New GDPR risk assessment finds that 84 percent of US respondents expect to be ready

The TrustArc/IAPP survey looked at perceived risk for non-compliance of 11 GDPR requirements by US and UK firms.

on November 8, 2017 at 4:23 pm | Reading time: 2 minutes
Chat with MarTechBot

GDPR Fqfttr

With GDPR Day — May 25, 2018 — now less than seven months away, companies are beginning to assess the risks of not complying with the new European Union regulation.

To help focus their thoughts, security/compliance firm TrustArc (formerly TRUSTe) and the International Association of Privacy Professionals (IAPP) surveyed almost 500 privacy professionals in the US and the UK and prepared what it says is the first report to measure perceived GDPR risk, “GDPR Non-Compliance Risks and Mitigation Strategies.” Interestingly — and contrary to some other studies — this research found that 84 percent of US respondents expect to be GDPR-ready no later than May 2.

Interestingly, more of their European counterparts might be late, since a quarter of EU respondents say their companies won’t be ready by GDPR Day. TrustArc SVP of Marketing and Product Management Dave Deasy told me via email that European companies cite “inadequate budget” as the key reason for possible delays, while US companies point to the regulation’s complexity.

The survey’s questions addressed the perceived risks of not complying with 11 specific compliance risks of GDPR, and what actions are being taken:

TrustArc IAPP C3l9ok

The top risk for all respondents: failing to prepare for a data breach notification, with failure to conduct data inventory and mapping coming in a close second. Deasy pointed out that data mapping is not a GDPR requirement per se, but is needed to assess data types, uses and retention.

Among US respondents, the top GDPR risk was not complying with requirements for international data transfers.

The top action to lessen risk, the privacy pros said, is to invest in employee training on data protection and privacy.

The respondents, surveyed in September and October, were chosen from subscribers to the IAPP Daily Dashboard. Those who said they didn’t think GDPR applies to them — many in government, and accounting for about 12 percent — did not complete the survey. The represented companies were distributed among firms of various sizes, from fewer than 100 employees to over 75,000.

Contributing authors are invited to create content for MarTech and are chosen for their expertise and contribution to the martech community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.

Add MarTech to your Google News feed.    Google News

Related stories

New on MarTech

About the author

Barry Levine
Contributor
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related topics

Marketing operations (MOps)

Fuel up with free marketing insights.

Topics

Our events

About

Follow us

© 2025 MarTech.org is a Trademark of Semrush Inc.

Third Door Media, Inc. is a business-to-business media company. It is the publisher of MarTech and the producer of the MarTech Conference. Third Door Media offers marketing solutions that help vendors connect with an engaged audience of B2C and B2B marketers. The company headquarters is 800 Boylston Street, Suite 2475, Boston, MA USA 02199.