Americans streets ahead of UK firms with GDPR plans

US-EU-flags 2With GDPR D-Day looming large, it appears the Americans are way ahead of the game when it comes to getting in shape for the new regulation, with a new study claiming that 84% of US companies expect to have their operations up and running by May 25 2018.
According to a joint report from the International Association of Privacy Professionals (IAPP) and technology compliance company TrustArc only 72% of European firms believe they will be ready, although a recent DMA study of UK firms showed just over half (56%) are on track and 4% ahead in their plans to be compliant.
TrustArc and the IAPP surveyed nearly 500 privacy professionals split evenly between the US and EU, asking them to rank perceived risk on a five-point scale, with 1 indicating no risk and 5 showing high risk.
In their overall assessment of their preparedness, the respondents identified the four greatest compliance risks as: the GDPR’s 72-hour breach notification, data inventory and mapping, obtaining user consent, and managing international data transfers.
However, there were differences between the US and European privacy professionals, with the Americans identifying international data transfers as the top compliance risk, while Europeans cited failure to be prepared for a data breach.
And in terms of barriers to compliance, US firms cited the complexity of GDPR requirements as the largest hurdle, while EU firms pointed to a lack of appropriate budget.
Regardless of confidence levels, all respondents agreed that the number one way to mitigate GDPR compliance risk is privacy training, followed by investment in privacy and data protection technology, such as data mapping tools.
TrustArc chief executive Chris Babel said: “Working with our customers, we find that the most effective strategy to achieve compliance is based on building employee expertise and know-how, combined with technology platforms that enable the next-generation processes and routines necessary to efficiently do things like identify and map user data and manage user consent.”

Related stories
Firms finally wake up to GDPR but despair about future
Brace yourselves for the GDPR data ambulance chasers
ICO set to launch dedicated GDPR hotline for SMEs
New industry body to tackle threat to outbound calling
70% of customers plan to demand to see their data
Privacy chief Denham hits out at GDPR scaremongering
Firms face bombardment of data requests under GDPR
Half of all firms still not compliant with 1998 data laws
ICO stands firm on ‘over strict’ GDPR consent guidance
GDPR fears mount over delay to ICO consent guidance
Third-party data crackdown will wreak havoc says DMA
DPN joins calls for more urgency over GDPR guidance