delays, while US companies point to the regulation’s complexity.

The survey’s questions addressed the perceived risks of not complying with 11 specific compliance risks of GDPR, and what actions are being taken:

The top risk for all respondents: failing to prepare for a data breach notification, with failure to conduct data inventory and mapping coming in a close second. Deasy pointed out that data mapping is not a GDPR requirement per se, but is needed to assess data types, uses and retention.

Among US respondents, the top GDPR risk was not complying with requirements for international data transfers.

The top action to lessen risk, the privacy pros said, is to invest in employee training on data protection and privacy.

The respondents, surveyed in September and October, were chosen from subscribers to the IAPP Daily Dashboard. Those who said they didn’t think GDPR applies to them — many in government, and accounting for about 12 percent — did not complete the survey. The represented companies were distributed among firms of various sizes, from fewer than 100 employees to over 75,000.

About The Author

Barry Levine

Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.