Only 20% of companies have fully completed their GDPR implementations

Get a copy of the upcoming book "Secure Operations Technology"

Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation.

complete gdpr implementation

EU (excluding UK) companies are further along, with 27% reporting they are compliant, versus 12% in the U.S. and 21% in the UK. While many companies have significant work to do, 74% expect to be compliant by the end of 2018 and 93% by the end of 2019.

While many companies still have a long way to go, a comparison to August 2017 research shows significant progress in the past ten months. The number of companies whose GDPR implementation is under way or completed increased from 38% to 66% in the U.S. and from 37% to 73% in the UK.

The cost of compliance is high

  • 27% of companies spent over half a million dollars each to become GDPR compliant
  • 31% of companies plan to spend over half a million dollars each on GDPR compliance efforts between June and December 2018
  • 18% of US companies spent over 1 million dollars each on compliance versus 8% for UK and 8% for EU companies.

Most companies are positive about GDPR

Despite difficulties in becoming GDPR compliant, 65% view GDPR as having a positive impact on their business. Only 15% view the GDPR as having a negative impact on their business

Customer expectations and complexity top GDPR drivers

  • Meeting customer expectations (57%) was the main driver to become compliant, significantly higher than concern for fines (39%)
  • Complexity of GDPR posed the biggest challenge to comply.

GDPR will continue to drive privacy investments

  • 87% indicate that data privacy will become more important at their companies post the GDPR deadline
  • 80% of companies plan to increase their spending on GDPR technology and tools to maintain compliance.