Companies prepared to spend
$1 million+ on GDPR readiness

GDPR compliance becomes “Top Priority” in 2017

In a recent survey, nearly all of the respondents (92%) considered compliance with Europe’s landmark General Data Protection Regulation, or GDPR, a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities.

The GDPR Preparedness Pulse Survey released today by PwC examines US GDPR preparedness and why US companies are willing to spend $1 million or more on GDPR readiness plans.

“No legislation rivals the potential global impact of the EU’s General Data Protection Regulation, going into effect in April 2018. The new law will usher in cascading privacy demands that will require a renewed focus on data privacy for US companies that offer goods and services to EU citizens,” said Jay Cline, PwC’s US Privacy Leader. “Businesses that do not comply with GDPR face a potential 4% fine of global revenues, increasing the need to successfully navigate how to plan for and implement the necessary changes.”

While many organisations have already begun this process with a range of compliance efforts, many are still in the assessment phase. But despite their status in preparing to comply with the new regulations, most US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts — with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.

Data Discovery

Survey results also found that information security enhancement is a top GDPR initiative. While much of the discussion has focused on the law’s privacy-centric requirements, information security obligations figure prominently in GDPR plans of US companies. Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.

Companies have already exhibited a variety of ways to comply with GDPR. Among those surveyed, Privacy Shield (77%) and binding corporate rules (75%) are more popular approaches for EU cross-border compliance than model contracts (58%). Additionally, centralising data centres in Europe (64%) and de-identifying European data (54%) are the most common ways that companies are reducing their GDPR risk exposure.

“American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers,” said Cline. “As European regulators in 2017 further clarify how they interpret GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives.”

You can view the findings of the full GDPR Preparedness Pulse Survey here.