New GDPR risk assessment finds that 84 percent of US respondents expect to be ready

The TrustArc/IAPP survey looked at perceived risk for non-compliance of 11 GDPR requirements by US and UK firms.

on November 8, 2017 at 4:23 pm | Reading time: 2 minutes
Chat with MarTechBot

GDPR Fqfttr

With GDPR Day — May 25, 2018 — now less than seven months away, companies are beginning to assess the risks of not complying with the new European Union regulation.

To help focus their thoughts, security/compliance firm TrustArc (formerly TRUSTe) and the International Association of Privacy Professionals (IAPP) surveyed almost 500 privacy professionals in the US and the UK and prepared what it says is the first report to measure perceived GDPR risk, “GDPR Non-Compliance Risks and Mitigation Strategies.” Interestingly — and contrary to some other studies — this research found that 84 percent of US respondents expect to be GDPR-ready no later than May 2.

Interestingly, more of their European counterparts might be late, since a quarter of EU respondents say their companies won’t be ready by GDPR Day. TrustArc SVP of Marketing and Product Management Dave Deasy told me via email that European companies cite “inadequate budget” as the key reason for possible delays, while US companies point to the regulation’s complexity.

The survey’s questions addressed the perceived risks of not complying with 11 specific compliance risks of GDPR, and what actions are being taken:

TrustArc IAPP C3l9ok

The top risk for all respondents: failing to prepare for a data breach notification, with failure to conduct data inventory and mapping coming in a close second. Deasy pointed out that data mapping is not a GDPR requirement per se, but is needed to assess data types, uses and retention.

Among US respondents, the top GDPR risk was not complying with requirements for international data transfers.

The top action to lessen risk, the privacy pros said, is to invest in employee training on data protection and privacy.

The respondents, surveyed in September and October, were chosen from subscribers to the IAPP Daily Dashboard. Those who said they didn’t think GDPR applies to them — many in government, and accounting for about 12 percent — did not complete the survey. The represented companies were distributed among firms of various sizes, from fewer than 100 employees to over 75,000.

Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.

Add MarTech to your Google News feed.    Google News

Related stories

New on MarTech

About the author

Barry Levine
Contributor
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related topics

DataMarketing operations (MOps)

Fuel for your marketing strategy.

Topics

Our events

About

Follow us

© 2024 Third Door Media, Inc. All rights reserved.

Third Door Media, Inc. is a publisher and marketing solutions provider incorporated in Delaware, USA, with an address 88 Schoolhouse Road, PO Box 3103, Edgartown, MA 02539. Third Door Media operates business-to-business media properties and produces events. It is the publisher of MarTech.org, the leading marketing technology digital publication.