US companies not ready for GDPR

A significant percentage of U.S. companies are uncertain about or unprepared for the European Union’s General Data Protection Regulation (GDPR) that takes effect one month from today, according to a new survey by CompTIA, the world’s leading technology association.

  • 6 years ago Posted in
“Confusion about the regulations remains a significant problem for many companies,” said Todd Thibodeaux, CompTIA president and CEO.

A full 52 percent of 400 U.S. companies surveyed are either still exploring the applicability of GDPR to their business; have determined that GDPR is not a requirement for their business; or are unsure.


Just 13 percent of firms say they are fully compliant with GDPR. Another 23 percent report being mostly compliant, while 12 percent say they are somewhat compliant.


“Only one in four respondents claim to be very familiar with GDPR,” Thibodeaux reported. “Some believe it applies primarily to companies in the EU; others, only to large multinational corporations. Alarmingly, three in ten companies believe GDPR does not go into effect until the end of 2018.”


Nearly two-thirds of firms are unaware of the hefty GDPR fine structure for non-compliance.


“With fines that could potentially reach the greater of 20 million euros or four percent of annual revenue, companies subject to the regulations are running a huge financial risk by failing to put a GDPR plan in place,” Thibodeaux said.

GDPR Preparations

                In preparing for GDPR, 22 percent of firms have developed a compliance plan. A similar percentage (21 percent) have conducted data audits and readiness assessments, including review of existing privacy policies, terms of services and consent protocols.

Despite the time and cost associated with GDPR compliance, most U.S. companies acknowledge receiving secondary benefits from the exercise. Nearly one in three companies see value in conducting an internal data audit; while 29 percent cite the benefits of reviewing and updating their data breach notification plan.

GDPR may have prompted some companies to examine their approach to data governance. Though relatively few companies (12 percent) have dedicated data governance officers or chief data officers that may change. One in four large companies surveyed indicate a strong likelihood to hire a data governance or chief data officer within the next two years.

Doing Business in the EU

The CompTIA survey also finds that U.S. companies are split on whether GDPR will impact their business opportunities in the EU. About one-third of the firms surveyed do not believe GDPR will have an impact on their current or future approach to business in the EU. Another third indicate GDPR may negatively impact their desire to engage in business activities in countries governed by GDPR. The remaining one-third of firms are unsure.

                The CompTIA research brief “The State of GDPR Preparedness in the U.S.” is based on the results of an April 2018 online survey of executives and professionals with some level of data responsibility for their organizations. A total of 400 individuals from small, medium and large companies across every industry sector of the U.S., economy participated in the survey.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...