It seems that repeated warnings from the ICO, press hysteria or even the widespread scaremongering over GDPR have not shaken companies into action, with a new report claiming that only a fifth (21%) of UK firms consider themselves compliant with the regulation, nearly two months after it was enforced on May 25.
Meanwhile, EU-based organisations outside the UK, are twice as likely to consider themselves compliant than US firms are, at 27% versus 12%.
So says the research, carried out by security firm TrustArc, which quizzed 600 IT and legal professionals with a role in data protection policy in the UK, US and EU.
Another 27% haven’t actually reached the implementation phase of their compliance strategy. And, while the majority of UK organisations expect to be fully compliant by the end of 2018, a quarter (25%) anticipate not being compliant until 2019 or beyond.
TrustArc chief executive Chris Babel said: “While the amount of effort was immense for the May 25 deadline, there is substantive work yet to complete to achieve initial compliance, as well as monitor and maintain compliance on a repeatable and efficient ongoing basis.”
Even the threat of huge fines has not caused panic, with only 38% of UK organisations saying financial penalties comprised one of the key motivators for investing in compliance.
Instead, the biggest motivators included meeting customer expectations (58%), supporting company values (47%), and meeting partner or third-party expectations (41%) were the main drivers.
More than two-thirds of companies have spent above $100,000 to date on compliance, and 67% expect to continue spending this amount through to the end of the year, investing in internal and external personnel, training, consulting, legal advice, technology and new tools.
Most respondents saw the new data protection laws as having a positive impact on business, compared to 15% claiming GDPR will affect them negatively.
“There is a lot work yet to be done in order for all companies to achieve full GDPR compliance, as well as for them to monitor, maintain and demonstrate ongoing compliance in a repeatable and efficient manner,” Babel added. “The good news is that companies realise that the effort and expense will have a positive effect on their businesses and is well worth the investment.”
World’s biggest tech firms accused of flouting GDPR
Google GDPR shortcomings leaving ad clients exposed
GDPR one month on: Google admits that it’s clueless
Crisis? What crisis? GDPR fuels more potent marketing
‘Firms more worried about World Cup effect than GDPR’
Let battle commence: first GDPR complaints are filed
GDPR zero hour: Now the hard work begins say experts