Home | Tech | 50% of US businesses aren't ready for the most significant data privacy change in 20 years

50% of US businesses aren't ready for the most significant data privacy change in 20 years

Font size: Decrease font Enlarge font
Detailed findings
Awareness was the highest amongst financial services companies (58%) and lowest amongst tech companies that are some of the greatest users of data (43%). Companies with mature privacy programs (10-25 privacy employees) had the highest awareness. There was surprisingly no significant difference in awareness between the US and businesses based in the UK, France and Germany.

Of those aware of the GDPR, 73% agreed it was the most important change in data privacy regulation in the last 20 years and two thirds (65%) are starting to prepare even before the final law is agreed:

  • 83% had already allocated budget with 21% allocated $0.5 million or more to address the changes
  • 56% placed this currently 'High' or 'Very High' on their Corporate Risk Register
  • 43% identified a need for technology solutions to meet compliance requirements

Even though this survey was conducted before the European Court of Justice ruling on the validity of the Safe Harbor agreement, there is still a high belief that the new legislation will have teeth with 77% thinking that it will be actively enforced by EU regulators. 82% think it will be a higher enforcement priority than the EU Cookie Directive and 76% agree they will spend more on GDPR compliance than for the EU Cookie Directive.

While the top concerns were the new penalties (42%) and tighter consent requirements (37%), the good news is that around four out of five companies (82%) felt the changes would have a positive impact on consumer data protection.

About the EU General Data Protection Regulation
The European Commission first proposed sweeping changes to EU data protection law in January 2012. After nearly 4 years of debate the proposal has now reached the final stage of negotiations between the European Commission, the European Parliament and the Council of Ministers and is expected to be agreed by the end of 2015 with a two-year implementation period. The GDPR will significantly change the landscape of EU privacy and data protection in several key areas, including: substantial new penalties of up to €100 million, or 2-5% of annual worldwide turnover, whichever is greater; increased territorial scope, impacting hundreds of thousands of businesses including many outside the EU; tighter requirements for obtaining valid consent to the processing of personal data; new restrictions on profiling and targeted advertising; new data breach reporting obligations; direct legal compliance obligations for "data processors;" and extended data protection rights for individuals, including the "right to be forgotten".


« 1 2
Join PRESIDENT&CEO on LinkedIn

Subscribe to comments feed Comments (0 posted)

total: | displaying:

Post your comment

  • Bold
  • Italic
  • Underline
  • Quote

Please enter the code you see in the image: