How US and UK companies address GDPR data protection requirements

Data privacy is becoming more complex, companies are equally unprepared in both the UK and US to comply with GDPR by the May 2018 deadline, and US companies are investing more in both privacy management and GDPR preparedness.

With only eight months to comply with the GDPR, the most sweeping change to data protection in decades, companies all over the world are determining how to best adjust their internal systems and processes in order to address compliance requirements.

To compare how UK companies are preparing for GDPR versus their US counterparts, Dimensional Research surveyed 203 UK and 204 US professionals responsible for data privacy at companies required to meet GDPR compliance. The UK survey was conducted in August 2017, and the US survey in May 2017, both among companies with more than 500 employees.

Privacy is becoming harder, no matter where businesses are located

Across the board, respondents in both the UK and US report that privacy and data protection is becoming increasingly important, but also increasingly complex:

• The importance of privacy is growing – 96% US; 94% UK
• Privacy management is becoming more complex – 98% US; 93% UK

UK and US companies are equally unprepared for GDPR

Among both UK and US privacy professionals, more than 60% of respondents have not begun their GDPR implementation and 90% need to invest in additional capabilities to comply with the new standard.

• Have not begun GDPR implementation – 61% US; 64% UK
• Require additional investments to comply with GDPR – 98% US; 92% UK
• Investing in technology and tools to automate and operationalize data privacy – 55% US; 57% UK

US companies are investing more in both privacy management and GDPR readiness than their UK counterparts

Overall investment in privacy management is increasing among both US (97%) and UK (90%) professionals. US companies report a higher need to use technology to manage privacy (95%) compared to UK companies (87%).

Similarly, more US than UK companies expect to invest significant amounts of money to comply with GDPR.

• 83% of US companies expect GDPR spending to be at least $100,000, whereas only 69% of UK companies expect to spend the same amount (74,000 GBP).
• 23% of large US companies (over 5,000 employees) expect to spend more than $1M (740,000 GBP) as compared to 19% of large UK companies expecting to spend over 740,000 GBP.